CVE-2020-3530 HIGH

CVE-2020-3530: Cisco IOS XR Authenticated User Privilege Escalation Vulnerability

Vendor Cisco

Product Cisco IOS XR Software

Weakness CWE-264

Published September 4, 2020

Last update November 13, 2024

View on NVD All CVEs

CVSS base score

8.4/10

Attack vector Local

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality None

Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H

What the vulnerability does

01Description

A vulnerability in task group assignment for a specific CLI command in Cisco IOS XR Software could allow an authenticated, local attacker to execute that command, even though administrative privileges should be required. The attacker must have valid credentials on the affected device. The vulnerability is due to incorrect mapping in the source code of task group assignments for a specific command. An attacker could exploit this vulnerability by issuing the command, which they should not be authorized to issue, on an affected device. A successful exploit could allow the attacker to invalidate the integrity of the disk and cause the device to restart. This vulnerability could allow a user with read permissions to issue a specific command that should require Administrator privileges.

Key dates

02Disclosure timeline

September 4, 2020 CVE published

November 13, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2020-3530

Related vulnerabilities

CVE-2020-3530: Cisco IOS XR Authenticated User Privilege Escalation Vulnerability

01Description

02Disclosure timeline

03References

04Related CVE