CVE-2020-3473
Cisco IOS XR Software Authenticated User Privilege Escalation Vulnerability
Severity Score
7.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Track*
*SSVC
Descriptions
A vulnerability in task group assignment for a specific CLI command in Cisco IOS XR Software could allow an authenticated, local CLI shell user to elevate privileges and gain full administrative control of the device. The vulnerability is due to incorrect mapping of a command to task groups within the source code. An attacker could exploit this vulnerability by first authenticating to the local CLI shell on the device and using the CLI command to bypass the task group–based checks. A successful exploit could allow the attacker to elevate privileges and perform actions on the device without authorization checks.
Una vulnerabilidad en la asignación de grupos de tareas para un comando de la CLI específico en Cisco IOS XR Software, podría permitir a un usuario del shell de la CLI local autenticado elevar privilegios y obtener el control administrativo total del dispositivo. La vulnerabilidad es debido a una asignación incorrecta de un comando para grupos de tareas dentro del código fuente. Un atacante podría explotar esta vulnerabilidad si se autentica primero en el shell de la CLI local en el dispositivo y usando el comando de la CLI para omitir las comprobaciones group–based de tareas. Una explotación con éxito podría permitir al atacante elevar los privilegios y llevar a cabo acciones en el dispositivo sin comprobaciones de autorización
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Track*
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2019-12-12 CVE Reserved
- 2020-09-04 CVE Published
- 2023-03-08 EPSS Updated
- 2024-11-13 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-264: Permissions, Privileges, and Access Controls
- CWE-863: Incorrect Authorization
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-LJtNFjeN | 2020-09-09 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Cisco Search vendor "Cisco" | Ios Xr Search vendor "Cisco" for product "Ios Xr" | >= 5.0.0 < 7.0.12 Search vendor "Cisco" for product "Ios Xr" and version " >= 5.0.0 < 7.0.12" | - |
Affected
| in | Cisco Search vendor "Cisco" | 8201 Search vendor "Cisco" for product "8201" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xr Search vendor "Cisco" for product "Ios Xr" | >= 5.0.0 < 7.0.12 Search vendor "Cisco" for product "Ios Xr" and version " >= 5.0.0 < 7.0.12" | - |
Affected
| in | Cisco Search vendor "Cisco" | 8202 Search vendor "Cisco" for product "8202" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xr Search vendor "Cisco" for product "Ios Xr" | >= 5.0.0 < 7.0.12 Search vendor "Cisco" for product "Ios Xr" and version " >= 5.0.0 < 7.0.12" | - |
Affected
| in | Cisco Search vendor "Cisco" | 8808 Search vendor "Cisco" for product "8808" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xr Search vendor "Cisco" for product "Ios Xr" | >= 5.0.0 < 7.0.12 Search vendor "Cisco" for product "Ios Xr" and version " >= 5.0.0 < 7.0.12" | - |
Affected
| in | Cisco Search vendor "Cisco" | 8812 Search vendor "Cisco" for product "8812" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xr Search vendor "Cisco" for product "Ios Xr" | >= 5.0.0 < 7.0.12 Search vendor "Cisco" for product "Ios Xr" and version " >= 5.0.0 < 7.0.12" | - |
Affected
| in | Cisco Search vendor "Cisco" | 8818 Search vendor "Cisco" for product "8818" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xr Search vendor "Cisco" for product "Ios Xr" | >= 7.1.0 < 7.2.1 Search vendor "Cisco" for product "Ios Xr" and version " >= 7.1.0 < 7.2.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | 8201 Search vendor "Cisco" for product "8201" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xr Search vendor "Cisco" for product "Ios Xr" | >= 7.1.0 < 7.2.1 Search vendor "Cisco" for product "Ios Xr" and version " >= 7.1.0 < 7.2.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | 8202 Search vendor "Cisco" for product "8202" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xr Search vendor "Cisco" for product "Ios Xr" | >= 7.1.0 < 7.2.1 Search vendor "Cisco" for product "Ios Xr" and version " >= 7.1.0 < 7.2.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | 8808 Search vendor "Cisco" for product "8808" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xr Search vendor "Cisco" for product "Ios Xr" | >= 7.1.0 < 7.2.1 Search vendor "Cisco" for product "Ios Xr" and version " >= 7.1.0 < 7.2.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | 8812 Search vendor "Cisco" for product "8812" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xr Search vendor "Cisco" for product "Ios Xr" | >= 7.1.0 < 7.2.1 Search vendor "Cisco" for product "Ios Xr" and version " >= 7.1.0 < 7.2.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | 8818 Search vendor "Cisco" for product "8818" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xr Search vendor "Cisco" for product "Ios Xr" | >= 5.0.0 < 6.6.3 Search vendor "Cisco" for product "Ios Xr" and version " >= 5.0.0 < 6.6.3" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ios Xrv 9000 Search vendor "Cisco" for product "Ios Xrv 9000" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xr Search vendor "Cisco" for product "Ios Xr" | >= 5.0.0 < 6.6.3 Search vendor "Cisco" for product "Ios Xr" and version " >= 5.0.0 < 6.6.3" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ncs 540 Search vendor "Cisco" for product "Ncs 540" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xr Search vendor "Cisco" for product "Ios Xr" | >= 5.0.0 < 6.6.3 Search vendor "Cisco" for product "Ios Xr" and version " >= 5.0.0 < 6.6.3" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ncs 5501 Search vendor "Cisco" for product "Ncs 5501" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xr Search vendor "Cisco" for product "Ios Xr" | >= 5.0.0 < 6.6.3 Search vendor "Cisco" for product "Ios Xr" and version " >= 5.0.0 < 6.6.3" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ncs 5501-se Search vendor "Cisco" for product "Ncs 5501-se" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xr Search vendor "Cisco" for product "Ios Xr" | >= 5.0.0 < 6.6.3 Search vendor "Cisco" for product "Ios Xr" and version " >= 5.0.0 < 6.6.3" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ncs 5502 Search vendor "Cisco" for product "Ncs 5502" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xr Search vendor "Cisco" for product "Ios Xr" | >= 5.0.0 < 6.6.3 Search vendor "Cisco" for product "Ios Xr" and version " >= 5.0.0 < 6.6.3" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ncs 5502-se Search vendor "Cisco" for product "Ncs 5502-se" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xr Search vendor "Cisco" for product "Ios Xr" | >= 5.0.0 < 6.6.3 Search vendor "Cisco" for product "Ios Xr" and version " >= 5.0.0 < 6.6.3" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ncs 5508 Search vendor "Cisco" for product "Ncs 5508" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xr Search vendor "Cisco" for product "Ios Xr" | >= 5.0.0 < 6.6.3 Search vendor "Cisco" for product "Ios Xr" and version " >= 5.0.0 < 6.6.3" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ncs 5516 Search vendor "Cisco" for product "Ncs 5516" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xr Search vendor "Cisco" for product "Ios Xr" | >= 5.0.0 < 6.6.3 Search vendor "Cisco" for product "Ios Xr" and version " >= 5.0.0 < 6.6.3" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ncs 560 Search vendor "Cisco" for product "Ncs 560" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xr Search vendor "Cisco" for product "Ios Xr" | >= 5.0.0 < 6.6.3 Search vendor "Cisco" for product "Ios Xr" and version " >= 5.0.0 < 6.6.3" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ncs 6000 Search vendor "Cisco" for product "Ncs 6000" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xr Search vendor "Cisco" for product "Ios Xr" | >= 5.0.0 < 6.6.3 Search vendor "Cisco" for product "Ios Xr" and version " >= 5.0.0 < 6.6.3" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ncs 6008 Search vendor "Cisco" for product "Ncs 6008" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xr Search vendor "Cisco" for product "Ios Xr" | >= 7.0.0 < 7.0.2 Search vendor "Cisco" for product "Ios Xr" and version " >= 7.0.0 < 7.0.2" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ios Xrv 9000 Search vendor "Cisco" for product "Ios Xrv 9000" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xr Search vendor "Cisco" for product "Ios Xr" | >= 7.0.0 < 7.0.2 Search vendor "Cisco" for product "Ios Xr" and version " >= 7.0.0 < 7.0.2" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ncs 540 Search vendor "Cisco" for product "Ncs 540" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xr Search vendor "Cisco" for product "Ios Xr" | >= 7.0.0 < 7.0.2 Search vendor "Cisco" for product "Ios Xr" and version " >= 7.0.0 < 7.0.2" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ncs 5501 Search vendor "Cisco" for product "Ncs 5501" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xr Search vendor "Cisco" for product "Ios Xr" | >= 7.0.0 < 7.0.2 Search vendor "Cisco" for product "Ios Xr" and version " >= 7.0.0 < 7.0.2" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ncs 5501-se Search vendor "Cisco" for product "Ncs 5501-se" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xr Search vendor "Cisco" for product "Ios Xr" | >= 7.0.0 < 7.0.2 Search vendor "Cisco" for product "Ios Xr" and version " >= 7.0.0 < 7.0.2" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ncs 5502 Search vendor "Cisco" for product "Ncs 5502" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xr Search vendor "Cisco" for product "Ios Xr" | >= 7.0.0 < 7.0.2 Search vendor "Cisco" for product "Ios Xr" and version " >= 7.0.0 < 7.0.2" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ncs 5502-se Search vendor "Cisco" for product "Ncs 5502-se" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xr Search vendor "Cisco" for product "Ios Xr" | >= 7.0.0 < 7.0.2 Search vendor "Cisco" for product "Ios Xr" and version " >= 7.0.0 < 7.0.2" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ncs 5508 Search vendor "Cisco" for product "Ncs 5508" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xr Search vendor "Cisco" for product "Ios Xr" | >= 7.0.0 < 7.0.2 Search vendor "Cisco" for product "Ios Xr" and version " >= 7.0.0 < 7.0.2" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ncs 5516 Search vendor "Cisco" for product "Ncs 5516" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xr Search vendor "Cisco" for product "Ios Xr" | >= 7.0.0 < 7.0.2 Search vendor "Cisco" for product "Ios Xr" and version " >= 7.0.0 < 7.0.2" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ncs 560 Search vendor "Cisco" for product "Ncs 560" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xr Search vendor "Cisco" for product "Ios Xr" | >= 7.0.0 < 7.0.2 Search vendor "Cisco" for product "Ios Xr" and version " >= 7.0.0 < 7.0.2" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ncs 6000 Search vendor "Cisco" for product "Ncs 6000" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xr Search vendor "Cisco" for product "Ios Xr" | >= 7.0.0 < 7.0.2 Search vendor "Cisco" for product "Ios Xr" and version " >= 7.0.0 < 7.0.2" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ncs 6008 Search vendor "Cisco" for product "Ncs 6008" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xr Search vendor "Cisco" for product "Ios Xr" | >= 7.1.0 < 7.1.1 Search vendor "Cisco" for product "Ios Xr" and version " >= 7.1.0 < 7.1.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ios Xrv 9000 Search vendor "Cisco" for product "Ios Xrv 9000" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xr Search vendor "Cisco" for product "Ios Xr" | >= 7.1.0 < 7.1.1 Search vendor "Cisco" for product "Ios Xr" and version " >= 7.1.0 < 7.1.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ncs 540 Search vendor "Cisco" for product "Ncs 540" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xr Search vendor "Cisco" for product "Ios Xr" | >= 7.1.0 < 7.1.1 Search vendor "Cisco" for product "Ios Xr" and version " >= 7.1.0 < 7.1.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ncs 5501 Search vendor "Cisco" for product "Ncs 5501" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xr Search vendor "Cisco" for product "Ios Xr" | >= 7.1.0 < 7.1.1 Search vendor "Cisco" for product "Ios Xr" and version " >= 7.1.0 < 7.1.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ncs 5501-se Search vendor "Cisco" for product "Ncs 5501-se" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xr Search vendor "Cisco" for product "Ios Xr" | >= 7.1.0 < 7.1.1 Search vendor "Cisco" for product "Ios Xr" and version " >= 7.1.0 < 7.1.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ncs 5502 Search vendor "Cisco" for product "Ncs 5502" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xr Search vendor "Cisco" for product "Ios Xr" | >= 7.1.0 < 7.1.1 Search vendor "Cisco" for product "Ios Xr" and version " >= 7.1.0 < 7.1.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ncs 5502-se Search vendor "Cisco" for product "Ncs 5502-se" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xr Search vendor "Cisco" for product "Ios Xr" | >= 7.1.0 < 7.1.1 Search vendor "Cisco" for product "Ios Xr" and version " >= 7.1.0 < 7.1.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ncs 5508 Search vendor "Cisco" for product "Ncs 5508" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xr Search vendor "Cisco" for product "Ios Xr" | >= 7.1.0 < 7.1.1 Search vendor "Cisco" for product "Ios Xr" and version " >= 7.1.0 < 7.1.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ncs 5516 Search vendor "Cisco" for product "Ncs 5516" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xr Search vendor "Cisco" for product "Ios Xr" | >= 7.1.0 < 7.1.1 Search vendor "Cisco" for product "Ios Xr" and version " >= 7.1.0 < 7.1.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ncs 560 Search vendor "Cisco" for product "Ncs 560" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xr Search vendor "Cisco" for product "Ios Xr" | >= 7.1.0 < 7.1.1 Search vendor "Cisco" for product "Ios Xr" and version " >= 7.1.0 < 7.1.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ncs 6000 Search vendor "Cisco" for product "Ncs 6000" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xr Search vendor "Cisco" for product "Ios Xr" | >= 7.1.0 < 7.1.1 Search vendor "Cisco" for product "Ios Xr" and version " >= 7.1.0 < 7.1.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ncs 6008 Search vendor "Cisco" for product "Ncs 6008" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xr Search vendor "Cisco" for product "Ios Xr" | >= 5.0.0 < 6.5.29 Search vendor "Cisco" for product "Ios Xr" and version " >= 5.0.0 < 6.5.29" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ncs 4009 Search vendor "Cisco" for product "Ncs 4009" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xr Search vendor "Cisco" for product "Ios Xr" | >= 5.0.0 < 6.5.29 Search vendor "Cisco" for product "Ios Xr" and version " >= 5.0.0 < 6.5.29" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ncs 4016 Search vendor "Cisco" for product "Ncs 4016" | - | - |
Safe
|