// For flags

CVE-2020-3473

Cisco IOS XR Software Authenticated User Privilege Escalation Vulnerability

Severity Score

7.8
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

Track*
*SSVC
Descriptions

A vulnerability in task group assignment for a specific CLI command in Cisco IOS XR Software could allow an authenticated, local CLI shell user to elevate privileges and gain full administrative control of the device. The vulnerability is due to incorrect mapping of a command to task groups within the source code. An attacker could exploit this vulnerability by first authenticating to the local CLI shell on the device and using the CLI command to bypass the task group–based checks. A successful exploit could allow the attacker to elevate privileges and perform actions on the device without authorization checks.

Una vulnerabilidad en la asignación de grupos de tareas para un comando de la CLI específico en Cisco IOS XR Software, podría permitir a un usuario del shell de la CLI local autenticado elevar privilegios y obtener el control administrativo total del dispositivo. La vulnerabilidad es debido a una asignación incorrecta de un comando para grupos de tareas dentro del código fuente. Un atacante podría explotar esta vulnerabilidad si se autentica primero en el shell de la CLI local en el dispositivo y usando el comando de la CLI para omitir las comprobaciones group–based de tareas. Una explotación con éxito podría permitir al atacante elevar los privilegios y llevar a cabo acciones en el dispositivo sin comprobaciones de autorización

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Local
Attack Complexity
Low
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:Track*
Exploitation
None
Automatable
No
Tech. Impact
Total
* Organization's Worst-case Scenario
Timeline
  • 2019-12-12 CVE Reserved
  • 2020-09-04 CVE Published
  • 2023-03-08 EPSS Updated
  • 2024-11-13 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-264: Permissions, Privileges, and Access Controls
  • CWE-863: Incorrect Authorization
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Cisco
Search vendor "Cisco"
Ios Xr
Search vendor "Cisco" for product "Ios Xr"
>= 5.0.0 < 7.0.12
Search vendor "Cisco" for product "Ios Xr" and version " >= 5.0.0 < 7.0.12"
-
Affected
in Cisco
Search vendor "Cisco"
8201
Search vendor "Cisco" for product "8201"
--
Safe
Cisco
Search vendor "Cisco"
Ios Xr
Search vendor "Cisco" for product "Ios Xr"
>= 5.0.0 < 7.0.12
Search vendor "Cisco" for product "Ios Xr" and version " >= 5.0.0 < 7.0.12"
-
Affected
in Cisco
Search vendor "Cisco"
8202
Search vendor "Cisco" for product "8202"
--
Safe
Cisco
Search vendor "Cisco"
Ios Xr
Search vendor "Cisco" for product "Ios Xr"
>= 5.0.0 < 7.0.12
Search vendor "Cisco" for product "Ios Xr" and version " >= 5.0.0 < 7.0.12"
-
Affected
in Cisco
Search vendor "Cisco"
8808
Search vendor "Cisco" for product "8808"
--
Safe
Cisco
Search vendor "Cisco"
Ios Xr
Search vendor "Cisco" for product "Ios Xr"
>= 5.0.0 < 7.0.12
Search vendor "Cisco" for product "Ios Xr" and version " >= 5.0.0 < 7.0.12"
-
Affected
in Cisco
Search vendor "Cisco"
8812
Search vendor "Cisco" for product "8812"
--
Safe
Cisco
Search vendor "Cisco"
Ios Xr
Search vendor "Cisco" for product "Ios Xr"
>= 5.0.0 < 7.0.12
Search vendor "Cisco" for product "Ios Xr" and version " >= 5.0.0 < 7.0.12"
-
Affected
in Cisco
Search vendor "Cisco"
8818
Search vendor "Cisco" for product "8818"
--
Safe
Cisco
Search vendor "Cisco"
Ios Xr
Search vendor "Cisco" for product "Ios Xr"
>= 7.1.0 < 7.2.1
Search vendor "Cisco" for product "Ios Xr" and version " >= 7.1.0 < 7.2.1"
-
Affected
in Cisco
Search vendor "Cisco"
8201
Search vendor "Cisco" for product "8201"
--
Safe
Cisco
Search vendor "Cisco"
Ios Xr
Search vendor "Cisco" for product "Ios Xr"
>= 7.1.0 < 7.2.1
Search vendor "Cisco" for product "Ios Xr" and version " >= 7.1.0 < 7.2.1"
-
Affected
in Cisco
Search vendor "Cisco"
8202
Search vendor "Cisco" for product "8202"
--
Safe
Cisco
Search vendor "Cisco"
Ios Xr
Search vendor "Cisco" for product "Ios Xr"
>= 7.1.0 < 7.2.1
Search vendor "Cisco" for product "Ios Xr" and version " >= 7.1.0 < 7.2.1"
-
Affected
in Cisco
Search vendor "Cisco"
8808
Search vendor "Cisco" for product "8808"
--
Safe
Cisco
Search vendor "Cisco"
Ios Xr
Search vendor "Cisco" for product "Ios Xr"
>= 7.1.0 < 7.2.1
Search vendor "Cisco" for product "Ios Xr" and version " >= 7.1.0 < 7.2.1"
-
Affected
in Cisco
Search vendor "Cisco"
8812
Search vendor "Cisco" for product "8812"
--
Safe
Cisco
Search vendor "Cisco"
Ios Xr
Search vendor "Cisco" for product "Ios Xr"
>= 7.1.0 < 7.2.1
Search vendor "Cisco" for product "Ios Xr" and version " >= 7.1.0 < 7.2.1"
-
Affected
in Cisco
Search vendor "Cisco"
8818
Search vendor "Cisco" for product "8818"
--
Safe
Cisco
Search vendor "Cisco"
Ios Xr
Search vendor "Cisco" for product "Ios Xr"
>= 5.0.0 < 6.6.3
Search vendor "Cisco" for product "Ios Xr" and version " >= 5.0.0 < 6.6.3"
-
Affected
in Cisco
Search vendor "Cisco"
Ios Xrv 9000
Search vendor "Cisco" for product "Ios Xrv 9000"
--
Safe
Cisco
Search vendor "Cisco"
Ios Xr
Search vendor "Cisco" for product "Ios Xr"
>= 5.0.0 < 6.6.3
Search vendor "Cisco" for product "Ios Xr" and version " >= 5.0.0 < 6.6.3"
-
Affected
in Cisco
Search vendor "Cisco"
Ncs 540
Search vendor "Cisco" for product "Ncs 540"
--
Safe
Cisco
Search vendor "Cisco"
Ios Xr
Search vendor "Cisco" for product "Ios Xr"
>= 5.0.0 < 6.6.3
Search vendor "Cisco" for product "Ios Xr" and version " >= 5.0.0 < 6.6.3"
-
Affected
in Cisco
Search vendor "Cisco"
Ncs 5501
Search vendor "Cisco" for product "Ncs 5501"
--
Safe
Cisco
Search vendor "Cisco"
Ios Xr
Search vendor "Cisco" for product "Ios Xr"
>= 5.0.0 < 6.6.3
Search vendor "Cisco" for product "Ios Xr" and version " >= 5.0.0 < 6.6.3"
-
Affected
in Cisco
Search vendor "Cisco"
Ncs 5501-se
Search vendor "Cisco" for product "Ncs 5501-se"
--
Safe
Cisco
Search vendor "Cisco"
Ios Xr
Search vendor "Cisco" for product "Ios Xr"
>= 5.0.0 < 6.6.3
Search vendor "Cisco" for product "Ios Xr" and version " >= 5.0.0 < 6.6.3"
-
Affected
in Cisco
Search vendor "Cisco"
Ncs 5502
Search vendor "Cisco" for product "Ncs 5502"
--
Safe
Cisco
Search vendor "Cisco"
Ios Xr
Search vendor "Cisco" for product "Ios Xr"
>= 5.0.0 < 6.6.3
Search vendor "Cisco" for product "Ios Xr" and version " >= 5.0.0 < 6.6.3"
-
Affected
in Cisco
Search vendor "Cisco"
Ncs 5502-se
Search vendor "Cisco" for product "Ncs 5502-se"
--
Safe
Cisco
Search vendor "Cisco"
Ios Xr
Search vendor "Cisco" for product "Ios Xr"
>= 5.0.0 < 6.6.3
Search vendor "Cisco" for product "Ios Xr" and version " >= 5.0.0 < 6.6.3"
-
Affected
in Cisco
Search vendor "Cisco"
Ncs 5508
Search vendor "Cisco" for product "Ncs 5508"
--
Safe
Cisco
Search vendor "Cisco"
Ios Xr
Search vendor "Cisco" for product "Ios Xr"
>= 5.0.0 < 6.6.3
Search vendor "Cisco" for product "Ios Xr" and version " >= 5.0.0 < 6.6.3"
-
Affected
in Cisco
Search vendor "Cisco"
Ncs 5516
Search vendor "Cisco" for product "Ncs 5516"
--
Safe
Cisco
Search vendor "Cisco"
Ios Xr
Search vendor "Cisco" for product "Ios Xr"
>= 5.0.0 < 6.6.3
Search vendor "Cisco" for product "Ios Xr" and version " >= 5.0.0 < 6.6.3"
-
Affected
in Cisco
Search vendor "Cisco"
Ncs 560
Search vendor "Cisco" for product "Ncs 560"
--
Safe
Cisco
Search vendor "Cisco"
Ios Xr
Search vendor "Cisco" for product "Ios Xr"
>= 5.0.0 < 6.6.3
Search vendor "Cisco" for product "Ios Xr" and version " >= 5.0.0 < 6.6.3"
-
Affected
in Cisco
Search vendor "Cisco"
Ncs 6000
Search vendor "Cisco" for product "Ncs 6000"
--
Safe
Cisco
Search vendor "Cisco"
Ios Xr
Search vendor "Cisco" for product "Ios Xr"
>= 5.0.0 < 6.6.3
Search vendor "Cisco" for product "Ios Xr" and version " >= 5.0.0 < 6.6.3"
-
Affected
in Cisco
Search vendor "Cisco"
Ncs 6008
Search vendor "Cisco" for product "Ncs 6008"
--
Safe
Cisco
Search vendor "Cisco"
Ios Xr
Search vendor "Cisco" for product "Ios Xr"
>= 7.0.0 < 7.0.2
Search vendor "Cisco" for product "Ios Xr" and version " >= 7.0.0 < 7.0.2"
-
Affected
in Cisco
Search vendor "Cisco"
Ios Xrv 9000
Search vendor "Cisco" for product "Ios Xrv 9000"
--
Safe
Cisco
Search vendor "Cisco"
Ios Xr
Search vendor "Cisco" for product "Ios Xr"
>= 7.0.0 < 7.0.2
Search vendor "Cisco" for product "Ios Xr" and version " >= 7.0.0 < 7.0.2"
-
Affected
in Cisco
Search vendor "Cisco"
Ncs 540
Search vendor "Cisco" for product "Ncs 540"
--
Safe
Cisco
Search vendor "Cisco"
Ios Xr
Search vendor "Cisco" for product "Ios Xr"
>= 7.0.0 < 7.0.2
Search vendor "Cisco" for product "Ios Xr" and version " >= 7.0.0 < 7.0.2"
-
Affected
in Cisco
Search vendor "Cisco"
Ncs 5501
Search vendor "Cisco" for product "Ncs 5501"
--
Safe
Cisco
Search vendor "Cisco"
Ios Xr
Search vendor "Cisco" for product "Ios Xr"
>= 7.0.0 < 7.0.2
Search vendor "Cisco" for product "Ios Xr" and version " >= 7.0.0 < 7.0.2"
-
Affected
in Cisco
Search vendor "Cisco"
Ncs 5501-se
Search vendor "Cisco" for product "Ncs 5501-se"
--
Safe
Cisco
Search vendor "Cisco"
Ios Xr
Search vendor "Cisco" for product "Ios Xr"
>= 7.0.0 < 7.0.2
Search vendor "Cisco" for product "Ios Xr" and version " >= 7.0.0 < 7.0.2"
-
Affected
in Cisco
Search vendor "Cisco"
Ncs 5502
Search vendor "Cisco" for product "Ncs 5502"
--
Safe
Cisco
Search vendor "Cisco"
Ios Xr
Search vendor "Cisco" for product "Ios Xr"
>= 7.0.0 < 7.0.2
Search vendor "Cisco" for product "Ios Xr" and version " >= 7.0.0 < 7.0.2"
-
Affected
in Cisco
Search vendor "Cisco"
Ncs 5502-se
Search vendor "Cisco" for product "Ncs 5502-se"
--
Safe
Cisco
Search vendor "Cisco"
Ios Xr
Search vendor "Cisco" for product "Ios Xr"
>= 7.0.0 < 7.0.2
Search vendor "Cisco" for product "Ios Xr" and version " >= 7.0.0 < 7.0.2"
-
Affected
in Cisco
Search vendor "Cisco"
Ncs 5508
Search vendor "Cisco" for product "Ncs 5508"
--
Safe
Cisco
Search vendor "Cisco"
Ios Xr
Search vendor "Cisco" for product "Ios Xr"
>= 7.0.0 < 7.0.2
Search vendor "Cisco" for product "Ios Xr" and version " >= 7.0.0 < 7.0.2"
-
Affected
in Cisco
Search vendor "Cisco"
Ncs 5516
Search vendor "Cisco" for product "Ncs 5516"
--
Safe
Cisco
Search vendor "Cisco"
Ios Xr
Search vendor "Cisco" for product "Ios Xr"
>= 7.0.0 < 7.0.2
Search vendor "Cisco" for product "Ios Xr" and version " >= 7.0.0 < 7.0.2"
-
Affected
in Cisco
Search vendor "Cisco"
Ncs 560
Search vendor "Cisco" for product "Ncs 560"
--
Safe
Cisco
Search vendor "Cisco"
Ios Xr
Search vendor "Cisco" for product "Ios Xr"
>= 7.0.0 < 7.0.2
Search vendor "Cisco" for product "Ios Xr" and version " >= 7.0.0 < 7.0.2"
-
Affected
in Cisco
Search vendor "Cisco"
Ncs 6000
Search vendor "Cisco" for product "Ncs 6000"
--
Safe
Cisco
Search vendor "Cisco"
Ios Xr
Search vendor "Cisco" for product "Ios Xr"
>= 7.0.0 < 7.0.2
Search vendor "Cisco" for product "Ios Xr" and version " >= 7.0.0 < 7.0.2"
-
Affected
in Cisco
Search vendor "Cisco"
Ncs 6008
Search vendor "Cisco" for product "Ncs 6008"
--
Safe
Cisco
Search vendor "Cisco"
Ios Xr
Search vendor "Cisco" for product "Ios Xr"
>= 7.1.0 < 7.1.1
Search vendor "Cisco" for product "Ios Xr" and version " >= 7.1.0 < 7.1.1"
-
Affected
in Cisco
Search vendor "Cisco"
Ios Xrv 9000
Search vendor "Cisco" for product "Ios Xrv 9000"
--
Safe
Cisco
Search vendor "Cisco"
Ios Xr
Search vendor "Cisco" for product "Ios Xr"
>= 7.1.0 < 7.1.1
Search vendor "Cisco" for product "Ios Xr" and version " >= 7.1.0 < 7.1.1"
-
Affected
in Cisco
Search vendor "Cisco"
Ncs 540
Search vendor "Cisco" for product "Ncs 540"
--
Safe
Cisco
Search vendor "Cisco"
Ios Xr
Search vendor "Cisco" for product "Ios Xr"
>= 7.1.0 < 7.1.1
Search vendor "Cisco" for product "Ios Xr" and version " >= 7.1.0 < 7.1.1"
-
Affected
in Cisco
Search vendor "Cisco"
Ncs 5501
Search vendor "Cisco" for product "Ncs 5501"
--
Safe
Cisco
Search vendor "Cisco"
Ios Xr
Search vendor "Cisco" for product "Ios Xr"
>= 7.1.0 < 7.1.1
Search vendor "Cisco" for product "Ios Xr" and version " >= 7.1.0 < 7.1.1"
-
Affected
in Cisco
Search vendor "Cisco"
Ncs 5501-se
Search vendor "Cisco" for product "Ncs 5501-se"
--
Safe
Cisco
Search vendor "Cisco"
Ios Xr
Search vendor "Cisco" for product "Ios Xr"
>= 7.1.0 < 7.1.1
Search vendor "Cisco" for product "Ios Xr" and version " >= 7.1.0 < 7.1.1"
-
Affected
in Cisco
Search vendor "Cisco"
Ncs 5502
Search vendor "Cisco" for product "Ncs 5502"
--
Safe
Cisco
Search vendor "Cisco"
Ios Xr
Search vendor "Cisco" for product "Ios Xr"
>= 7.1.0 < 7.1.1
Search vendor "Cisco" for product "Ios Xr" and version " >= 7.1.0 < 7.1.1"
-
Affected
in Cisco
Search vendor "Cisco"
Ncs 5502-se
Search vendor "Cisco" for product "Ncs 5502-se"
--
Safe
Cisco
Search vendor "Cisco"
Ios Xr
Search vendor "Cisco" for product "Ios Xr"
>= 7.1.0 < 7.1.1
Search vendor "Cisco" for product "Ios Xr" and version " >= 7.1.0 < 7.1.1"
-
Affected
in Cisco
Search vendor "Cisco"
Ncs 5508
Search vendor "Cisco" for product "Ncs 5508"
--
Safe
Cisco
Search vendor "Cisco"
Ios Xr
Search vendor "Cisco" for product "Ios Xr"
>= 7.1.0 < 7.1.1
Search vendor "Cisco" for product "Ios Xr" and version " >= 7.1.0 < 7.1.1"
-
Affected
in Cisco
Search vendor "Cisco"
Ncs 5516
Search vendor "Cisco" for product "Ncs 5516"
--
Safe
Cisco
Search vendor "Cisco"
Ios Xr
Search vendor "Cisco" for product "Ios Xr"
>= 7.1.0 < 7.1.1
Search vendor "Cisco" for product "Ios Xr" and version " >= 7.1.0 < 7.1.1"
-
Affected
in Cisco
Search vendor "Cisco"
Ncs 560
Search vendor "Cisco" for product "Ncs 560"
--
Safe
Cisco
Search vendor "Cisco"
Ios Xr
Search vendor "Cisco" for product "Ios Xr"
>= 7.1.0 < 7.1.1
Search vendor "Cisco" for product "Ios Xr" and version " >= 7.1.0 < 7.1.1"
-
Affected
in Cisco
Search vendor "Cisco"
Ncs 6000
Search vendor "Cisco" for product "Ncs 6000"
--
Safe
Cisco
Search vendor "Cisco"
Ios Xr
Search vendor "Cisco" for product "Ios Xr"
>= 7.1.0 < 7.1.1
Search vendor "Cisco" for product "Ios Xr" and version " >= 7.1.0 < 7.1.1"
-
Affected
in Cisco
Search vendor "Cisco"
Ncs 6008
Search vendor "Cisco" for product "Ncs 6008"
--
Safe
Cisco
Search vendor "Cisco"
Ios Xr
Search vendor "Cisco" for product "Ios Xr"
>= 5.0.0 < 6.5.29
Search vendor "Cisco" for product "Ios Xr" and version " >= 5.0.0 < 6.5.29"
-
Affected
in Cisco
Search vendor "Cisco"
Ncs 4009
Search vendor "Cisco" for product "Ncs 4009"
--
Safe
Cisco
Search vendor "Cisco"
Ios Xr
Search vendor "Cisco" for product "Ios Xr"
>= 5.0.0 < 6.5.29
Search vendor "Cisco" for product "Ios Xr" and version " >= 5.0.0 < 6.5.29"
-
Affected
in Cisco
Search vendor "Cisco"
Ncs 4016
Search vendor "Cisco" for product "Ncs 4016"
--
Safe