Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2020-3530
HistorySep 04, 2020 - 3:15 a.m.

CVE-2020-3530

2020-09-0403:15:10
CWE-264
CWE-863
[email protected]
web.nvd.nist.gov
28
cisco
ios xr software
vulnerability
task group assignment
cli
cve-2020-3530
nvd

5.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:P/A:C

8.4 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H

8.2 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

A vulnerability in task group assignment for a specific CLI command in Cisco IOS XR Software could allow an authenticated, local attacker to execute that command, even though administrative privileges should be required. The attacker must have valid credentials on the affected device. The vulnerability is due to incorrect mapping in the source code of task group assignments for a specific command. An attacker could exploit this vulnerability by issuing the command, which they should not be authorized to issue, on an affected device. A successful exploit could allow the attacker to invalidate the integrity of the disk and cause the device to restart. This vulnerability could allow a user with read permissions to issue a specific command that should require Administrator privileges.

Affected configurations

NVD
Node
ciscoios_xrRange<7.1.2
AND
ciscoasr_9000vMatch-
OR
ciscoasr_9001Match-
OR
ciscoasr_9006Match-
OR
ciscoasr_9010Match-
OR
ciscoasr_9901Match-
OR
ciscoasr_9904Match-
OR
ciscoasr_9906Match-
OR
ciscoasr_9910Match-
OR
ciscoasr_9912Match-
OR
ciscoasr_9922Match-
OR
cisconcs_1001Match-
OR
cisconcs_1002Match-
OR
cisconcs_1004Match-
OR
cisconcs_5001Match-
OR
cisconcs_5002Match-
OR
cisconcs_5011Match-
OR
cisconcs_5501Match-
OR
cisconcs_5501-seMatch-
OR
cisconcs_5502Match-
OR
cisconcs_5502-seMatch-
OR
cisconcs_5508Match-
OR
cisconcs_5516Match-
CPENameOperatorVersion
cisco:ios_xrcisco ios xrlt7.1.2

CNA Affected

[
  {
    "product": "Cisco IOS XR Software ",
    "vendor": "Cisco",
    "versions": [
      {
        "status": "affected",
        "version": "n/a"
      }
    ]
  }
]

Related

cisco 1
nessus 1
nvd 1
cvelist 1
prion 1
cisco
cisco
Cisco IOS XR Authenticated User Privilege Escalation Vulnerability
2020-09-02 16:00:00
nessus
nessus
Cisco IOS XR Authenticated User Privilege Escalation (cisco-sa-iosxr-cli-privescl-sDVEmhqv)
2020-09-25 00:00:00
nvd
nvd
CVE-2020-3530
2020-09-04 03:15:10
cvelist
cvelist
CVE-2020-3530 Cisco IOS XR Authenticated User Privilege Escalation Vulnerability
2020-09-02 00:00:00
prion
prion
Command injection
2020-09-04 03:15:00

5.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:P/A:C

8.4 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H

8.2 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON
Related for CVE-2020-3530
cisco1nessus1nvd1cvelist1prion1