The vulnerability in the implementation of the NETCONF protocol for Cisco IOS XE allows a attacker to elevate their privileges to the root level.

🗓️ 10 Apr 2024 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru👁 4 Views

A vulnerability in Cisco IOS XE NETCONF implementation allows root privilege escalation due to an incomplete input data blacklist.

Reporter	Title	Published	Views	Family All 12
Cisco	Cisco IOS XE Software Privilege Escalation Vulnerability	27 Mar 202416:00	–	cisco
Tenable Nessus	Cisco IOS XE Software Privilege Escalation (cisco-sa-iosxe-priv-esc-seAx6NLX)	15 Apr 202400:00	–	nessus
CNNVD	Cisco IOS XE Software 安全漏洞	27 Mar 202400:00	–	cnnvd
CVE	CVE-2024-20278	27 Mar 202416:59	–	cve
Cvelist	CVE-2024-20278	27 Mar 202416:59	–	cvelist
EUVD	EUVD-2024-17993	3 Oct 202520:07	–	euvd
NCSC	Vulnerabilities fixed in Cisco products	28 Mar 202400:00	–	ncsc
NVD	CVE-2024-20278	27 Mar 202417:15	–	nvd
OSV	CVE-2024-20278	27 Mar 202417:15	–	osv
Positive Technologies	PT-2024-2707 · Cisco · Cisco Ios Xe	27 Mar 202400:00	–	ptsecurity

Vulners

Node

cisco_systems cisco_ios_xeMatch17.6

OR

cisco_systems cisco_ios_xeMatch17.6.1

OR

cisco_systems cisco_ios_xeMatch17.9.1

OR

cisco_systems cisco_ios_xeMatch17.9.1a

OR

cisco_systems cisco_ios_xeMatch17.9.1w

OR

cisco_systems cisco_ios_xeMatch17.10

OR

cisco_systems cisco_ios_xeMatch17.11

OR

cisco_systems cisco_ios_xeMatch17.11.1

OR

cisco_systems cisco_ios_xeMatch17.11.1a

OR

cisco_systems cisco_ios_xeMatch17.12

OR

cisco_systems cisco_ios_xeMatch17.12.1

OR

cisco_systems cisco_ios_xeMatch17.12.1w

OR

cisco_systems cisco_ios_xeMatch17.12.1a

OR

cisco_systems cisco_ios_xeMatch17.11sw

OR

cisco_systems cisco_ios_xeMatch17.11.99sw

OR

cisco_systems cisco_ios_xeMatch17.10.1

OR

cisco_systems cisco_ios_xeMatch17.10.1a

OR

cisco_systems cisco_ios_xeMatch17.10.1b

OR

cisco_systems cisco_ios_xeMatch17.8

OR

cisco_systems cisco_ios_xeMatch17.8.1

OR

cisco_systems cisco_ios_xeMatch17.9

OR

cisco_systems cisco_ios_xeMatch17.9.2

OR

cisco_systems cisco_ios_xeMatch17.9.3

OR

cisco_systems cisco_ios_xeMatch17.9.4

OR

cisco_systems cisco_ios_xeMatch17.9.4a

OR

cisco_systems cisco_ios_xeMatch17.7

OR

cisco_systems cisco_ios_xeMatch17.7.1

OR

cisco_systems cisco_ios_xeMatch17.6.5a

OR

cisco_systems cisco_ios_xeMatch17.6.6a

OR

cisco_systems cisco_ios_xeMatch17.6.6

OR

cisco_systems cisco_ios_xeMatch17.6.2

OR

cisco_systems cisco_ios_xeMatch17.6.3

OR

cisco_systems cisco_ios_xeMatch17.6.4

OR

cisco_systems cisco_ios_xeMatch17.6.5

OR

cisco_systems cisco_ios_xeMatch17.6.1a

OR

cisco_systems cisco_ios_xeMatch17.6.3a

OR

cisco_systems cisco_ios_xeMatch17.7.1a

OR

cisco_systems cisco_ios_xeMatch17.7.1b

OR

cisco_systems cisco_ios_xeMatch17.7.2

OR

cisco_systems cisco_ios_xeMatch17.8.1a

OR

cisco_systems cisco_ios_xeMatch17.9.2a

OR

cisco_systems cisco_ios_xeMatch17.9.3a

OR

cisco_systems cisco_ios_xeMatch17.6.1w

OR

cisco_systems cisco_ios_xeMatch17.6.1x

OR

cisco_systems cisco_ios_xeMatch17.6.1y

OR

cisco_systems cisco_ios_xeMatch17.6.1z

OR

cisco_systems cisco_ios_xeMatch17.6.1z1

OR

cisco_systems cisco_ios_xeMatch17.9.1x

OR

cisco_systems cisco_ios_xeMatch17.9.1x1

OR

cisco_systems cisco_ios_xeMatch17.9.1y1

Source	Link
sec	www.sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-priv-esc-seAx6NLX
web	www.web.nvd.nist.gov/view/vuln/detail

10 Apr 2024 00:00Current

5.5Medium risk

Vulners AI Score5.5

CVSS 36.5

CVSS 28.5

EPSS0.00546

Cisco IOS XE NETCONF vulnerability Privilege escalation Input data processing Root access