Lucene search

CiscoCVE-2020-3530

HistorySep 04, 2020 - 3:15 a.m.

CVE-2020-3530

2020-09-0403:15:10

CWE-264

CWE-863

cisco

web.nvd.nist.gov

cisco

ios xr software

vulnerability

task group assignment

cli

cve-2020-3530

nvd

CVSS2

5.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:P/A:C

CVSS3

8.4

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H

AI Score

8.2

Confidence

High

EPSS

Percentile

5.1%

JSON

A vulnerability in task group assignment for a specific CLI command in Cisco IOS XR Software could allow an authenticated, local attacker to execute that command, even though administrative privileges should be required. The attacker must have valid credentials on the affected device. The vulnerability is due to incorrect mapping in the source code of task group assignments for a specific command. An attacker could exploit this vulnerability by issuing the command, which they should not be authorized to issue, on an affected device. A successful exploit could allow the attacker to invalidate the integrity of the disk and cause the device to restart. This vulnerability could allow a user with read permissions to issue a specific command that should require Administrator privileges.

Affected configurations

Nvd

Node

ciscoios_xrRange<7.1.2

AND

ciscoasr_9000vMatch-

ciscoasr_9001Match-

ciscoasr_9006Match-

ciscoasr_9010Match-

ciscoasr_9901Match-

ciscoasr_9904Match-

ciscoasr_9906Match-

ciscoasr_9910Match-

ciscoasr_9912Match-

ciscoasr_9922Match-

cisconcs_1001Match-

cisconcs_1002Match-

cisconcs_1004Match-

cisconcs_5001Match-

cisconcs_5002Match-

cisconcs_5011Match-

cisconcs_5501Match-

cisconcs_5501-seMatch-

cisconcs_5502Match-

cisconcs_5502-seMatch-

cisconcs_5508Match-

cisconcs_5516Match-

VendorProductVersionCPE
ciscoios_xr*cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*
ciscoasr_9000v-cpe:2.3:h:cisco:asr_9000v:-:*:*:*:*:*:*:*
ciscoasr_9001-cpe:2.3:h:cisco:asr_9001:-:*:*:*:*:*:*:*
ciscoasr_9006-cpe:2.3:h:cisco:asr_9006:-:*:*:*:*:*:*:*
ciscoasr_9010-cpe:2.3:h:cisco:asr_9010:-:*:*:*:*:*:*:*
ciscoasr_9901-cpe:2.3:h:cisco:asr_9901:-:*:*:*:*:*:*:*
ciscoasr_9904-cpe:2.3:h:cisco:asr_9904:-:*:*:*:*:*:*:*
ciscoasr_9906-cpe:2.3:h:cisco:asr_9906:-:*:*:*:*:*:*:*
ciscoasr_9910-cpe:2.3:h:cisco:asr_9910:-:*:*:*:*:*:*:*
ciscoasr_9912-cpe:2.3:h:cisco:asr_9912:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	ios_xr	*	cpe:2.3:o:cisco:ios_xr::::::::
cisco	asr_9000v	-	cpe:2.3:h:cisco:asr_9000v:-:::::::*
cisco	asr_9001	-	cpe:2.3:h:cisco:asr_9001:-:::::::*
cisco	asr_9006	-	cpe:2.3:h:cisco:asr_9006:-:::::::*
cisco	asr_9010	-	cpe:2.3:h:cisco:asr_9010:-:::::::*
cisco	asr_9901	-	cpe:2.3:h:cisco:asr_9901:-:::::::*
cisco	asr_9904	-	cpe:2.3:h:cisco:asr_9904:-:::::::*
cisco	asr_9906	-	cpe:2.3:h:cisco:asr_9906:-:::::::*
cisco	asr_9910	-	cpe:2.3:h:cisco:asr_9910:-:::::::*
cisco	asr_9912	-	cpe:2.3:h:cisco:asr_9912:-:::::::*

Rows per page:

1-10 of 231

CNA Affected

[
  {
    "product": "Cisco IOS XR Software",
    "vendor": "Cisco",
    "versions": [
      {
        "status": "affected",
        "version": "n/a"
      }
    ]
  }
]

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-cli-privescl-sDVEmhqv

CVSS2

5.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:P/A:C

CVSS3

8.4

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H

AI Score

8.2

Confidence

High

EPSS

Percentile

5.1%

JSON

Related for CVE-2020-3530