Lucene search

CiscoCVE-2024-20278

HistoryMar 27, 2024 - 5:15 p.m.

CVE-2024-20278

2024-03-2717:15:51

CWE-184

cisco

web.nvd.nist.gov

cisco ios xe

authenticated remote attacker

privilege elevation

improper input validation

netconf

nvd

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

AI Score

6.8

Confidence

Low

EPSS

Percentile

9.0%

JSON

A vulnerability in the NETCONF feature of Cisco IOS XE Software could allow an authenticated, remote attacker to elevate privileges to root on an affected device.

This vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending crafted input over NETCONF to an affected device. A successful exploit could allow the attacker to elevate privileges from Administrator to root.

Affected configurations

Vulners

Node

ciscocisco_ios_xe_softwareMatch17.6.1

ciscocisco_ios_xe_softwareMatch17.6.2

ciscocisco_ios_xe_softwareMatch17.6.1w

ciscocisco_ios_xe_softwareMatch17.6.1a

ciscocisco_ios_xe_softwareMatch17.6.1x

ciscocisco_ios_xe_softwareMatch17.6.3

ciscocisco_ios_xe_softwareMatch17.6.1y

ciscocisco_ios_xe_softwareMatch17.6.1z

ciscocisco_ios_xe_softwareMatch17.6.3a

ciscocisco_ios_xe_softwareMatch17.6.4

ciscocisco_ios_xe_softwareMatch17.6.1z1

ciscocisco_ios_xe_softwareMatch17.6.5

ciscocisco_ios_xe_softwareMatch17.6.6

ciscocisco_ios_xe_softwareMatch17.6.6a

ciscocisco_ios_xe_softwareMatch17.6.5a

ciscocisco_ios_xe_softwareMatch17.7.1

ciscocisco_ios_xe_softwareMatch17.7.1a

ciscocisco_ios_xe_softwareMatch17.7.1b

ciscocisco_ios_xe_softwareMatch17.7.2

ciscocisco_ios_xe_softwareMatch17.10.1

ciscocisco_ios_xe_softwareMatch17.10.1a

ciscocisco_ios_xe_softwareMatch17.10.1b

ciscocisco_ios_xe_softwareMatch17.8.1

ciscocisco_ios_xe_softwareMatch17.8.1a

ciscocisco_ios_xe_softwareMatch17.9.1

ciscocisco_ios_xe_softwareMatch17.9.1w

ciscocisco_ios_xe_softwareMatch17.9.2

ciscocisco_ios_xe_softwareMatch17.9.1a

ciscocisco_ios_xe_softwareMatch17.9.1x

ciscocisco_ios_xe_softwareMatch17.9.1y

ciscocisco_ios_xe_softwareMatch17.9.3

ciscocisco_ios_xe_softwareMatch17.9.2a

ciscocisco_ios_xe_softwareMatch17.9.1x1

ciscocisco_ios_xe_softwareMatch17.9.3a

ciscocisco_ios_xe_softwareMatch17.9.4

ciscocisco_ios_xe_softwareMatch17.9.1y1

ciscocisco_ios_xe_softwareMatch17.9.4a

ciscocisco_ios_xe_softwareMatch17.11.1

ciscocisco_ios_xe_softwareMatch17.11.1a

ciscocisco_ios_xe_softwareMatch17.12.1

ciscocisco_ios_xe_softwareMatch17.12.1w

ciscocisco_ios_xe_softwareMatch17.12.1a

ciscocisco_ios_xe_softwareMatch17.11.99sw

VendorProductVersionCPE
ciscocisco_ios_xe_software17.6.1cpe:2.3:a:cisco:cisco_ios_xe_software:17.6.1:*:*:*:*:*:*:*
ciscocisco_ios_xe_software17.6.2cpe:2.3:a:cisco:cisco_ios_xe_software:17.6.2:*:*:*:*:*:*:*
ciscocisco_ios_xe_software17.6.1wcpe:2.3:a:cisco:cisco_ios_xe_software:17.6.1w:*:*:*:*:*:*:*
ciscocisco_ios_xe_software17.6.1acpe:2.3:a:cisco:cisco_ios_xe_software:17.6.1a:*:*:*:*:*:*:*
ciscocisco_ios_xe_software17.6.1xcpe:2.3:a:cisco:cisco_ios_xe_software:17.6.1x:*:*:*:*:*:*:*
ciscocisco_ios_xe_software17.6.3cpe:2.3:a:cisco:cisco_ios_xe_software:17.6.3:*:*:*:*:*:*:*
ciscocisco_ios_xe_software17.6.1ycpe:2.3:a:cisco:cisco_ios_xe_software:17.6.1y:*:*:*:*:*:*:*
ciscocisco_ios_xe_software17.6.1zcpe:2.3:a:cisco:cisco_ios_xe_software:17.6.1z:*:*:*:*:*:*:*
ciscocisco_ios_xe_software17.6.3acpe:2.3:a:cisco:cisco_ios_xe_software:17.6.3a:*:*:*:*:*:*:*
ciscocisco_ios_xe_software17.6.4cpe:2.3:a:cisco:cisco_ios_xe_software:17.6.4:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	cisco_ios_xe_software	17.6.1	cpe:2.3:a:cisco:cisco_ios_xe_software:17.6.1:::::::*
cisco	cisco_ios_xe_software	17.6.2	cpe:2.3:a:cisco:cisco_ios_xe_software:17.6.2:::::::*
cisco	cisco_ios_xe_software	17.6.1w	cpe:2.3:a:cisco:cisco_ios_xe_software:17.6.1w:::::::*
cisco	cisco_ios_xe_software	17.6.1a	cpe:2.3:a:cisco:cisco_ios_xe_software:17.6.1a:::::::*
cisco	cisco_ios_xe_software	17.6.1x	cpe:2.3:a:cisco:cisco_ios_xe_software:17.6.1x:::::::*
cisco	cisco_ios_xe_software	17.6.3	cpe:2.3:a:cisco:cisco_ios_xe_software:17.6.3:::::::*
cisco	cisco_ios_xe_software	17.6.1y	cpe:2.3:a:cisco:cisco_ios_xe_software:17.6.1y:::::::*
cisco	cisco_ios_xe_software	17.6.1z	cpe:2.3:a:cisco:cisco_ios_xe_software:17.6.1z:::::::*
cisco	cisco_ios_xe_software	17.6.3a	cpe:2.3:a:cisco:cisco_ios_xe_software:17.6.3a:::::::*
cisco	cisco_ios_xe_software	17.6.4	cpe:2.3:a:cisco:cisco_ios_xe_software:17.6.4:::::::*

Rows per page:

1-10 of 431

CNA Affected

[
  {
    "vendor": "Cisco",
    "product": "Cisco IOS XE Software",
    "versions": [
      {
        "version": "17.6.1",
        "status": "affected"
      },
      {
        "version": "17.6.2",
        "status": "affected"
      },
      {
        "version": "17.6.1w",
        "status": "affected"
      },
      {
        "version": "17.6.1a",
        "status": "affected"
      },
      {
        "version": "17.6.1x",
        "status": "affected"
      },
      {
        "version": "17.6.3",
        "status": "affected"
      },
      {
        "version": "17.6.1y",
        "status": "affected"
      },
      {
        "version": "17.6.1z",
        "status": "affected"
      },
      {
        "version": "17.6.3a",
        "status": "affected"
      },
      {
        "version": "17.6.4",
        "status": "affected"
      },
      {
        "version": "17.6.1z1",
        "status": "affected"
      },
      {
        "version": "17.6.5",
        "status": "affected"
      },
      {
        "version": "17.6.6",
        "status": "affected"
      },
      {
        "version": "17.6.6a",
        "status": "affected"
      },
      {
        "version": "17.6.5a",
        "status": "affected"
      },
      {
        "version": "17.7.1",
        "status": "affected"
      },
      {
        "version": "17.7.1a",
        "status": "affected"
      },
      {
        "version": "17.7.1b",
        "status": "affected"
      },
      {
        "version": "17.7.2",
        "status": "affected"
      },
      {
        "version": "17.10.1",
        "status": "affected"
      },
      {
        "version": "17.10.1a",
        "status": "affected"
      },
      {
        "version": "17.10.1b",
        "status": "affected"
      },
      {
        "version": "17.8.1",
        "status": "affected"
      },
      {
        "version": "17.8.1a",
        "status": "affected"
      },
      {
        "version": "17.9.1",
        "status": "affected"
      },
      {
        "version": "17.9.1w",
        "status": "affected"
      },
      {
        "version": "17.9.2",
        "status": "affected"
      },
      {
        "version": "17.9.1a",
        "status": "affected"
      },
      {
        "version": "17.9.1x",
        "status": "affected"
      },
      {
        "version": "17.9.1y",
        "status": "affected"
      },
      {
        "version": "17.9.3",
        "status": "affected"
      },
      {
        "version": "17.9.2a",
        "status": "affected"
      },
      {
        "version": "17.9.1x1",
        "status": "affected"
      },
      {
        "version": "17.9.3a",
        "status": "affected"
      },
      {
        "version": "17.9.4",
        "status": "affected"
      },
      {
        "version": "17.9.1y1",
        "status": "affected"
      },
      {
        "version": "17.9.4a",
        "status": "affected"
      },
      {
        "version": "17.11.1",
        "status": "affected"
      },
      {
        "version": "17.11.1a",
        "status": "affected"
      },
      {
        "version": "17.12.1",
        "status": "affected"
      },
      {
        "version": "17.12.1w",
        "status": "affected"
      },
      {
        "version": "17.12.1a",
        "status": "affected"
      },
      {
        "version": "17.11.99SW",
        "status": "affected"
      }
    ]
  }
]

References

sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-priv-esc-seAx6NLX

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

AI Score

6.8

Confidence

Low

EPSS

Percentile

9.0%

JSON

Related for CVE-2024-20278