Lucene search
CiscoCVE-2024-20343HistorySep 11, 2024 - 5:15 p.m.
CVE-2024-20343
2024-09-1117:15:12
CWE-284
cisco
web.nvd.nist.gov
27
cisco ios xr
vulnerability
authenticated
attacker
linux
file system
cli command
CVSS3
5.5
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
AI Score
6.8
Confidence
Low
EPSS
0
Percentile
9.6%
A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to read any file in the file system of the underlying Linux operating system. The attacker must have valid credentials on the affected device.
This vulnerability is due to incorrect validation of the arguments that are passed to a specific CLI command. An attacker could exploit this vulnerability by logging in to an affected device with low-privileged credentials and using the affected command. A successful exploit could allow the attacker access files in read-only mode on the Linux file system.
Affected configurations
Node
ciscoios_xr_softwareMatch6.5.3
ORciscoios_xr_softwareMatch6.6.1
ORciscoios_xr_softwareMatch6.5.2
ORciscoios_xr_softwareMatch6.5.92
ORciscoios_xr_softwareMatch6.5.1
ORciscoios_xr_softwareMatch6.5.15
ORciscoios_xr_softwareMatch6.6.2
ORciscoios_xr_softwareMatch7.0.1
ORciscoios_xr_softwareMatch6.6.25
ORciscoios_xr_softwareMatch6.6.11
ORciscoios_xr_softwareMatch6.5.93
ORciscoios_xr_softwareMatch6.6.12
ORciscoios_xr_softwareMatch7.0.0
ORciscoios_xr_softwareMatch7.1.1
ORciscoios_xr_softwareMatch7.0.90
ORciscoios_xr_softwareMatch6.6.3
ORciscoios_xr_softwareMatch7.0.2
ORciscoios_xr_softwareMatch7.1.15
ORciscoios_xr_softwareMatch7.2.0
ORciscoios_xr_softwareMatch7.2.1
ORciscoios_xr_softwareMatch7.1.2
ORciscoios_xr_softwareMatch7.0.11
ORciscoios_xr_softwareMatch7.0.12
ORciscoios_xr_softwareMatch7.0.14
ORciscoios_xr_softwareMatch7.1.25
ORciscoios_xr_softwareMatch6.6.4
ORciscoios_xr_softwareMatch7.2.12
ORciscoios_xr_softwareMatch7.3.1
ORciscoios_xr_softwareMatch7.1.3
ORciscoios_xr_softwareMatch7.4.1
ORciscoios_xr_softwareMatch7.2.2
ORciscoios_xr_softwareMatch7.3.15
ORciscoios_xr_softwareMatch7.3.16
ORciscoios_xr_softwareMatch7.4.15
ORciscoios_xr_softwareMatch7.3.2
ORciscoios_xr_softwareMatch7.5.1
ORciscoios_xr_softwareMatch7.4.16
ORciscoios_xr_softwareMatch7.3.27
ORciscoios_xr_softwareMatch7.6.1
ORciscoios_xr_softwareMatch7.5.2
ORciscoios_xr_softwareMatch7.8.1
ORciscoios_xr_softwareMatch7.6.15
ORciscoios_xr_softwareMatch7.5.12
ORciscoios_xr_softwareMatch7.8.12
ORciscoios_xr_softwareMatch7.3.3
ORciscoios_xr_softwareMatch7.7.1
ORciscoios_xr_softwareMatch7.3.4
ORciscoios_xr_softwareMatch7.4.2
ORciscoios_xr_softwareMatch7.6.2
ORciscoios_xr_softwareMatch7.5.3
ORciscoios_xr_softwareMatch7.7.2
ORciscoios_xr_softwareMatch7.9.1
ORciscoios_xr_softwareMatch7.10.1
ORciscoios_xr_softwareMatch7.8.2
ORciscoios_xr_softwareMatch7.5.4
ORciscoios_xr_softwareMatch7.8.22
ORciscoios_xr_softwareMatch7.7.21
ORciscoios_xr_softwareMatch7.9.2
ORciscoios_xr_softwareMatch7.3.5
ORciscoios_xr_softwareMatch7.5.5
ORciscoios_xr_softwareMatch7.11.1
ORciscoios_xr_softwareMatch7.9.21
ORciscoios_xr_softwareMatch7.10.2
ORciscoios_xr_softwareMatch24.1.1
ORciscoios_xr_softwareMatch7.3.6
ORciscoios_xr_softwareMatch7.5.52
| Vendor | Product | Version | CPE |
|---|---|---|---|
| cisco | ios_xr_software | 6.5.3 | cpe:2.3:o:cisco:ios_xr_software:6.5.3:*:*:*:*:*:*:* |
| cisco | ios_xr_software | 6.6.1 | cpe:2.3:o:cisco:ios_xr_software:6.6.1:*:*:*:*:*:*:* |
| cisco | ios_xr_software | 6.5.2 | cpe:2.3:o:cisco:ios_xr_software:6.5.2:*:*:*:*:*:*:* |
| cisco | ios_xr_software | 6.5.92 | cpe:2.3:o:cisco:ios_xr_software:6.5.92:*:*:*:*:*:*:* |
| cisco | ios_xr_software | 6.5.1 | cpe:2.3:o:cisco:ios_xr_software:6.5.1:*:*:*:*:*:*:* |
| cisco | ios_xr_software | 6.5.15 | cpe:2.3:o:cisco:ios_xr_software:6.5.15:*:*:*:*:*:*:* |
| cisco | ios_xr_software | 6.6.2 | cpe:2.3:o:cisco:ios_xr_software:6.6.2:*:*:*:*:*:*:* |
| cisco | ios_xr_software | 7.0.1 | cpe:2.3:o:cisco:ios_xr_software:7.0.1:*:*:*:*:*:*:* |
| cisco | ios_xr_software | 6.6.25 | cpe:2.3:o:cisco:ios_xr_software:6.6.25:*:*:*:*:*:*:* |
| cisco | ios_xr_software | 6.6.11 | cpe:2.3:o:cisco:ios_xr_software:6.6.11:*:*:*:*:*:*:* |
CNA Affected
[
{
"vendor": "Cisco",
"product": "Cisco IOS XR Software",
"versions": [
{
"version": "6.5.3",
"status": "affected"
},
{
"version": "6.6.1",
"status": "affected"
},
{
"version": "6.5.2",
"status": "affected"
},
{
"version": "6.5.92",
"status": "affected"
},
{
"version": "6.5.1",
"status": "affected"
},
{
"version": "6.5.15",
"status": "affected"
},
{
"version": "6.6.2",
"status": "affected"
},
{
"version": "7.0.1",
"status": "affected"
},
{
"version": "6.6.25",
"status": "affected"
},
{
"version": "6.6.11",
"status": "affected"
},
{
"version": "6.5.93",
"status": "affected"
},
{
"version": "6.6.12",
"status": "affected"
},
{
"version": "7.0.0",
"status": "affected"
},
{
"version": "7.1.1",
"status": "affected"
},
{
"version": "7.0.90",
"status": "affected"
},
{
"version": "6.6.3",
"status": "affected"
},
{
"version": "7.0.2",
"status": "affected"
},
{
"version": "7.1.15",
"status": "affected"
},
{
"version": "7.2.0",
"status": "affected"
},
{
"version": "7.2.1",
"status": "affected"
},
{
"version": "7.1.2",
"status": "affected"
},
{
"version": "7.0.11",
"status": "affected"
},
{
"version": "7.0.12",
"status": "affected"
},
{
"version": "7.0.14",
"status": "affected"
},
{
"version": "7.1.25",
"status": "affected"
},
{
"version": "6.6.4",
"status": "affected"
},
{
"version": "7.2.12",
"status": "affected"
},
{
"version": "7.3.1",
"status": "affected"
},
{
"version": "7.1.3",
"status": "affected"
},
{
"version": "7.4.1",
"status": "affected"
},
{
"version": "7.2.2",
"status": "affected"
},
{
"version": "7.3.15",
"status": "affected"
},
{
"version": "7.3.16",
"status": "affected"
},
{
"version": "7.4.15",
"status": "affected"
},
{
"version": "7.3.2",
"status": "affected"
},
{
"version": "7.5.1",
"status": "affected"
},
{
"version": "7.4.16",
"status": "affected"
},
{
"version": "7.3.27",
"status": "affected"
},
{
"version": "7.6.1",
"status": "affected"
},
{
"version": "7.5.2",
"status": "affected"
},
{
"version": "7.8.1",
"status": "affected"
},
{
"version": "7.6.15",
"status": "affected"
},
{
"version": "7.5.12",
"status": "affected"
},
{
"version": "7.8.12",
"status": "affected"
},
{
"version": "7.3.3",
"status": "affected"
},
{
"version": "7.7.1",
"status": "affected"
},
{
"version": "7.3.4",
"status": "affected"
},
{
"version": "7.4.2",
"status": "affected"
},
{
"version": "7.6.2",
"status": "affected"
},
{
"version": "7.5.3",
"status": "affected"
},
{
"version": "7.7.2",
"status": "affected"
},
{
"version": "7.9.1",
"status": "affected"
},
{
"version": "7.10.1",
"status": "affected"
},
{
"version": "7.8.2",
"status": "affected"
},
{
"version": "7.5.4",
"status": "affected"
},
{
"version": "7.8.22",
"status": "affected"
},
{
"version": "7.7.21",
"status": "affected"
},
{
"version": "7.9.2",
"status": "affected"
},
{
"version": "7.3.5",
"status": "affected"
},
{
"version": "7.5.5",
"status": "affected"
},
{
"version": "7.11.1",
"status": "affected"
},
{
"version": "7.9.21",
"status": "affected"
},
{
"version": "7.10.2",
"status": "affected"
},
{
"version": "24.1.1",
"status": "affected"
},
{
"version": "7.3.6",
"status": "affected"
},
{
"version": "7.5.52",
"status": "affected"
}
],
"defaultStatus": "unknown"
}
]Related
nvd
nvd
CVE-2024-20343
2024-09-11 17:15:12
vulnrichment
vulnrichment
CVE-2024-20343 Cisco IOS XR Software CLI Arbitrary File Read Vulnerability
2024-09-11 16:38:06
cisco
cisco
Cisco IOS XR Software CLI Arbitrary File Read Vulnerability
2024-09-11 16:00:00
cvelist
cvelist
CVE-2024-20343 Cisco IOS XR Software CLI Arbitrary File Read Vulnerability
2024-09-11 16:38:06
CVSS3
5.5
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
AI Score
6.8
Confidence
Low
EPSS
0
Percentile
9.6%
Related for CVE-2024-20343