CVE-2024-20343

CWE-284Improper Access Control4 documents4 sources
Severity
5.5MEDIUM
EPSS
0.1%
top 71.00%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Cisco IOS XR SoftwareCisco IOS XR
Timeline
PublishedSep 11

Description

A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to read any file in the file system of the underlying Linux operating system. The attacker must have valid credentials on the affected device. This vulnerability is due to incorrect validation of the arguments that are passed to a specific CLI command. An attacker could exploit this vulnerability by logging in to an affected device with low-privileged credentials and using the affected command. A su

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

CVEListV5cisco/cisco_ios_xr_software66 versions+65
NVDcisco/ios_xr66 versions+65

🔴Vulnerability Details

2
CVEList
Cisco IOS XR Software CLI Arbitrary File Read Vulnerability2024-09-11
GHSA
GHSA-9m8x-hm95-w858: A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to read any file in the file system of the underlying2024-09-11

📋Vendor Advisories

1
Cisco
Cisco IOS XR Software CLI Arbitrary File Read Vulnerability2024-09-11
CVE-2024-20343 (MEDIUM CVSS 5.5) | A vulnerability in the CLI of Cisco | cvebase.io