CVE-2020-3473 — HIGH (7.8) — White Hats Nepal

Q: How severe is CVE-2020-3473?

CVE-2020-3473 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2020-3473?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco Ios Xr, Cisco 8201, Cisco 8202, Cisco 8808, Cisco 8812.

Vulnerability Description

A vulnerability in task group assignment for a specific CLI command in Cisco IOS XR Software could allow an authenticated, local CLI shell user to elevate privileges and gain full administrative control of the device. The vulnerability is due to incorrect mapping of a command to task groups within the source code. An attacker could exploit this vulnerability by first authenticating to the local CLI shell on the device and using the CLI command to bypass the task group–based checks. A successful exploit could allow the attacker to elevate privileges and perform actions on the device without authorization checks.

CVSS Score

7.8

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Cisco	Ios Xr	>= 5.0.0, < 7.0.12
Cisco	8201	-
Cisco	8202	-
Cisco	8808	-
Cisco	8812	-
Cisco	8818	-
Cisco	Ios Xrv 9000	-
Cisco	Ncs 540	-
Cisco	Ncs 5501	-
Cisco	Ncs 5501-Se	-
Cisco	Ncs 5502	-
Cisco	Ncs 5502-Se	-
Cisco	Ncs 5508	-
Cisco	Ncs 5516	-
Cisco	Ncs 560	-
Cisco	Ncs 6000	-
Cisco	Ncs 6008	-
Cisco	Ncs 4009	-
Cisco	Ncs 4016	-

Related Weaknesses (CWE)

CWE-863 CWE-264

References

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iVendor Advisory
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iVendor Advisory

FAQ

What is CVE-2020-3473?

CVE-2020-3473 is a vulnerability with a CVSS score of 7.8 (HIGH). A vulnerability in task group assignment for a specific CLI command in Cisco IOS XR Software could allow an authenticated, local CLI shell user to elevate privileges and gain full administrative contr...

How severe is CVE-2020-3473?

CVE-2020-3473 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-3473?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco Ios Xr, Cisco 8201, Cisco 8202, Cisco 8808, Cisco 8812.