1. Home
  2. CVE Database
  3. CVE-2024-20320
HIGH · 7.8

CVE-2024-20320

A vulnerability in the SSH client feature of Cisco IOS XR Software for Cisco 8000 Series Routers and Cisco Network Convergence System (NCS) 540 Series and 5700 Series Routers could allow an authentica...

Vulnerability Description

A vulnerability in the SSH client feature of Cisco IOS XR Software for Cisco 8000 Series Routers and Cisco Network Convergence System (NCS) 540 Series and 5700 Series Routers could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerability is due to insufficient validation of arguments that are included with the SSH client CLI command. An attacker with low-privileged access to an affected device could exploit this vulnerability by issuing a crafted SSH client command to the CLI. A successful exploit could allow the attacker to elevate privileges to root on the affected device.

CVSS Score

7.8

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
CiscoIos Xr7.2.1
CiscoIos Xrd Control PlaneAll versions
CiscoIos Xrd VrouterAll versions
Cisco8011-4G24Y4H-I-
Cisco8101-32Fh-
Cisco8101-32Fh-O-
Cisco8101-32H-O-
Cisco8102-28Fh-Dpu-O-
Cisco8102-64H-
Cisco8102-64H-O-
Cisco8111-32Eh-O-
Cisco8122-64Eh-O-
Cisco8122-64Ehf-O-
Cisco8201-
Cisco8201-24H8Fh-
Cisco8201-32Fh-
Cisco8201-32Fh-O-
Cisco8202-
Cisco8202-32Fh-M-
Cisco8212-48Fh-M-

Related Weaknesses (CWE)

CWE-266

References

FAQ

What is CVE-2024-20320?

CVE-2024-20320 is a vulnerability with a CVSS score of 7.8 (HIGH). A vulnerability in the SSH client feature of Cisco IOS XR Software for Cisco 8000 Series Routers and Cisco Network Convergence System (NCS) 540 Series and 5700 Series Routers could allow an authentica...

How severe is CVE-2024-20320?

CVE-2024-20320 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-20320?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco Ios Xr, Cisco Ios Xrd Control Plane, Cisco Ios Xrd Vrouter, Cisco 8011-4G24Y4H-I, Cisco 8101-32Fh.