{"containers": {"cna": {"affected": [{"product": "Cisco IOS XR Software", "vendor": "Cisco", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2020-09-02T00:00:00", "descriptions": [{"lang": "en", "value": "A vulnerability in task group assignment for a specific CLI command in Cisco IOS XR Software could allow an authenticated, local CLI shell user to elevate privileges and gain full administrative control of the device. The vulnerability is due to incorrect mapping of a command to task groups within the source code. An attacker could exploit this vulnerability by first authenticating to the local CLI shell on the device and using the CLI command to bypass the task group–based checks. A successful exploit could allow the attacker to elevate privileges and perform actions on the device without authorization checks."}], "exploits": [{"lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-264", "description": "CWE-264", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-09-04T02:26:01", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco"}, "references": [{"name": "20200902 Cisco IOS XR Software Authenticated User Privilege Escalation Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-LJtNFjeN"}], "source": {"advisory": "cisco-sa-iosxr-LJtNFjeN", "defect": [["CSCvs12604"]], "discovery": "INTERNAL"}, "title": "Cisco IOS XR Software Authenticated User Privilege Escalation Vulnerability", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@cisco.com", "DATE_PUBLIC": "2020-09-02T16:00:00", "ID": "CVE-2020-3473", "STATE": "PUBLIC", "TITLE": "Cisco IOS XR Software Authenticated User Privilege Escalation Vulnerability"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Cisco IOS XR Software", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "Cisco"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability in task group assignment for a specific CLI command in Cisco IOS XR Software could allow an authenticated, local CLI shell user to elevate privileges and gain full administrative control of the device. The vulnerability is due to incorrect mapping of a command to task groups within the source code. An attacker could exploit this vulnerability by first authenticating to the local CLI shell on the device and using the CLI command to bypass the task group–based checks. A successful exploit could allow the attacker to elevate privileges and perform actions on the device without authorization checks."}]}, "exploit": [{"lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."}], "impact": {"cvss": {"baseScore": "7.8", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-264"}]}]}, "references": {"reference_data": [{"name": "20200902 Cisco IOS XR Software Authenticated User Privilege Escalation Vulnerability", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-LJtNFjeN"}]}, "source": {"advisory": "cisco-sa-iosxr-LJtNFjeN", "defect": [["CSCvs12604"]], "discovery": "INTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T07:37:54.202Z"}, "title": "CVE Program Container", "references": [{"name": "20200902 Cisco IOS XR Software Authenticated User Privilege Escalation Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO", "x_transferred"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-LJtNFjeN"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-11-13T17:18:08.322105Z", "id": "CVE-2020-3473", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-13T18:07:53.806Z"}}]}, "cveMetadata": {"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2020-3473", "datePublished": "2020-09-04T02:26:01.429734Z", "dateReserved": "2019-12-12T00:00:00", "dateUpdated": "2024-11-13T18:07:53.806Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*", "matchCriteriaId": "50097B5A-98AC-4790-AB45-FB5B5118D3F8", "versionEndExcluding": "7.0.12", "versionStartIncluding": "5.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*", "matchCriteriaId": "DDFFC1A3-D76E-4CF9-97F8-D45493CFF949", "versionEndExcluding": "7.2.1", "versionStartIncluding": "7.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:8201:-:*:*:*:*:*:*:*", "matchCriteriaId": "3D8E7FFF-82A8-4ECB-BA0C-CBF0C2FDA3A3", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:8202:-:*:*:*:*:*:*:*", "matchCriteriaId": "87DC4C2F-01C5-4D89-8D79-E5D28EDAD0F2", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:8808:-:*:*:*:*:*:*:*", "matchCriteriaId": "F5E2AE67-DED3-4414-A194-386ADB2C8DC7", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:8812:-:*:*:*:*:*:*:*", "matchCriteriaId": "3920133A-684D-4A9F-B65A-FF4EAE5052E5", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:8818:-:*:*:*:*:*:*:*", "matchCriteriaId": "9ED06361-5A68-4656-AEA5-240C290594CD", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*", "matchCriteriaId": "FB5520C5-0DD6-4633-B0CB-E6B17C1976D7", "versionEndExcluding": "6.6.3", "versionStartIncluding": "5.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*", "matchCriteriaId": "00AFC058-2750-4A6F-B321-DF159214FCA5", "versionEndExcluding": "7.0.2", "versionStartIncluding": "7.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*", "matchCriteriaId": "97D588E3-03D6-4872-A376-A54708FC7EDD", "versionEndExcluding": "7.1.1", "versionStartIncluding": "7.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:ios_xrv_9000:-:*:*:*:*:*:*:*", "matchCriteriaId": "EEE98C3E-67E2-43A3-AEA9-1575F2B93A78", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:ncs_540:-:*:*:*:*:*:*:*", "matchCriteriaId": "BC7AE6C1-B7C6-4056-9719-B5CFF71970AD", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:ncs_5501:-:*:*:*:*:*:*:*", "matchCriteriaId": "0A972EFE-4F7E-4BFC-8631-66A2D16B74A3", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:ncs_5501-se:-:*:*:*:*:*:*:*", "matchCriteriaId": "1B254955-C485-45D7-A19B-E78CE1D997AD", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:ncs_5502:-:*:*:*:*:*:*:*", "matchCriteriaId": "7F72AEF0-EE70-40F8-B52B-1390820B87BB", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:ncs_5502-se:-:*:*:*:*:*:*:*", "matchCriteriaId": "50C7B71A-2559-4E90-BAAA-C6FAAFE35FC3", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:ncs_5508:-:*:*:*:*:*:*:*", "matchCriteriaId": "43D21B01-A754-474F-8E46-14D733AB307E", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:ncs_5516:-:*:*:*:*:*:*:*", "matchCriteriaId": "17D6424C-972F-459C-B8F7-04FFD9F541BC", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:ncs_560:-:*:*:*:*:*:*:*", "matchCriteriaId": "D4CC8256-E4F8-4DCB-B69A-40A7C5AA41E8", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:ncs_6000:-:*:*:*:*:*:*:*", "matchCriteriaId": "523058BF-DE14-4FAD-8A67-C8CA795032D9", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:ncs_6008:-:*:*:*:*:*:*:*", "matchCriteriaId": "61AF653C-DCD4-4B20-A555-71120F9A5BB9", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*", "matchCriteriaId": "4BA67FD7-DDA0-45E0-B172-3278BD48CC4E", "versionEndExcluding": "6.5.29", "versionStartIncluding": "5.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:ncs_4009:-:*:*:*:*:*:*:*", "matchCriteriaId": "F40E779D-5865-4E4B-AE2D-CF1860BA19E2", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:ncs_4016:-:*:*:*:*:*:*:*", "matchCriteriaId": "DC6A867F-E809-4CB5-82DB-2670CB0A6359", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "A vulnerability in task group assignment for a specific CLI command in Cisco IOS XR Software could allow an authenticated, local CLI shell user to elevate privileges and gain full administrative control of the device. The vulnerability is due to incorrect mapping of a command to task groups within the source code. An attacker could exploit this vulnerability by first authenticating to the local CLI shell on the device and using the CLI command to bypass the task group–based checks. A successful exploit could allow the attacker to elevate privileges and perform actions on the device without authorization checks."}, {"lang": "es", "value": "Una vulnerabilidad en la asignaci\u00f3n de grupos de tareas para un comando de la CLI espec\u00edfico en Cisco IOS XR Software, podr\u00eda permitir a un usuario del shell de la CLI local autenticado elevar privilegios y obtener el control administrativo total del dispositivo. La vulnerabilidad es debido a una asignaci\u00f3n incorrecta de un comando para grupos de tareas dentro del c\u00f3digo fuente. Un atacante podr\u00eda explotar esta vulnerabilidad si se autentica primero en el shell de la CLI local en el dispositivo y usando el comando de la CLI para omitir las comprobaciones group\u2013based de tareas. Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir al atacante elevar los privilegios y llevar a cabo acciones en el dispositivo sin comprobaciones de autorizaci\u00f3n"}], "id": "CVE-2020-3473", "lastModified": "2024-11-21T05:31:08.433", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "ykramarz@cisco.com", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-09-04T03:15:10.277", "references": [{"source": "ykramarz@cisco.com", "tags": ["Vendor Advisory"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-LJtNFjeN"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-LJtNFjeN"}], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "ykramarz@cisco.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-863"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}