CVE-2024-20320 - Vulnerability Details

Description

A vulnerability in the SSH client feature of Cisco IOS XR Software for Cisco 8000 Series Routers and Cisco Network Convergence System (NCS) 540 Series and 5700 Series Routers could allow an authenticated, local attacker to elevate privileges on an affected device.

This vulnerability is due to insufficient validation of arguments that are included with the SSH client CLI command. An attacker with low-privileged access to an affected device could exploit this vulnerability by issuing a crafted SSH client command to the CLI. A successful exploit could allow the attacker to elevate privileges to root on the affected device.

Published: 2024-03-13

Score: 7.8 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

No analysis available yet.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Cisco

Cisco IOS XR Software

affected

Version	Status	Constraints
`7.2.1`	affected	—
`7.2.2`	affected	—
`7.3.1`	affected	—
`7.3.15`	affected	—
`7.3.2`	affected	—
`7.3.3`	affected	—
`7.3.5`	affected	—
`7.4.1`	affected	—
`7.4.2`	affected	—
`7.5.1`	affected	—
`7.5.3`	affected	—
`7.5.2`	affected	—
`7.5.4`	affected	—
`7.5.5`	affected	—
`7.6.1`	affected	—
`7.6.2`	affected	—
`7.7.1`	affected	—
`7.7.2`	affected	—
`7.7.21`	affected	—
`7.8.1`	affected	—
`7.8.2`	affected	—
`7.9.1`	affected	—
`7.9.2`	affected	—
`7.9.21`	affected	—
`7.10.1`	affected	—

Configuration 1 [-]

AND

OR	cpe:2.3:o:cisco:ios_xr:7.2.1:::::::*
	cpe:2.3:o:cisco:ios_xr:7.2.2:::::::*
	cpe:2.3:o:cisco:ios_xr:7.3.1:::::::*
	cpe:2.3:o:cisco:ios_xr:7.3.2:::::::*
	cpe:2.3:o:cisco:ios_xr:7.3.3:::::::*
	cpe:2.3:o:cisco:ios_xr:7.3.5:::::::*
	cpe:2.3:o:cisco:ios_xr:7.3.15:::::::*
	cpe:2.3:o:cisco:ios_xr:7.4.1:::::::*
	cpe:2.3:o:cisco:ios_xr:7.4.2:::::::*
	cpe:2.3:o:cisco:ios_xr:7.5.1:::::::*
	cpe:2.3:o:cisco:ios_xr:7.5.2:::::::*
	cpe:2.3:o:cisco:ios_xr:7.5.3:::::::*
	cpe:2.3:o:cisco:ios_xr:7.5.4:::::::*
	cpe:2.3:o:cisco:ios_xr:7.5.5:::::::*
	cpe:2.3:o:cisco:ios_xr:7.6.1:::::::*
	cpe:2.3:o:cisco:ios_xr:7.6.2:::::::*
	cpe:2.3:o:cisco:ios_xr:7.7.1:::::::*
	cpe:2.3:o:cisco:ios_xr:7.7.2:::::::*
	cpe:2.3:o:cisco:ios_xr:7.7.21:::::::*
	cpe:2.3:o:cisco:ios_xr:7.8.1:::::::*
	cpe:2.3:o:cisco:ios_xr:7.8.2:::::::*
	cpe:2.3:o:cisco:ios_xr:7.9.1:::::::*
	cpe:2.3:o:cisco:ios_xr:7.9.2:::::::*
	cpe:2.3:o:cisco:ios_xr:7.9.21:::::::*
	cpe:2.3:o:cisco:ios_xr:7.10.1:::::::*

OR	cpe:2.3:a:cisco:ios_xrd_control_plane::::::::
	cpe:2.3:a:cisco:ios_xrd_vrouter::::::::
	cpe:2.3:h:cisco:8011-4g24y4h-i:-:::::::*
	cpe:2.3:h:cisco:8101-32fh:-:::::::*
	cpe:2.3:h:cisco:8101-32fh-o:-:::::::*
	cpe:2.3:h:cisco:8101-32h-o:-:::::::*
	cpe:2.3:h:cisco:8102-28fh-dpu-o:-:::::::*
	cpe:2.3:h:cisco:8102-64h:-:::::::*
	cpe:2.3:h:cisco:8102-64h-o:-:::::::*
	cpe:2.3:h:cisco:8111-32eh-o:-:::::::*
	cpe:2.3:h:cisco:8122-64eh-o:-:::::::*
	cpe:2.3:h:cisco:8122-64ehf-o:-:::::::*
	cpe:2.3:h:cisco:8201:-:::::::*
	cpe:2.3:h:cisco:8201-24h8fh:-:::::::*
	cpe:2.3:h:cisco:8201-32fh:-:::::::*
	cpe:2.3:h:cisco:8201-32fh-o:-:::::::*
	cpe:2.3:h:cisco:8202:-:::::::*
	cpe:2.3:h:cisco:8202-32fh-m:-:::::::*
	cpe:2.3:h:cisco:8212-48fh-m:-:::::::*
	cpe:2.3:h:cisco:8404:-:::::::*
	cpe:2.3:h:cisco:8501-sys-mt:-:::::::*
	cpe:2.3:h:cisco:8608:-:::::::*
	cpe:2.3:h:cisco:8700:-:::::::*
	cpe:2.3:h:cisco:8711-32fh-m:-:::::::*
	cpe:2.3:h:cisco:8712-mod-m:-:::::::*
	cpe:2.3:h:cisco:8804:-:::::::*
	cpe:2.3:h:cisco:8808:-:::::::*
	cpe:2.3:h:cisco:8812:-:::::::*
	cpe:2.3:h:cisco:8818:-:::::::*
	cpe:2.3:h:cisco:ncs_540-12z20g-sys-a:-:::::::*
	cpe:2.3:h:cisco:ncs_540-12z20g-sys-d:-:::::::*
	cpe:2.3:h:cisco:ncs_540-24q2c2dd-sys:-:::::::*
	cpe:2.3:h:cisco:ncs_540-24q8l2dd-sys:-:::::::*
	cpe:2.3:h:cisco:ncs_540-24z8q2c-sys:-:::::::*
	cpe:2.3:h:cisco:ncs_540-28z4c-sys-a:-:::::::*
	cpe:2.3:h:cisco:ncs_540-28z4c-sys-d:-:::::::*
	cpe:2.3:h:cisco:ncs_540-6z14s-sys-d:-:::::::*
	cpe:2.3:h:cisco:ncs_540-6z18g-sys-a:-:::::::*
	cpe:2.3:h:cisco:ncs_540-6z18g-sys-d:-:::::::*
	cpe:2.3:h:cisco:ncs_540-acc-sys:-:::::::*
	cpe:2.3:h:cisco:ncs_540-fh-agg:-:::::::*
	cpe:2.3:h:cisco:ncs_540-fh-csr-sys:-:::::::*
	cpe:2.3:h:cisco:ncs_540x-12z16g-sys-a:-:::::::*
	cpe:2.3:h:cisco:ncs_540x-12z16g-sys-d:-:::::::*
	cpe:2.3:h:cisco:ncs_540x-16z4g8q2c-a:-:::::::*
	cpe:2.3:h:cisco:ncs_540x-16z4g8q2c-d:-:::::::*
	cpe:2.3:h:cisco:ncs_540x-16z8q2c-d:-:::::::*
	cpe:2.3:h:cisco:ncs_540x-4z14g2q-a:-:::::::*
	cpe:2.3:h:cisco:ncs_540x-4z14g2q-d:-:::::::*
	cpe:2.3:h:cisco:ncs_540x-6z18g-sys-a:-:::::::*
	cpe:2.3:h:cisco:ncs_540x-6z18g-sys-d:-:::::::*
	cpe:2.3:h:cisco:ncs_540x-8z16g-sys-a:-:::::::*
	cpe:2.3:h:cisco:ncs_540x-8z16g-sys-d:-:::::::*
	cpe:2.3:h:cisco:ncs_540x-acc-sys:-:::::::*
	cpe:2.3:h:cisco:ncs_57b1-5dse-sys:-:::::::*
	cpe:2.3:h:cisco:ncs_57b1-6d24-sys:-:::::::*
	cpe:2.3:h:cisco:ncs_57c1-48q6-sys:-:::::::*

No data.

Vendor	Product	Confidence	Versions
Cisco	Ios Xr Software	—	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No remediation available yet.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2024-18035	A vulnerability in the SSH client feature of Cisco IOS XR Software for Cisco 8000 Series Routers and Cisco Network Convergence System (NCS) 540 Series and 5700 Series Routers could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerability is due to insufficient validation of arguments that are included with the SSH client CLI command. An attacker with low-privileged access to an affected device could exploit this vulnerability by issuing a crafted SSH client command to the CLI. A successful exploit could allow the attacker to elevate privileges to root on the affected device.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00071.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-ssh-privesc-eWDMKew3

History

Tue, 05 Aug 2025 14:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Cisco 8011-4g24y4h-i Cisco 8101-32fh Cisco 8101-32fh-o Cisco 8101-32h-o Cisco 8102-28fh-dpu-o Cisco 8102-64h Cisco 8102-64h-o Cisco 8111-32eh-o Cisco 8122-64eh-o Cisco 8122-64ehf-o Cisco 8201 Cisco 8201-24h8fh Cisco 8201-32fh Cisco 8201-32fh-o Cisco 8202 Cisco 8202-32fh-m Cisco 8212-48fh-m Cisco 8404 Cisco 8501-sys-mt Cisco 8608 Cisco 8700 Cisco 8711-32fh-m Cisco 8712-mod-m Cisco 8804 Cisco 8808 Cisco 8812 Cisco 8818 Cisco ios Xr Cisco ios Xrd Control Plane Cisco ios Xrd Vrouter Cisco ncs 540-12z20g-sys-a Cisco ncs 540-12z20g-sys-d Cisco ncs 540-24q2c2dd-sys Cisco ncs 540-24q8l2dd-sys Cisco ncs 540-24z8q2c-sys Cisco ncs 540-28z4c-sys-a Cisco ncs 540-28z4c-sys-d Cisco ncs 540-6z14s-sys-d Cisco ncs 540-6z18g-sys-a Cisco ncs 540-6z18g-sys-d Cisco ncs 540-acc-sys Cisco ncs 540-fh-agg Cisco ncs 540-fh-csr-sys Cisco ncs 540x-12z16g-sys-a Cisco ncs 540x-12z16g-sys-d Cisco ncs 540x-16z4g8q2c-a Cisco ncs 540x-16z4g8q2c-d Cisco ncs 540x-16z8q2c-d Cisco ncs 540x-4z14g2q-a Cisco ncs 540x-4z14g2q-d Cisco ncs 540x-6z18g-sys-a Cisco ncs 540x-6z18g-sys-d Cisco ncs 540x-8z16g-sys-a Cisco ncs 540x-8z16g-sys-d Cisco ncs 540x-acc-sys Cisco ncs 57b1-5dse-sys Cisco ncs 57b1-6d24-sys Cisco ncs 57c1-48q6-sys
CPEs		cpe:2.3:a:cisco:ios_xrd_control_plane:::::::: cpe:2.3:a:cisco:ios_xrd_vrouter:::::::: cpe:2.3:h:cisco:8011-4g24y4h-i:-:::::::* cpe:2.3:h:cisco:8101-32fh-o:-:::::::* cpe:2.3:h:cisco:8101-32fh:-:::::::* cpe:2.3:h:cisco:8101-32h-o:-:::::::* cpe:2.3:h:cisco:8102-28fh-dpu-o:-:::::::* cpe:2.3:h:cisco:8102-64h-o:-:::::::* cpe:2.3:h:cisco:8102-64h:-:::::::* cpe:2.3:h:cisco:8111-32eh-o:-:::::::* cpe:2.3:h:cisco:8122-64eh-o:-:::::::* cpe:2.3:h:cisco:8122-64ehf-o:-:::::::* cpe:2.3:h:cisco:8201-24h8fh:-:::::::* cpe:2.3:h:cisco:8201-32fh-o:-:::::::* cpe:2.3:h:cisco:8201-32fh:-:::::::* cpe:2.3:h:cisco:8201:-:::::::* cpe:2.3:h:cisco:8202-32fh-m:-:::::::* cpe:2.3:h:cisco:8202:-:::::::* cpe:2.3:h:cisco:8212-48fh-m:-:::::::* cpe:2.3:h:cisco:8404:-:::::::* cpe:2.3:h:cisco:8501-sys-mt:-:::::::* cpe:2.3:h:cisco:8608:-:::::::* cpe:2.3:h:cisco:8700:-:::::::* cpe:2.3:h:cisco:8711-32fh-m:-:::::::* cpe:2.3:h:cisco:8712-mod-m:-:::::::* cpe:2.3:h:cisco:8804:-:::::::* cpe:2.3:h:cisco:8808:-:::::::* cpe:2.3:h:cisco:8812:-:::::::* cpe:2.3:h:cisco:8818:-:::::::* cpe:2.3:h:cisco:ncs_540-12z20g-sys-a:-:::::::* cpe:2.3:h:cisco:ncs_540-12z20g-sys-d:-:::::::* cpe:2.3:h:cisco:ncs_540-24q2c2dd-sys:-:::::::* cpe:2.3:h:cisco:ncs_540-24q8l2dd-sys:-:::::::* cpe:2.3:h:cisco:ncs_540-24z8q2c-sys:-:::::::* cpe:2.3:h:cisco:ncs_540-28z4c-sys-a:-:::::::* cpe:2.3:h:cisco:ncs_540-28z4c-sys-d:-:::::::* cpe:2.3:h:cisco:ncs_540-6z14s-sys-d:-:::::::* cpe:2.3:h:cisco:ncs_540-6z18g-sys-a:-:::::::* cpe:2.3:h:cisco:ncs_540-6z18g-sys-d:-:::::::* cpe:2.3:h:cisco:ncs_540-acc-sys:-:::::::* cpe:2.3:h:cisco:ncs_540-fh-agg:-:::::::* cpe:2.3:h:cisco:ncs_540-fh-csr-sys:-:::::::* cpe:2.3:h:cisco:ncs_540x-12z16g-sys-a:-:::::::* cpe:2.3:h:cisco:ncs_540x-12z16g-sys-d:-:::::::* cpe:2.3:h:cisco:ncs_540x-16z4g8q2c-a:-:::::::* cpe:2.3:h:cisco:ncs_540x-16z4g8q2c-d:-:::::::* cpe:2.3:h:cisco:ncs_540x-16z8q2c-d:-:::::::* cpe:2.3:h:cisco:ncs_540x-4z14g2q-a:-:::::::* cpe:2.3:h:cisco:ncs_540x-4z14g2q-d:-:::::::* cpe:2.3:h:cisco:ncs_540x-6z18g-sys-a:-:::::::* cpe:2.3:h:cisco:ncs_540x-6z18g-sys-d:-:::::::* cpe:2.3:h:cisco:ncs_540x-8z16g-sys-a:-:::::::* cpe:2.3:h:cisco:ncs_540x-8z16g-sys-d:-:::::::* cpe:2.3:h:cisco:ncs_540x-acc-sys:-:::::::* cpe:2.3:h:cisco:ncs_57b1-5dse-sys:-:::::::* cpe:2.3:h:cisco:ncs_57b1-6d24-sys:-:::::::* cpe:2.3:h:cisco:ncs_57c1-48q6-sys:-:::::::* cpe:2.3:o:cisco:ios_xr:7.10.1:::::::* cpe:2.3:o:cisco:ios_xr:7.2.1:::::::* cpe:2.3:o:cisco:ios_xr:7.2.2:::::::* cpe:2.3:o:cisco:ios_xr:7.3.15:::::::* cpe:2.3:o:cisco:ios_xr:7.3.1:::::::* cpe:2.3:o:cisco:ios_xr:7.3.2:::::::* cpe:2.3:o:cisco:ios_xr:7.3.3:::::::* cpe:2.3:o:cisco:ios_xr:7.3.5:::::::* cpe:2.3:o:cisco:ios_xr:7.4.1:::::::* cpe:2.3:o:cisco:ios_xr:7.4.2:::::::* cpe:2.3:o:cisco:ios_xr:7.5.1:::::::* cpe:2.3:o:cisco:ios_xr:7.5.2:::::::* cpe:2.3:o:cisco:ios_xr:7.5.3:::::::* cpe:2.3:o:cisco:ios_xr:7.5.4:::::::* cpe:2.3:o:cisco:ios_xr:7.5.5:::::::* cpe:2.3:o:cisco:ios_xr:7.6.1:::::::* cpe:2.3:o:cisco:ios_xr:7.6.2:::::::* cpe:2.3:o:cisco:ios_xr:7.7.1:::::::* cpe:2.3:o:cisco:ios_xr:7.7.21:::::::* cpe:2.3:o:cisco:ios_xr:7.7.2:::::::* cpe:2.3:o:cisco:ios_xr:7.8.1:::::::* cpe:2.3:o:cisco:ios_xr:7.8.2:::::::* cpe:2.3:o:cisco:ios_xr:7.9.1:::::::* cpe:2.3:o:cisco:ios_xr:7.9.21:::::::* cpe:2.3:o:cisco:ios_xr:7.9.2:::::::*
Vendors & Products		Cisco 8011-4g24y4h-i Cisco 8101-32fh Cisco 8101-32fh-o Cisco 8101-32h-o Cisco 8102-28fh-dpu-o Cisco 8102-64h Cisco 8102-64h-o Cisco 8111-32eh-o Cisco 8122-64eh-o Cisco 8122-64ehf-o Cisco 8201 Cisco 8201-24h8fh Cisco 8201-32fh Cisco 8201-32fh-o Cisco 8202 Cisco 8202-32fh-m Cisco 8212-48fh-m Cisco 8404 Cisco 8501-sys-mt Cisco 8608 Cisco 8700 Cisco 8711-32fh-m Cisco 8712-mod-m Cisco 8804 Cisco 8808 Cisco 8812 Cisco 8818 Cisco ios Xr Cisco ios Xrd Control Plane Cisco ios Xrd Vrouter Cisco ncs 540-12z20g-sys-a Cisco ncs 540-12z20g-sys-d Cisco ncs 540-24q2c2dd-sys Cisco ncs 540-24q8l2dd-sys Cisco ncs 540-24z8q2c-sys Cisco ncs 540-28z4c-sys-a Cisco ncs 540-28z4c-sys-d Cisco ncs 540-6z14s-sys-d Cisco ncs 540-6z18g-sys-a Cisco ncs 540-6z18g-sys-d Cisco ncs 540-acc-sys Cisco ncs 540-fh-agg Cisco ncs 540-fh-csr-sys Cisco ncs 540x-12z16g-sys-a Cisco ncs 540x-12z16g-sys-d Cisco ncs 540x-16z4g8q2c-a Cisco ncs 540x-16z4g8q2c-d Cisco ncs 540x-16z8q2c-d Cisco ncs 540x-4z14g2q-a Cisco ncs 540x-4z14g2q-d Cisco ncs 540x-6z18g-sys-a Cisco ncs 540x-6z18g-sys-d Cisco ncs 540x-8z16g-sys-a Cisco ncs 540x-8z16g-sys-d Cisco ncs 540x-acc-sys Cisco ncs 57b1-5dse-sys Cisco ncs 57b1-6d24-sys Cisco ncs 57c1-48q6-sys

Subscriptions

Cisco 8011-4g24y4h-i 8101-32fh 8101-32fh-o 8101-32h-o 8102-28fh-dpu-o 8102-64h 8102-64h-o 8111-32eh-o 8122-64eh-o 8122-64ehf-o 8201 8201-24h8fh 8201-32fh 8201-32fh-o 8202 8202-32fh-m 8212-48fh-m 8404 8501-sys-mt 8608 8700 8711-32fh-m 8712-mod-m 8804 8808 8812 8818 Ios Xr Ios Xr Software Ios Xrd Control Plane Ios Xrd Vrouter Ncs 540-12z20g-sys-a Ncs 540-12z20g-sys-d Ncs 540-24q2c2dd-sys Ncs 540-24q8l2dd-sys Ncs 540-24z8q2c-sys Ncs 540-28z4c-sys-a Ncs 540-28z4c-sys-d Ncs 540-6z14s-sys-d Ncs 540-6z18g-sys-a Ncs 540-6z18g-sys-d Ncs 540-acc-sys Ncs 540-fh-agg Ncs 540-fh-csr-sys Ncs 540x-12z16g-sys-a Ncs 540x-12z16g-sys-d Ncs 540x-16z4g8q2c-a Ncs 540x-16z4g8q2c-d Ncs 540x-16z8q2c-d Ncs 540x-4z14g2q-a Ncs 540x-4z14g2q-d Ncs 540x-6z18g-sys-a Ncs 540x-6z18g-sys-d Ncs 540x-8z16g-sys-a Ncs 540x-8z16g-sys-d Ncs 540x-acc-sys Ncs 57b1-5dse-sys Ncs 57b1-6d24-sys Ncs 57c1-48q6-sys

MITRE

Status: PUBLISHED

Assigner: cisco

Published: 2024-03-13T16:41:52.488Z

Updated: 2024-08-16T18:53:02.009Z

Reserved: 2023-11-08T15:08:07.632Z

Link: CVE-2024-20320

Vulnrichment

Updated: 2024-08-01T21:59:42.846Z

NVD

Status : Analyzed

Published: 2024-03-13T17:15:48.193

Modified: 2025-08-05T14:40:07.707

Link: CVE-2024-20320

Redhat

No data.

OpenCVE Enrichment

Updated: 2025-07-12T22:15:43Z

Weaknesses

CWE-266

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object