CVE-2024-20320

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Mar 13, 2024

CWE ID 266

Summary

CVE-2024-20320 is a vulnerability affecting the SSH client feature of Cisco IOS XR Software on Cisco 8000 Series Routers and Cisco Network Convergence System (NCS) 540 Series and 5700 Series Routers. This issue enables authenticated, local attackers to elevate privileges on affected devices through insufficient validation of arguments in SSH client CLI commands. An attacker with low-privileged access could exploit this vulnerability by issuing a specially crafted SSH client command, potentially granting them root access to the device. This flaw poses a significant risk, as elevated privileges could allow extensive control and unauthorized modifications to the affected system. Users are advised to apply the relevant software patches as soon as possible to mitigate this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Advisories, Assessments, and Mitigations

Prioritize, Pinpoint, and Act to Prevent Vulnerability Exploits with Recorded Future

Note: This is just a basic overview providing quick insights into CVE-2024-20320 information. Gain full access to comprehensive CVE data, third party vulnerabilities, compromised credentials and more with Recorded Future

Gain complete coverage of your cyber, third party, and physical attack surface
Proactively mitigate threats before they turn into costly attacks
Make fast, effective, data-driven decisions

Book your demo

Sign in

Back to Vulnerability Database