CVE-2024-20320
CVSS 3.1 Score 7.8 of 10 (high)
Details
Summary
CVE-2024-20320 is a vulnerability affecting the SSH client feature of Cisco IOS XR Software on Cisco 8000 Series Routers and Cisco Network Convergence System (NCS) 540 Series and 5700 Series Routers. This issue enables authenticated, local attackers to elevate privileges on affected devices through insufficient validation of arguments in SSH client CLI commands. An attacker with low-privileged access could exploit this vulnerability by issuing a specially crafted SSH client command, potentially granting them root access to the device. This flaw poses a significant risk, as elevated privileges could allow extensive control and unauthorized modifications to the affected system. Users are advised to apply the relevant software patches as soon as possible to mitigate this vulnerability.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.