Vulnerabilities
Misconfiguration
Runtime Security
Compliance
CVE Vulnerabilities

CVE-2024-20343

Published: Sep 11, 2024 | Modified: Oct 07, 2024
CVSS 3.x
5.5
MEDIUM
Source:
NVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu
Additional information
NVDhttps://nvd.nist.gov/vuln/detail/CVE-2024-20343
CWEhttps://cwe.mitre.org/data/definitions/.html

A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to read any file in the file system of the underlying Linux operating system. The attacker must have valid credentials on the affected device.

This vulnerability is due to incorrect validation of the arguments that are passed to a specific CLI command. An attacker could exploit this vulnerability by logging in to an affected device with low-privileged credentials and using the affected command. A successful exploit could allow the attacker access files in read-only mode on the Linux file system.

Affected Software

Name Vendor Start Version End Version
Ios_xr Cisco 6.5.1 (including) 6.5.1 (including)
Ios_xr Cisco 6.5.2 (including) 6.5.2 (including)
Ios_xr Cisco 6.5.3 (including) 6.5.3 (including)
Ios_xr Cisco 6.5.15 (including) 6.5.15 (including)
Ios_xr Cisco 6.5.92 (including) 6.5.92 (including)
Ios_xr Cisco 6.5.93 (including) 6.5.93 (including)
Ios_xr Cisco 6.6.1 (including) 6.6.1 (including)
Ios_xr Cisco 6.6.2 (including) 6.6.2 (including)
Ios_xr Cisco 6.6.3 (including) 6.6.3 (including)
Ios_xr Cisco 6.6.4 (including) 6.6.4 (including)
Ios_xr Cisco 6.6.11 (including) 6.6.11 (including)
Ios_xr Cisco 6.6.12 (including) 6.6.12 (including)
Ios_xr Cisco 6.6.25 (including) 6.6.25 (including)
Ios_xr Cisco 7.0.0 (including) 7.0.0 (including)
Ios_xr Cisco 7.0.1 (including) 7.0.1 (including)
Ios_xr Cisco 7.0.2 (including) 7.0.2 (including)
Ios_xr Cisco 7.0.11 (including) 7.0.11 (including)
Ios_xr Cisco 7.0.12 (including) 7.0.12 (including)
Ios_xr Cisco 7.0.14 (including) 7.0.14 (including)
Ios_xr Cisco 7.0.90 (including) 7.0.90 (including)
Ios_xr Cisco 7.1.1 (including) 7.1.1 (including)
Ios_xr Cisco 7.1.2 (including) 7.1.2 (including)
Ios_xr Cisco 7.1.3 (including) 7.1.3 (including)
Ios_xr Cisco 7.1.15 (including) 7.1.15 (including)
Ios_xr Cisco 7.1.25 (including) 7.1.25 (including)
Ios_xr Cisco 7.2.0 (including) 7.2.0 (including)
Ios_xr Cisco 7.2.1 (including) 7.2.1 (including)
Ios_xr Cisco 7.2.2 (including) 7.2.2 (including)
Ios_xr Cisco 7.2.12 (including) 7.2.12 (including)
Ios_xr Cisco 7.3.1 (including) 7.3.1 (including)
Ios_xr Cisco 7.3.2 (including) 7.3.2 (including)
Ios_xr Cisco 7.3.3 (including) 7.3.3 (including)
Ios_xr Cisco 7.3.4 (including) 7.3.4 (including)
Ios_xr Cisco 7.3.5 (including) 7.3.5 (including)
Ios_xr Cisco 7.3.6 (including) 7.3.6 (including)
Ios_xr Cisco 7.3.15 (including) 7.3.15 (including)
Ios_xr Cisco 7.3.16 (including) 7.3.16 (including)
Ios_xr Cisco 7.3.27 (including) 7.3.27 (including)
Ios_xr Cisco 7.4.1 (including) 7.4.1 (including)
Ios_xr Cisco 7.4.2 (including) 7.4.2 (including)
Ios_xr Cisco 7.4.15 (including) 7.4.15 (including)
Ios_xr Cisco 7.4.16 (including) 7.4.16 (including)
Ios_xr Cisco 7.5.1 (including) 7.5.1 (including)
Ios_xr Cisco 7.5.2 (including) 7.5.2 (including)
Ios_xr Cisco 7.5.3 (including) 7.5.3 (including)
Ios_xr Cisco 7.5.4 (including) 7.5.4 (including)
Ios_xr Cisco 7.5.5 (including) 7.5.5 (including)
Ios_xr Cisco 7.5.12 (including) 7.5.12 (including)
Ios_xr Cisco 7.5.52 (including) 7.5.52 (including)
Ios_xr Cisco 7.6.1 (including) 7.6.1 (including)
Ios_xr Cisco 7.6.2 (including) 7.6.2 (including)
Ios_xr Cisco 7.6.15 (including) 7.6.15 (including)
Ios_xr Cisco 7.7.1 (including) 7.7.1 (including)
Ios_xr Cisco 7.7.2 (including) 7.7.2 (including)
Ios_xr Cisco 7.7.21 (including) 7.7.21 (including)
Ios_xr Cisco 7.8.1 (including) 7.8.1 (including)
Ios_xr Cisco 7.8.2 (including) 7.8.2 (including)
Ios_xr Cisco 7.8.12 (including) 7.8.12 (including)
Ios_xr Cisco 7.8.22 (including) 7.8.22 (including)
Ios_xr Cisco 7.9.1 (including) 7.9.1 (including)
Ios_xr Cisco 7.9.2 (including) 7.9.2 (including)
Ios_xr Cisco 7.9.21 (including) 7.9.21 (including)
Ios_xr Cisco 7.10.1 (including) 7.10.1 (including)
Ios_xr Cisco 7.10.2 (including) 7.10.2 (including)
Ios_xr Cisco 7.11.1 (including) 7.11.1 (including)
Ios_xr Cisco 24.1.1 (including) 24.1.1 (including)

References

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2024 Aqua Security Software Ltd.   Privacy Policy | Terms of Use