CVE-2020-3473 : A vulnerability in task group assignment for a specific CLI command in Cisco IOS

A vulnerability in task group assignment for a specific CLI command in Cisco IOS XR Software could allow an authenticated, local CLI shell user to elevate privileges and gain full administrative control of the device. The vulnerability is due to incorrect mapping of a command to task groups within the source code. An attacker could exploit this vulnerability by first authenticating to the local CLI shell on the device and using the CLI command to bypass the task group–based checks. A successful exploit could allow the attacker to elevate privileges and perform actions on the device without authorization checks.

Published 2020-09-04 03:15:10

Updated 2020-09-09 19:50:56

Source Cisco Systems, Inc.

View at NVD, CVE.org

Products affected by CVE-2020-3473

Cisco » Ios Xr
Versions from including (>=) 7.0.0 and before (<) 7.0.2
cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*
Matching versions
When used together with: Cisco » Ios Xrv 9000 » Version: N/A
When used together with: Cisco » Ncs 540 » Version: N/A
When used together with: Cisco » Ncs 5501 » Version: N/A
When used together with: Cisco » Ncs 5501-se » Version: N/A
When used together with: Cisco » Ncs 5502 » Version: N/A
When used together with: Cisco » Ncs 5502-se » Version: N/A
When used together with: Cisco » Ncs 5508 » Version: N/A
When used together with: Cisco » Ncs 5516 » Version: N/A
When used together with: Cisco » Ncs 560 » Version: N/A
When used together with: Cisco » Ncs 6000 » Version: N/A
When used together with: Cisco » Ncs 6008 » Version: N/A
Cisco » Ios Xr
Versions from including (>=) 5.0.0 and before (<) 6.5.29
cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*
Matching versions
When used together with: Cisco » Ncs 4009 » Version: N/A
When used together with: Cisco » Ncs 4016 » Version: N/A
Cisco » Ios Xr
Versions from including (>=) 5.0.0 and before (<) 7.0.12
cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*
Matching versions
When used together with: Cisco » 8201 » Version: N/A
When used together with: Cisco » 8202 » Version: N/A
When used together with: Cisco » 8808 » Version: N/A
When used together with: Cisco » 8812 » Version: N/A
When used together with: Cisco » 8818 » Version: N/A
Cisco » Ios Xr
Versions from including (>=) 7.1.0 and before (<) 7.1.1
cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*
Matching versions
When used together with: Cisco » Ios Xrv 9000 » Version: N/A
When used together with: Cisco » Ncs 540 » Version: N/A
When used together with: Cisco » Ncs 5501 » Version: N/A
When used together with: Cisco » Ncs 5501-se » Version: N/A
When used together with: Cisco » Ncs 5502 » Version: N/A
When used together with: Cisco » Ncs 5502-se » Version: N/A
When used together with: Cisco » Ncs 5508 » Version: N/A
When used together with: Cisco » Ncs 5516 » Version: N/A
When used together with: Cisco » Ncs 560 » Version: N/A
When used together with: Cisco » Ncs 6000 » Version: N/A
When used together with: Cisco » Ncs 6008 » Version: N/A
Cisco » Ios Xr
Versions from including (>=) 7.1.0 and before (<) 7.2.1
cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*
Matching versions
When used together with: Cisco » 8201 » Version: N/A
When used together with: Cisco » 8202 » Version: N/A
When used together with: Cisco » 8808 » Version: N/A
When used together with: Cisco » 8812 » Version: N/A
When used together with: Cisco » 8818 » Version: N/A
Cisco » Ios Xr
Versions from including (>=) 5.0.0 and before (<) 6.6.3
cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*
Matching versions
When used together with: Cisco » Ios Xrv 9000 » Version: N/A
When used together with: Cisco » Ncs 540 » Version: N/A
When used together with: Cisco » Ncs 5501 » Version: N/A
When used together with: Cisco » Ncs 5501-se » Version: N/A
When used together with: Cisco » Ncs 5502 » Version: N/A
When used together with: Cisco » Ncs 5502-se » Version: N/A
When used together with: Cisco » Ncs 5508 » Version: N/A
When used together with: Cisco » Ncs 5516 » Version: N/A
When used together with: Cisco » Ncs 560 » Version: N/A
When used together with: Cisco » Ncs 6000 » Version: N/A
When used together with: Cisco » Ncs 6008 » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2020-3473

EPSS FAQ

0.04%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 10 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2020-3473

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
7.2	HIGH	AV:L/AC:L/Au:N/C:C/I:C/A:C	3.9	10.0	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete
7.8	HIGH	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	1.8	5.9	Cisco Systems, Inc.
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High
7.8	HIGH	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	1.8	5.9	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2020-3473

CWE-264

Assigned by: ykramarz@cisco.com (Secondary)
CWE-863 Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2020-3473

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-LJtNFjeN

Cisco IOS XR Software Authenticated User Privilege Escalation Vulnerability
Vendor Advisory

Jump to

Vulnerability Details : CVE-2020-3473

Products affected by CVE-2020-3473

Exploit prediction scoring system (EPSS) score for CVE-2020-3473

CVSS scores for CVE-2020-3473

CWE ids for CVE-2020-3473

References for CVE-2020-3473