Cisco IOS XR CLI Authenticated Local File Read via Improper Argument Validation
CVE-2024-20343 Published on September 11, 2024

Cisco IOS XR Software CLI Arbitrary File Read Vulnerability
A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to read any file in the file system of the underlying Linux operating system. The attacker must have valid credentials on the affected device. This vulnerability is due to incorrect validation of the arguments that are passed to a specific CLI command. An attacker could exploit this vulnerability by logging in to an affected device with low-privileged credentials and using the affected command. A successful exploit could allow the attacker access files in read-only mode on the Linux file system.

NVD

Vulnerability Analysis

CVE-2024-20343 can be exploited with local system access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.

Attack Vector:
LOCAL
Attack Complexity:
LOW
Privileges Required:
LOW
User Interaction:
NONE
Scope:
UNCHANGED
Confidentiality Impact:
HIGH
Integrity Impact:
NONE
Availability Impact:
NONE

Weakness Type

What is an Authorization Vulnerability?

The software does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

CVE-2024-20343 has been classified to as an Authorization vulnerability or weakness.


Products Associated with CVE-2024-20343

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2024-20343 are published in Cisco Ios Xr:

Cisco Ios Xr
 

Affected Versions

Cisco IOS XR Software:

Exploit Probability

EPSS
0.09%
Percentile
25.39%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.