How severe is CVE-2024-20320?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.8 out of 10.

What type of vulnerability is CVE-2024-20320?

This is classified as CWE-266, which is a common weakness in software security.

CVE-2024-20320 - HIGH Severity | CVSS 7.8

Vulnerability Description

A vulnerability in the SSH client feature of Cisco IOS XR Software for Cisco 8000 Series Routers and Cisco Network Convergence System (NCS) 540 Series and 5700 Series Routers could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerability is due to insufficient validation of arguments that are included with the SSH client CLI command. An attacker with low-privileged access to an affected device could exploit this vulnerability by issuing a crafted SSH client command to the CLI. A successful exploit could allow the attacker to elevate privileges to root on the affected device.

Related Vulnerabilities

CVE-2016-7066

HIGH

CVSS:7.8(High)

It was found that the improper default permissions on /tmp/auth directory in JBoss Enterprise Application Platform before 7.1.0 can allow any local user to connect to CLI and allow the user to execute...

CWE-2662016

CVE-2017-12711

HIGH

CVSS:7.8(High)

An Incorrect Privilege Assignment issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. A built-in user account has been granted a sensitive privilege that may allow a user to e...

CWE-2662017

CVE-2019-19345

HIGH

CVSS:7.8(High)

A vulnerability was found in all openshift/mediawiki-apb 4.x.x versions prior to 4.3.0, where an insecure modification vulnerability in the /etc/passwd file was found in the container openshift/mediaw...

CWE-2662019

CVE-2019-19349

HIGH

CVSS:7.8(High)

An insecure modification vulnerability in the /etc/passwd file was found in the container operator-framework/operator-metering as shipped in Red Hat Openshift 4. An attacker with access to the contain...

CWE-2662019

CVE-2019-19350

HIGH

CVSS:7.8(High)

An insecure modification vulnerability in the /etc/passwd file was found in the openshift/ansible-service-broker as shipped in Red Hat Openshift 4 and 3.11. An attacker with access to the container co...

CWE-2662019

CVE-2019-19354

HIGH

CVSS:7.8(High)

An insecure modification vulnerability in the /etc/passwd file was found in the operator-framework/hadoop as shipped in Red Hat Openshift 4. An attacker with access to the container could use this fla...

CWE-2662019