CVE-2024-20320
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2024-20320
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
A vulnerability in the SSH client feature of Cisco IOS XR Software for Cisco 8000 Series Routers and Cisco Network Convergence System (NCS) 540 Series and 5700 Series Routers could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerability is due to insufficient validation of arguments that are included with the SSH client CLI command. An attacker with low-privileged access to an affected device could exploit this vulnerability by issuing a crafted SSH client command to the CLI. A successful exploit could allow the attacker to elevate privileges to root on the affected device.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
特权授予不正确
Source: NVD (National Vulnerability Database)
Vulnerability Title
Cisco IOS XR 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Cisco IOS XR是美国思科(Cisco)公司的一套为其网络设备开发的操作系统。 Cisco IOS XR 存在安全漏洞,该漏洞源于对 SSH 客户端 CLI 命令中包含的参数验证不充分,可能允许经过身份验证的本地攻击者在受影响的设备上提升root权限,以下产品和版本受到影响:8000 Series Routers、IOS XRd Control Plane、IOS XRd vRouter、NCS 540 Series Routers that are running the NCS540L ima
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Cisco | Cisco IOS XR Software | 7.2.1 | - |
II. Public POCs for CVE-2024-20320
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2024-20320
请登录查看更多情报信息。
Same Patch Batch · Cisco · 2024-03-13 · 8 CVEs total
| CVE-2024-20318 | 7.4 HIGH | Cisco IOS XR 安全漏洞 |
| CVE-2024-20327 | 7.4 HIGH | Cisco ASR 9000 安全漏洞 |
| CVE-2024-20262 | 6.5 MEDIUM | Cisco IOS XR 安全漏洞 |
| CVE-2024-20315 | 5.8 MEDIUM | Cisco IOS XR 安全漏洞 |
| CVE-2024-20322 | 5.8 MEDIUM | Cisco IOS XR 安全漏洞 |
| CVE-2024-20266 | 5.3 MEDIUM | Cisco IOS XR Software 安全漏洞 |
| CVE-2024-20319 | 4.3 MEDIUM | Cisco IOS XR 安全漏洞 |
IV. Related Vulnerabilities
Same product: Cisco IOS XR Software
- CVE-2026-20118
Cisco IOS-XR NCS 5500 and NCS 5700 Egress Packet Network Int - CVE-2026-20046
Cisco IOS XR Software CLI Privilege Escalation Vulnerability - CVE-2026-20074
Cisco IOS XR Software Multi-Instance Intermediate System-to- - CVE-2026-20040
Cisco IOS XR Software CLI Privilege Escalation Vulnerability - CVE-2025-20340
Cisco IOS XR Address Resolution Protocol Broadcast Storm Vul
Same vendor: Cisco
- CVE-2026-20219
Cisco Slido 安全漏洞 - CVE-2026-20034
Cisco Unity Connection Remote Code Execution Vulnerability - CVE-2026-20035
Cisco Unity Connection Server-Side Request Forgery Vulnerabi - CVE-2026-20167
Cisco IoT Field Network Director Remote Device Denial of Ser - CVE-2026-20169
Cisco IoT Field Network Director Command Injection Vulnerabi
Same weakness: CWE-266
- CVE-2026-8148
NAVER MYBOX Explorer for Windows 安全漏洞 - CVE-2026-43510
CISA manage.get.gov insecure portfolio administrative privil - CVE-2026-43535
OpenClaw < 2026.4.14 - Authorization Context Reuse in Collec - CVE-2026-42368
GeoVision LPC2011/LPC2211 Web Interface privilege escalation - CVE-2026-22337
WordPress Directorist Social Login plugin < 2.1.4 - Privileg
V. Comments for CVE-2024-20320
No comments yet