PT-2026-24729 · Cisco · Ios Xr
Publicado
2026-03-11
·
Atualizado
2026-03-13
·
CVE-2026-20046
CVSS v3.1
8.8
Alta
| Vetor | AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Cisco IOS XR Software (affected versions not specified)
Description
A flaw exists in the task group assignment for a specific Command Line Interface (CLI) command within the software. This could allow an authenticated, local attacker to gain administrative control of a device. The issue stems from an incorrect mapping of a command to task groups in the source code. An attacker with limited privileges can bypass task group-based checks by using the CLI command, potentially elevating their privileges and performing unauthorized actions.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
LPE
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Ios Xr