What is CVE-2024-20306?

CVE-2024-20306 is a medium-severity vulnerability in Cisco Ios Xe Software, classified under CWE-233. CVSS score: 6.0/10. Published 2024-03-27.

How severe is CVE-2024-20306?

Medium severity. CVSS v3 base score is 6.0 out of 10.

Vulnerability in Cisco Ios Xe Software

CVE-2024-20306

A vulnerability in the Unified Threat Defense (UTD) configuration CLI of Cisco IOS XE Software could allow an authenticated, local attacker to execute arbitrary commands as root on the underlying host operating system. To exploit this vuln…

EPSS: 0.000 (7.2th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.0 (Medium). Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N.

Affected products

Cisco Ios Xe Software — versions 17.10.1, 17.10.1a, 17.10.1b

Weakness classification (CWE)

CWE-233

References

cisco-sa-iosxe-utd-cmd-JbL8KvHT

Frequently asked questions

What is CVE-2024-20306?: CVE-2024-20306 is a medium-severity vulnerability in Cisco Ios Xe Software, classified under CWE-233. CVSS score: 6.0/10. Published 2024-03-27.
How severe is CVE-2024-20306?: Medium severity. CVSS v3 base score is 6.0 out of 10.