What is CVE-2024-20320?

CVE-2024-20320 is a high-severity vulnerability in Cisco 8011-4g24y4h-i, classified under Incorrect Privilege Assignment. CVSS score: 7.8/10. Published 2024-03-13.

How severe is CVE-2024-20320?

High severity. CVSS v3 base score is 7.8 out of 10.

Privilege escalation in Cisco 8011-4g24y4h-i

CVE-2024-20320

A vulnerability in the SSH client feature of Cisco IOS XR Software for Cisco 8000 Series Routers and Cisco Network Convergence System (NCS) 540 Series and 5700 Series Routers could allow an authenticated, local attacker to elevate privileg…

EPSS: 0.002 (9.2th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.8 (High). Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.

Affected products

Cisco 8011-4g24y4h-i
Cisco 8101-32fh
Cisco 8101-32fh-o
Cisco 8101-32h-o
Cisco 8102-28fh-dpu-o
Cisco 8102-64h
Cisco 8102-64h-o
Cisco 8111-32eh-o
Cisco 8122-64ehf-o
Cisco 8122-64eh-o

Weakness classification (CWE)

CWE-266 — Incorrect Privilege Assignment

References

psirt@cisco.com (Vendor Advisory)

Frequently asked questions

What is CVE-2024-20320?: CVE-2024-20320 is a high-severity vulnerability in Cisco 8011-4g24y4h-i, classified under Incorrect Privilege Assignment. CVSS score: 7.8/10. Published 2024-03-13.
How severe is CVE-2024-20320?: High severity. CVSS v3 base score is 7.8 out of 10.