发布日期：2020-09-02
更新日期：2020-09-24

受影响系统：

Cisco IOS XR Software > 5.0.0
Cisco IOS XR Software for 8000 Series Routers
Cisco IOS XR Software for IOS XRv 9000 Router
Cisco IOS XR Software for IOS XR, SW only
Cisco IOS XR Software for Network Convergence System 6000 Series Routers
Cisco IOS XR Software for Network Convergence System 560 Routers
Cisco IOS XR Software for Network Convergence System 5500 Series
Cisco IOS XR Software for Network Convergence System 540 Router
Cisco IOS XR Software for Network Convergence System 4000 Series

描述：

---

CVE(CAN) ID: CVE-2020-3473

Cisco IOS和Cisco IOS XR都是美国思科（Cisco）公司的一套为其网络设备开发的操作系统。
运行Cisco IOS XR Software 5.0.0及之后版本的8000 Series Routers、IOS XRv 9000 Router、IOS XR, SW only、Network Convergence System 540 Routers、Network Convergence System 560 Routers、Network Convergence System 4000 Series、Network Convergence System 5500 Series及Network Convergence System 6000 Series Routers中的特定CLI命令的任务组分配存在权限提升漏洞。该漏洞源于命令未正确映射到源代码中的任务组。经过身份认证的本地攻击者可利用该漏洞绕过任务组的检查提升特权并获得对设备的完全管理控制权。

<*来源：Cisco
  
  链接：https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-LJtNFjeN
*>

建议：

---

厂商补丁：

Cisco
-----
Cisco已经为此发布了一个安全公告（cisco-sa-iosxr-LJtNFjeN）以及相应补丁:
cisco-sa-iosxr-LJtNFjeN：Cisco IOS XR Software Authenticated User Privilege Escalation Vulnerability
链接：https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-LJtNFjeN

浏览次数：936
严重程度：0（网友投票）