发布日期：2020-09-02
更新日期：2020-09-24

受影响系统：

Cisco IOS XR Software for IOS XR, SW only
Cisco IOS XR Software for Network Convergence System 5500 Series
Cisco IOS XR Software for Network Convergence System 5000 Series
Cisco IOS XR Software for Network Convergence System 1000 Series
Cisco IOS XR Software ASR 9000 Series Aggregation Service Routers

描述：

---

CVE(CAN) ID: CVE-2020-3530

Cisco IOS和Cisco IOS XR是美国思科（Cisco）公司的一套为其网络设备开发的操作系统。
运行Cisco IOS XR Software的ASR 9000 Series Aggregation Services Routers、IOS XR, SW only、Network Convergence System 1000 Series、Network Convergence System 5000 Series和Network Convergence System 5500 Series中的特定CLI命令的任务组分配存在权限提升漏洞。该漏洞源于命令未正确映射到源代码中的任务组。经过身份认证的本地攻击者可利用该漏洞造成磁盘完整性失效并导致设备重新启动。

<*来源：Christopher York（Cisco）
  
  链接：https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-cli-privescl-sD
*>

建议：

---

厂商补丁：

Cisco
-----
Cisco已经为此发布了一个安全公告（cisco-sa-iosxr-cli-privescl-sDVEmhqv）以及相应补丁:
cisco-sa-iosxr-cli-privescl-sDVEmhqv：Cisco IOS XR Authenticated User Privilege Escalation Vulnerability
链接：https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-cli-privescl-sD

浏览次数：912
严重程度：0（网友投票）