CWE-266
AllowedIncorrect Privilege Assignment
Abstraction: Base · Status: Draft
A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.
1913 vulnerabilities reference this CWE, most recent first.
GHSA-4CVH-X6JF-8FQ3
Vulnerability from github – Published: 2025-10-22 15:31 – Updated: 2026-01-20 15:31Incorrect Privilege Assignment vulnerability in Progress Planner Progress Planner progress-planner allows Privilege Escalation.This issue affects Progress Planner: from n/a through <= 1.8.0.
{
"affected": [],
"aliases": [
"CVE-2025-48082"
],
"database_specific": {
"cwe_ids": [
"CWE-266"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-10-22T15:15:33Z",
"severity": "HIGH"
},
"details": "Incorrect Privilege Assignment vulnerability in Progress Planner Progress Planner progress-planner allows Privilege Escalation.This issue affects Progress Planner: from n/a through \u003c= 1.8.0.",
"id": "GHSA-4cvh-x6jf-8fq3",
"modified": "2026-01-20T15:31:22Z",
"published": "2025-10-22T15:31:12Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48082"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/Wordpress/Plugin/progress-planner/vulnerability/wordpress-progress-planner-plugin-1-8-0-privilege-escalation-vulnerability?_s_id=cve"
},
{
"type": "WEB",
"url": "https://vdp.patchstack.com/database/Wordpress/Plugin/progress-planner/vulnerability/wordpress-progress-planner-plugin-1-8-0-privilege-escalation-vulnerability"
},
{
"type": "WEB",
"url": "https://vdp.patchstack.com/database/Wordpress/Plugin/progress-planner/vulnerability/wordpress-progress-planner-plugin-1-8-0-privilege-escalation-vulnerability?_s_id=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-4F7R-XRWR-Q63X
Vulnerability from github – Published: 2026-03-16 15:30 – Updated: 2026-03-16 15:30A security vulnerability has been detected in D-Link DIR-823G 1.0.2B05. The affected element is the function GetDDNSSettings/GetDeviceDomainName/GetDeviceSettings/GetDMZSettings/GetFirewallSettings/GetGuestNetworkSettings/GetLanWanConflictInfo/GetLocalMacAddress/GetNetworkSettings/GetQoSSettings/GetRouterInformationSettings/GetRouterLanSettings/GetWanSettings/SetAccessCtlList/SetAccessCtlSwitch/SetDeviceSettings/SetGuestWLanSettings/SetIPv4FirewallSettings/SetNetworkSettings/SetNetworkTomographySettings/SetNTPServerSettings/SetRouterLanSettings/SetStaticClientInfo/SetStaticRouteSettings/SetWLanRadioSecurity/SetWPSSettings/UpdateClientInfo of the component goahead. Such manipulation leads to improper access controls. The attack may be launched remotely. The exploit has been disclosed publicly and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
{
"affected": [],
"aliases": [
"CVE-2026-4193"
],
"database_specific": {
"cwe_ids": [
"CWE-266"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-03-16T14:20:02Z",
"severity": "MODERATE"
},
"details": "A security vulnerability has been detected in D-Link DIR-823G 1.0.2B05. The affected element is the function GetDDNSSettings/GetDeviceDomainName/GetDeviceSettings/GetDMZSettings/GetFirewallSettings/GetGuestNetworkSettings/GetLanWanConflictInfo/GetLocalMacAddress/GetNetworkSettings/GetQoSSettings/GetRouterInformationSettings/GetRouterLanSettings/GetWanSettings/SetAccessCtlList/SetAccessCtlSwitch/SetDeviceSettings/SetGuestWLanSettings/SetIPv4FirewallSettings/SetNetworkSettings/SetNetworkTomographySettings/SetNTPServerSettings/SetRouterLanSettings/SetStaticClientInfo/SetStaticRouteSettings/SetWLanRadioSecurity/SetWPSSettings/UpdateClientInfo of the component goahead. Such manipulation leads to improper access controls. The attack may be launched remotely. The exploit has been disclosed publicly and may be used. This vulnerability only affects products that are no longer supported by the maintainer.",
"id": "GHSA-4f7r-xrwr-q63x",
"modified": "2026-03-16T15:30:45Z",
"published": "2026-03-16T15:30:45Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4193"
},
{
"type": "WEB",
"url": "https://github.com/wudipjq/my_vuln/blob/main/D-Link7/vuln_91/91.md"
},
{
"type": "WEB",
"url": "https://github.com/wudipjq/my_vuln/blob/main/D-Link7/vuln_92/92.md"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.351105"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.351105"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.769835"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.769836"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.769837"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.769838"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.769839"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.769841"
},
{
"type": "WEB",
"url": "https://www.dlink.com"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-4FJ4-9M67-3MJ3
Vulnerability from github – Published: 2025-03-28 18:33 – Updated: 2025-08-01 18:31Google gVisor's runsc component exhibited a local privilege escalation vulnerability due to incorrect handling of file access permissions, which allowed unprivileged users to access restricted files. This occurred because the process initially ran with root-like permissions until the first fork.
{
"affected": [],
"aliases": [
"CVE-2025-2713"
],
"database_specific": {
"cwe_ids": [
"CWE-266",
"CWE-269"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-03-28T16:15:30Z",
"severity": "MODERATE"
},
"details": "Google gVisor\u0027s runsc component exhibited a local privilege escalation vulnerability due to incorrect handling of file access permissions, which allowed unprivileged users to access restricted files. This occurred because the process initially ran with root-like permissions until the first fork.",
"id": "GHSA-4fj4-9m67-3mj3",
"modified": "2025-08-01T18:31:13Z",
"published": "2025-03-28T18:33:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-2713"
},
{
"type": "WEB",
"url": "https://github.com/google/gvisor/commit/586c38d70081b13b2ed494cef48e99b93956843e"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-4G4H-5X37-MV6J
Vulnerability from github – Published: 2025-04-28 12:30 – Updated: 2025-04-28 12:30A vulnerability classified as critical has been found in 20120630 Novel-Plus up to 0e156c04b4b7ce0563bef6c97af4476fcda8f160. This affects the function deleteIndex of the file novel-admin/src/main/java/com/java2nb/common/controller/LogController.java. The manipulation leads to improper authorization. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
{
"affected": [],
"aliases": [
"CVE-2025-4016"
],
"database_specific": {
"cwe_ids": [
"CWE-266"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-04-28T11:15:38Z",
"severity": "MODERATE"
},
"details": "A vulnerability classified as critical has been found in 20120630 Novel-Plus up to 0e156c04b4b7ce0563bef6c97af4476fcda8f160. This affects the function deleteIndex of the file novel-admin/src/main/java/com/java2nb/common/controller/LogController.java. The manipulation leads to improper authorization. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
"id": "GHSA-4g4h-5x37-mv6j",
"modified": "2025-04-28T12:30:25Z",
"published": "2025-04-28T12:30:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-4016"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.306369"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.306369"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.558375"
},
{
"type": "WEB",
"url": "https://www.cnblogs.com/aibot/p/18827506"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-4H7W-HG9X-MHGQ
Vulnerability from github – Published: 2026-05-02 15:30 – Updated: 2026-05-02 15:30A vulnerability was found in code-projects Online Hospital Management System 1.0. The impacted element is an unknown function of the component Registration Handler. The manipulation of the argument Username results in improper authorization. The attack can be executed remotely. The exploit has been made public and could be used.
{
"affected": [],
"aliases": [
"CVE-2026-7631"
],
"database_specific": {
"cwe_ids": [
"CWE-266"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-02T14:16:18Z",
"severity": "LOW"
},
"details": "A vulnerability was found in code-projects Online Hospital Management System 1.0. The impacted element is an unknown function of the component Registration Handler. The manipulation of the argument Username results in improper authorization. The attack can be executed remotely. The exploit has been made public and could be used.",
"id": "GHSA-4h7w-hg9x-mhgq",
"modified": "2026-05-02T15:30:26Z",
"published": "2026-05-02T15:30:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7631"
},
{
"type": "WEB",
"url": "https://code-projects.org"
},
{
"type": "WEB",
"url": "https://github.com/MyMySSS/CVE123/blob/main/cve2/cve2.md"
},
{
"type": "WEB",
"url": "https://vuldb.com/submit/806565"
},
{
"type": "WEB",
"url": "https://vuldb.com/vuln/360577"
},
{
"type": "WEB",
"url": "https://vuldb.com/vuln/360577/cti"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-4HGQ-JJGJ-6JWM
Vulnerability from github – Published: 2026-05-04 00:30 – Updated: 2026-05-04 00:30A vulnerability was detected in crocodilestick Calibre-Web-Automated up to 4.0.6. Affected by this vulnerability is the function generate_auth_token of the file cps/kobo_auth.py of the component Kobo auth-token Route. The manipulation results in improper authorization. The attack may be performed from remote. The exploit is now public and may be used. Upgrading to version 4.0.7 addresses this issue. The patch is identified as 9f50bb2c16160564c9f8777dc2ceed3eb95e4807. The affected component should be upgraded.
{
"affected": [],
"aliases": [
"CVE-2026-7713"
],
"database_specific": {
"cwe_ids": [
"CWE-266"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-04T00:16:40Z",
"severity": "LOW"
},
"details": "A vulnerability was detected in crocodilestick Calibre-Web-Automated up to 4.0.6. Affected by this vulnerability is the function generate_auth_token of the file cps/kobo_auth.py of the component Kobo auth-token Route. The manipulation results in improper authorization. The attack may be performed from remote. The exploit is now public and may be used. Upgrading to version 4.0.7 addresses this issue. The patch is identified as 9f50bb2c16160564c9f8777dc2ceed3eb95e4807. The affected component should be upgraded.",
"id": "GHSA-4hgq-jjgj-6jwm",
"modified": "2026-05-04T00:30:25Z",
"published": "2026-05-04T00:30:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7713"
},
{
"type": "WEB",
"url": "https://github.com/crocodilestick/Calibre-Web-Automated/issues/1303"
},
{
"type": "WEB",
"url": "https://github.com/new-usemame/Calibre-Web-NextGen/pull/18"
},
{
"type": "WEB",
"url": "https://github.com/new-usemame/Calibre-Web-NextGen/commit/9f50bb2c16160564c9f8777dc2ceed3eb95e4807"
},
{
"type": "WEB",
"url": "https://gist.github.com/menelausx/ef98aa78ed2869ccaa316ff45ed1a440"
},
{
"type": "WEB",
"url": "https://github.com/crocodilestick/Calibre-Web-Automated"
},
{
"type": "WEB",
"url": "https://github.com/new-usemame/Calibre-Web-NextGen/releases/tag/v4.0.7"
},
{
"type": "WEB",
"url": "https://vuldb.com/submit/806403"
},
{
"type": "WEB",
"url": "https://vuldb.com/vuln/360889"
},
{
"type": "WEB",
"url": "https://vuldb.com/vuln/360889/cti"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-4HPQ-VMJJ-GHVX
Vulnerability from github – Published: 2026-06-01 18:31 – Updated: 2026-06-01 18:31A vulnerability has been found in a4m4 Student-Management-System up to f0c5f6842c5e8c431ff02b5260a565ca844df3a0. The impacted element is an unknown function of the file admin/deleteform.php. Such manipulation of the argument sid leads to improper authorization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The project was informed of the problem early through an issue report but has not responded yet.
{
"affected": [],
"aliases": [
"CVE-2026-10272"
],
"database_specific": {
"cwe_ids": [
"CWE-266"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-01T17:16:43Z",
"severity": "MODERATE"
},
"details": "A vulnerability has been found in a4m4 Student-Management-System up to f0c5f6842c5e8c431ff02b5260a565ca844df3a0. The impacted element is an unknown function of the file admin/deleteform.php. Such manipulation of the argument sid leads to improper authorization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The project was informed of the problem early through an issue report but has not responded yet.",
"id": "GHSA-4hpq-vmjj-ghvx",
"modified": "2026-06-01T18:31:50Z",
"published": "2026-06-01T18:31:50Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-10272"
},
{
"type": "WEB",
"url": "https://github.com/a4m4/Student-Management-System--PHP-/issues/3"
},
{
"type": "WEB",
"url": "https://vuldb.com/cve/CVE-2026-10272"
},
{
"type": "WEB",
"url": "https://vuldb.com/submit/825241"
},
{
"type": "WEB",
"url": "https://vuldb.com/vuln/367551"
},
{
"type": "WEB",
"url": "https://vuldb.com/vuln/367551/cti"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-4HRP-GR8R-P278
Vulnerability from github – Published: 2023-08-10 03:30 – Updated: 2024-04-04 06:46Improper privilege management vulnerability in MMIGroup prior to SMR Aug-2023 Release 1 allows code execution with privilege.
{
"affected": [],
"aliases": [
"CVE-2023-30680"
],
"database_specific": {
"cwe_ids": [
"CWE-266",
"CWE-269"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-08-10T02:15:10Z",
"severity": "HIGH"
},
"details": "Improper privilege management vulnerability in MMIGroup prior to SMR Aug-2023 Release 1 allows code execution with privilege.",
"id": "GHSA-4hrp-gr8r-p278",
"modified": "2024-04-04T06:46:07Z",
"published": "2023-08-10T03:30:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-30680"
},
{
"type": "WEB",
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023\u0026month=08"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-4HV2-WQJX-8Q9J
Vulnerability from github – Published: 2025-09-05 18:31 – Updated: 2025-09-05 21:32A vulnerability was detected in Portabilis i-Educar up to 2.10. This affects an unknown function of the file /exportacao-para-o-seb. Performing manipulation results in improper access controls. The attack is possible to be carried out remotely. The exploit is now public and may be used.
{
"affected": [],
"aliases": [
"CVE-2025-10013"
],
"database_specific": {
"cwe_ids": [
"CWE-266"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-09-05T16:15:36Z",
"severity": "MODERATE"
},
"details": "A vulnerability was detected in Portabilis i-Educar up to 2.10. This affects an unknown function of the file /exportacao-para-o-seb. Performing manipulation results in improper access controls. The attack is possible to be carried out remotely. The exploit is now public and may be used.",
"id": "GHSA-4hv2-wqjx-8q9j",
"modified": "2025-09-05T21:32:37Z",
"published": "2025-09-05T18:31:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-10013"
},
{
"type": "WEB",
"url": "https://github.com/marcelomulder/CVE/blob/main/i-educar/Broken%20Access%20Control%20Vulnerability%20%20in%20%60exportacao-para-o-seb%60%20Endpoint.md"
},
{
"type": "WEB",
"url": "https://github.com/marcelomulder/CVE/blob/main/i-educar/CVE-2025-10013.md"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.322738"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.322738"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.643567"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-4HV7-4C5M-8C4C
Vulnerability from github – Published: 2024-03-13 18:31 – Updated: 2024-03-13 18:31A vulnerability in the SSH client feature of Cisco IOS XR Software for Cisco 8000 Series Routers and Cisco Network Convergence System (NCS) 540 Series and 5700 Series Routers could allow an authenticated, local attacker to elevate privileges on an affected device.
This vulnerability is due to insufficient validation of arguments that are included with the SSH client CLI command. An attacker with low-privileged access to an affected device could exploit this vulnerability by issuing a crafted SSH client command to the CLI. A successful exploit could allow the attacker to elevate privileges to root on the affected device.
{
"affected": [],
"aliases": [
"CVE-2024-20320"
],
"database_specific": {
"cwe_ids": [
"CWE-266"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-03-13T17:15:48Z",
"severity": "HIGH"
},
"details": "A vulnerability in the SSH client feature of Cisco IOS XR Software for Cisco 8000 Series Routers and Cisco Network Convergence System (NCS) 540 Series and 5700 Series Routers could allow an authenticated, local attacker to elevate privileges on an affected device. \n\n This vulnerability is due to insufficient validation of arguments that are included with the SSH client CLI command. An attacker with low-privileged access to an affected device could exploit this vulnerability by issuing a crafted SSH client command to the CLI. A successful exploit could allow the attacker to elevate privileges to root on the affected device.",
"id": "GHSA-4hv7-4c5m-8c4c",
"modified": "2024-03-13T18:31:36Z",
"published": "2024-03-13T18:31:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-20320"
},
{
"type": "WEB",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-ssh-privesc-eWDMKew3"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-1
Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software.
Mitigation MIT-17
Strategy: Environment Hardening
Run your code using the lowest privileges that are required to accomplish the necessary tasks [REF-76]. If possible, create isolated accounts with limited privileges that are only used for a single task. That way, a successful attack will not immediately give the attacker access to the rest of the software or its environment. For example, database applications rarely need to run as the database administrator, especially in day-to-day operations.
No CAPEC attack patterns related to this CWE.