Cisco IOS XR Software Authenticated CLI Secure Copy Protocol and SFTP Denial of Service Vulnerability
cisco-sa-iosxr-scp-dos-kb6sUUHw · Medium · Published · Updated
A vulnerability in the Secure Copy Protocol (SCP) and SFTP feature of Cisco IOS XR Software could allow an authenticated, local attacker to create or overwrite files in a system directory, which could lead to a denial of service (DoS) condition. The attacker would require valid user credentials to perform this attack. This vulnerability is due to a lack of proper validation of SCP and SFTP CLI input parameters. An attacker could exploit this vulnerability by authenticating to the device and issuing SCP or SFTP CLI commands with specific parameters. A successful exploit could allow the attacker to impact the functionality of the device, which could lead to a DoS condition. The device may need to be manually rebooted to recover. Note: This vulnerability is exploitable only when a local user invokes SCP or SFTP commands at the Cisco IOS XR CLI. A local user with administrative privileges could exploit this vulnerability remotely. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-scp-dos-kb6sUUHw This advisory is part of the March 2024 release of the Cisco IOS XR Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: March 2024 Semiannual Cisco IOS XR Software Security Advisory Bundled Publication.
Workarounds
There are no workarounds that address this vulnerability.
However, because this vulnerability is exploitable only by a local user who invokes SCP or SFTP commands at the Cisco IOS XR CLI, customers can use authentication, authorization, and accounting (AAA) command authorization to block the scp and sftp CLI commands or to allow the scp and sftp commands to be used only by trusted users. For more information, see the "Enabling AAA Authorization" section of Configuring AAA Services on Cisco IOS XR Software https://www.cisco.com/en/US/docs/ios_xr_sw/iosxr_r3.8/security/configuration/guide/sc38aaa_ps5845_TSD_Products_Configuration_Guide_Chapter.html#wp1085179 . As noted above, this vulnerability is exploitable remotely by a user with administrative privileges.
While this mitigation has been deployed and was proven successful in a test environment, customers should determine the applicability and effectiveness in their own environment and under their own use conditions. Customers should be aware that any workaround or mitigation that is implemented may negatively impact the functionality or performance of their network based on intrinsic customer deployment scenarios and limitations. Customers should not deploy any workarounds or mitigations before first evaluating the applicability to their own environment and any impact to such environment.
| CVEs | CVE-2024-20262 |
|---|---|
| Cisco Bug IDs | CSCwf11720 |
| CVSS Score | Base 6.5 Base 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:X/RL:X/RC:X |
| Product Names From Source | Cisco IOS XR Software |
Related Products
| Product | CVE | Evidence |
|---|