"A successful exploit could allow the attacker to elevate privileges to root and execute arbitrary commands on the underlying operating system. CVE-2026-20040 exists because user arguments passed to specific CLI commands are not sufficiently validated, allowing a low-privileged attacker to supply crafted commands at the prompt."
"CVE-2026-20046 impacts the task group assignment for a specific CLI command and exists because the command is incorrectly mapped to task groups within the source code. This allows an unprivileged attacker to bypass the task group-based checks via CLI commands to elevate their privileges to administrator and perform actions without authorization checks."
"Insufficient input validation of ingress IS-IS packets could allow an unauthenticated, adjacent attacker to send crafted packets to a vulnerable device to cause the IS-IS process to restart, thus causing a denial-of-service (DoS) condition."
Cisco published its semiannual IOS XR software security advisory bundle containing three advisories addressing four high-severity vulnerabilities. CVE-2026-20040 and CVE-2026-20046 (CVSS 8.8) are the most critical, allowing attackers to execute arbitrary commands as root or gain administrative control. CVE-2026-20040 results from insufficient validation of user arguments in CLI commands, enabling low-privileged attackers to escalate to root. CVE-2026-20046 stems from incorrect task group mapping, allowing unprivileged users to bypass authorization checks. CVE-2026-20074 (CVSS 7.4) affects IS-IS routing and enables denial-of-service attacks through crafted packets. CVE-2026-20118 (CVSS 6.8) impacts EPNI Aligner interrupt handling, causing packet loss and DoS conditions during heavy traffic.
#cisco-ios-xr-security #privilege-escalation-vulnerabilities #denial-of-service-attacks #cli-command-validation
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]