Cisco IOS XR Software CLI Privilege Escalation (cisco-sa-iosxr-privesc-bF8D5U4W) (CVE-2026-20046)

high Nessus Plugin ID 302175

Language:

Synopsis

The remote device is missing a vendor-supplied security patch

Description

According to its self-reported version, Cisco IOS XR is affected by a vulnerability.

- A vulnerability in task group assignment for a specific CLI command in Cisco IOS XR Software could allow an authenticated, local attacker to elevate privileges and gain full administrative control of an affected device. This vulnerability is due to incorrect mapping of a command to task groups within the source code. An attacker with a low-privileged account could exploit this vulnerability by using the CLI command to bypass the task group-based checks. A successful exploit could allow the attacker to elevate privileges and perform actions on an affected device without authorization checks. (CVE-2026-20046)

Please see the included Cisco BIDs and Cisco Security Advisory for more information.

Solution

Upgrade to the relevant fixed version referenced in Cisco bug ID CSCwp87543

Plugin Details

Severity: High

ID: 302175

File Name: cisco-sa-iosxr-privesc-bF8D5U4W-iosxr-2.nasl

Version: 1.1

Type: combined

Family: CISCO

Published: 3/13/2026

Updated: 3/13/2026

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.3

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C

CVSS Score Source: CVE-2026-20046

CVSS v3

Risk Factor: High

Base Score: 8.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Vulnerability Information

CPE: cpe:/o:cisco:ios_xr

Required KB Items: Host/Cisco/IOS-XR/Version

Patch Publication Date: 3/11/2026

Vulnerability Publication Date: 3/11/2026

Reference Information

CVE: CVE-2026-20046

CISCO-SA: cisco-sa-iosxr-privesc-bF8D5U4W

IAVA: 2026-A-0242

CISCO-BUG-ID: CSCwp87543

Detections

Analytics