Detections
Analytics
Cisco IOS XR Software CLI Privilege Escalation (cisco-sa-iosxr-privesc-bF8D5U4W)
high Nessus Plugin ID 302176
Language:
Synopsis
The remote device is missing a vendor-supplied security patchDescription
According to its self-reported version, Cisco IOS XR is affected by a vulnerability.- A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to execute arbitrary commands as root on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of user arguments that are passed to specific CLI commands. An attacker with a low-privileged account could exploit this vulnerability by using crafted commands at the prompt. A successful exploit could allow the attacker to elevate privileges to root and execute arbitrary commands. (CVE-2026-20040)
Please see the included Cisco BIDs and Cisco Security Advisory for more information.
Solution
Upgrade to the relevant fixed version referenced in Cisco bug IDs CSCwp27221, CSCwp30135, CSCwp30142, CSCwp30146, CSCwp30149, CSCwp32614, CSCwp32629, CSCwp33021, CSCwp33030, CSCwp33034, CSCwp35627, CSCwp84685, CSCws24696, CSCws24717, CSCws24740See Also
http://www.nessus.org/u?b7e33457
http://www.nessus.org/u?c7f676a2
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwp27221
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwp30135
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwp30142
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwp30146
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwp30149
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwp32614
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwp32629
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwp33021
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwp33030
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwp33034
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwp35627
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwp84685
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCws24696
Plugin Details
Severity: High
ID: 302176
File Name: cisco-sa-iosxr-privesc-bF8D5U4W-iosxr.nasl
Version: 1.1
Type: combined
Family: CISCO
Published: 3/13/2026
Updated: 3/13/2026
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: High
Score: 7.3
CVSS v2
Risk Factor: Medium
Base Score: 6.8
Temporal Score: 5
Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C
CVSS Score Source: CVE-2026-20040
CVSS v3
Risk Factor: High
Base Score: 8.8
Temporal Score: 7.7
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
CPE: cpe:/o:cisco:ios_xr
Required KB Items: Host/Cisco/IOS-XR/Version
Patch Publication Date: 3/11/2026
Vulnerability Publication Date: 3/11/2026
Reference Information
CVE: CVE-2026-20040
CISCO-SA: cisco-sa-iosxr-privesc-bF8D5U4W
IAVA: 2026-A-0242
CISCO-BUG-ID: CSCwp27221, CSCwp30135, CSCwp30142, CSCwp30146, CSCwp30149, CSCwp32614, CSCwp32629, CSCwp33021, CSCwp33030, CSCwp33034, CSCwp35627, CSCwp84685, CSCws24696, CSCws24717, CSCws24740