Flawed task group assignment for specific CLI commands in Cisco IOS XR allows local authenticated users to elevate their privileges to full administrative control.

The vulnerability is located within the task group assignment logic for a specific CLI command. An authenticated, local attacker can exploit this logic flaw to bypass intended permission restrictions and gain unauthorized administrative rights.

The ability for a low-privileged user to elevate to full administrative control poses a severe threat to network security. An attacker could reconfigure the entire network backbone, disable security features, or cause prolonged service outages. The CVSS score of 8.8 underscores the critical nature of this privilege escalation, which effectively negates internal access controls.

Immediate Action: Install the latest software maintenance updates from Cisco to correct the task group assignment logic and prevent unauthorized privilege elevation.

Proactive Monitoring: Audit user task group assignments and review command execution logs for any unauthorized use of administrative-level commands by non-admin accounts.

Compensating Controls: Use external TACACS+ or RADIUS servers to strictly enforce command-level authorization and provide a centralized audit trail of all user actions.

Public Exploit Available: false

Elevating privileges to administrative levels allows an attacker to bypass almost all security boundaries on the device. It is imperative that administrators apply the relevant Cisco updates immediately. Until patching is complete, perform a comprehensive review of all local user permissions and task group memberships to ensure no accounts have been granted excessive rights.