CVE-2020-3284

Name of the Vulnerable Software and Affected Versions Cisco IOS XR 64-bit Software (affected versions not specified)

Description A vulnerability in the enhanced Preboot eXecution Environment (PXE) boot loader could allow an unauthenticated, remote attacker to execute unsigned code during the PXE boot process on an affected device. The vulnerability exists because internal commands that are issued when the PXE network boot process is loading a software image are not properly verified. An attacker could exploit this vulnerability by compromising the PXE boot server and replacing a valid software image with a malicious one, or by impersonating the PXE boot server and sending a PXE boot reply with a malicious file. A successful exploit could allow the attacker to execute unsigned code on the affected device.

Recommendations To fix this vulnerability, both the Cisco IOS XR Software and the BIOS must be upgraded. The BIOS code is included in Cisco IOS XR Software but might require additional installation steps. For further information, see the Fixed Software section of the advisory. As a temporary workaround, consider restricting access to the PXE boot server to minimize the risk of exploitation. Avoid using the PXE boot process until the issue is resolved.