CVE-2023-20236

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Cisco IOS XR (affected versions not specified)

Description The issue is related to insufficient image verification in the iPXE boot function of Cisco IOS XR software. This could allow an authenticated, local attacker to install an unverified software image on an affected device by manipulating the boot parameters for image verification during the iPXE boot process. A successful exploit could allow the attacker to boot an unverified software image on the affected device.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Insufficient Verification of Data Authenticity

Improper Verification of Cryptographic Signature

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-345CWE-347

Related Identifiers

BDU:2023-05807

CVE-2023-20236

Affected Products

Cisco Ios Xr

CVE-2023-20236

Weakness Enumeration

Related Identifiers

Affected Products

References · 7