Lucene search
HistoryJun 03, 2020 - 6:15 p.m.
CVE-2020-3209
cisco
ios xe
software
vulnerability
cve-2020-3209
image verification
unsigned binaries
nvd
7.2 High
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
6.8 Medium
CVSS3
Attack Vector
PHYSICAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
6.6 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
30.8%
A vulnerability in software image verification in Cisco IOS XE Software could allow an unauthenticated, physical attacker to install and boot a malicious software image or execute unsigned binaries on an affected device. The vulnerability is due to an improper check on the area of code that manages the verification of the digital signatures of system image files during the initial boot process. An attacker could exploit this vulnerability by loading unsigned software on an affected device. A successful exploit could allow the attacker to install and boot a malicious software image or execute unsigned binaries on the targeted device.
Affected configurations
Node
ciscoios_xeMatch3.2.0se
ORciscoios_xeMatch3.2.0sg
ORciscoios_xeMatch3.2.1se
ORciscoios_xeMatch3.2.1sg
ORciscoios_xeMatch3.2.2se
ORciscoios_xeMatch3.2.2sg
ORciscoios_xeMatch3.2.3se
ORciscoios_xeMatch3.2.3sg
ORciscoios_xeMatch3.2.4sg
ORciscoios_xeMatch3.2.5sg
ORciscoios_xeMatch3.2.6sg
ORciscoios_xeMatch3.2.7sg
ORciscoios_xeMatch3.2.8sg
ORciscoios_xeMatch3.2.9sg
ORciscoios_xeMatch3.2.10sg
ORciscoios_xeMatch3.2.11sg
ORciscoios_xeMatch3.3.0se
ORciscoios_xeMatch3.3.0sg
ORciscoios_xeMatch3.3.0sq
ORciscoios_xeMatch3.3.0xo
ORciscoios_xeMatch3.3.1se
ORciscoios_xeMatch3.3.1sg
ORciscoios_xeMatch3.3.1sq
ORciscoios_xeMatch3.3.1xo
ORciscoios_xeMatch3.3.2se
ORciscoios_xeMatch3.3.2sg
ORciscoios_xeMatch3.3.2xo
ORciscoios_xeMatch3.3.3se
ORciscoios_xeMatch3.3.4se
ORciscoios_xeMatch3.3.5se
ORciscoios_xeMatch3.4.0sg
ORciscoios_xeMatch3.4.0sq
ORciscoios_xeMatch3.4.1sg
ORciscoios_xeMatch3.4.1sq
ORciscoios_xeMatch3.4.2sg
ORciscoios_xeMatch3.4.3sg
ORciscoios_xeMatch3.4.4sg
ORciscoios_xeMatch3.4.5sg
ORciscoios_xeMatch3.4.6sg
ORciscoios_xeMatch3.4.7sg
ORciscoios_xeMatch3.4.8sg
ORciscoios_xeMatch3.5.0e
ORciscoios_xeMatch3.5.0sq
ORciscoios_xeMatch3.5.1e
ORciscoios_xeMatch3.5.1sq
ORciscoios_xeMatch3.5.2e
ORciscoios_xeMatch3.5.2sq
ORciscoios_xeMatch3.5.3e
ORciscoios_xeMatch3.5.3sq
ORciscoios_xeMatch3.5.4sq
ORciscoios_xeMatch3.5.5sq
ORciscoios_xeMatch3.5.6sq
ORciscoios_xeMatch3.5.7sq
ORciscoios_xeMatch3.5.8sq
ORciscoios_xeMatch3.6.0ae
ORciscoios_xeMatch3.6.0be
ORciscoios_xeMatch3.6.0e
ORciscoios_xeMatch3.6.1e
ORciscoios_xeMatch3.6.2ae
ORciscoios_xeMatch3.6.3e
ORciscoios_xeMatch3.6.4e
ORciscoios_xeMatch3.6.5ae
ORciscoios_xeMatch3.6.5be
ORciscoios_xeMatch3.6.5e
ORciscoios_xeMatch3.6.6e
ORciscoios_xeMatch3.6.7ae
ORciscoios_xeMatch3.6.7be
ORciscoios_xeMatch3.6.7e
ORciscoios_xeMatch3.6.8e
ORciscoios_xeMatch3.6.9ae
ORciscoios_xeMatch3.6.9e
ORciscoios_xeMatch3.6.10e
ORciscoios_xeMatch3.7.0bs
ORciscoios_xeMatch3.7.0e
ORciscoios_xeMatch3.7.0s
ORciscoios_xeMatch3.7.1as
ORciscoios_xeMatch3.7.1e
ORciscoios_xeMatch3.7.1s
ORciscoios_xeMatch3.7.2e
ORciscoios_xeMatch3.7.2s
ORciscoios_xeMatch3.7.2ts
ORciscoios_xeMatch3.7.3e
ORciscoios_xeMatch3.7.3s
ORciscoios_xeMatch3.7.4as
ORciscoios_xeMatch3.7.4e
ORciscoios_xeMatch3.7.4s
ORciscoios_xeMatch3.7.5e
ORciscoios_xeMatch3.7.5s
ORciscoios_xeMatch3.7.6s
ORciscoios_xeMatch3.7.7s
ORciscoios_xeMatch3.7.8s
ORciscoios_xeMatch3.8.0e
ORciscoios_xeMatch3.8.0s
ORciscoios_xeMatch3.8.1e
ORciscoios_xeMatch3.8.1s
ORciscoios_xeMatch3.8.2e
ORciscoios_xeMatch3.8.2s
ORciscoios_xeMatch3.8.3e
ORciscoios_xeMatch3.8.4e
ORciscoios_xeMatch3.8.5ae
ORciscoios_xeMatch3.8.5e
ORciscoios_xeMatch3.8.6e
ORciscoios_xeMatch3.8.7e
ORciscoios_xeMatch3.8.8e
ORciscoios_xeMatch3.8.9e
ORciscoios_xeMatch3.9.0as
ORciscoios_xeMatch3.9.0e
ORciscoios_xeMatch3.9.0s
ORciscoios_xeMatch3.9.1as
ORciscoios_xeMatch3.9.1e
ORciscoios_xeMatch3.9.1s
ORciscoios_xeMatch3.9.2be
ORciscoios_xeMatch3.9.2e
ORciscoios_xeMatch3.9.2s
ORciscoios_xeMatch3.10.0ce
ORciscoios_xeMatch3.10.0e
ORciscoios_xeMatch3.10.0s
ORciscoios_xeMatch3.10.1ae
ORciscoios_xeMatch3.10.1e
ORciscoios_xeMatch3.10.1s
ORciscoios_xeMatch3.10.1se
ORciscoios_xeMatch3.10.2as
ORciscoios_xeMatch3.10.2e
ORciscoios_xeMatch3.10.2s
ORciscoios_xeMatch3.10.2ts
ORciscoios_xeMatch3.10.3e
ORciscoios_xeMatch3.10.3s
ORciscoios_xeMatch3.10.4s
ORciscoios_xeMatch3.10.5s
ORciscoios_xeMatch3.10.6s
ORciscoios_xeMatch3.10.7s
ORciscoios_xeMatch3.10.8as
ORciscoios_xeMatch3.10.8s
ORciscoios_xeMatch3.10.9s
ORciscoios_xeMatch3.10.10s
ORciscoios_xeMatch3.11.0e
ORciscoios_xeMatch3.11.0s
ORciscoios_xeMatch3.11.1e
ORciscoios_xeMatch3.11.1s
ORciscoios_xeMatch3.11.2s
ORciscoios_xeMatch3.11.3e
ORciscoios_xeMatch3.11.3s
ORciscoios_xeMatch3.11.4s
ORciscoios_xeMatch3.12.0as
ORciscoios_xeMatch3.12.0s
ORciscoios_xeMatch3.12.1s
ORciscoios_xeMatch3.12.2s
ORciscoios_xeMatch3.12.3s
ORciscoios_xeMatch3.12.4s
ORciscoios_xeMatch3.13.0as
ORciscoios_xeMatch3.13.0s
ORciscoios_xeMatch3.13.1s
ORciscoios_xeMatch3.13.2as
ORciscoios_xeMatch3.13.2s
ORciscoios_xeMatch3.13.3s
ORciscoios_xeMatch3.13.4s
ORciscoios_xeMatch3.13.5as
ORciscoios_xeMatch3.13.5s
ORciscoios_xeMatch3.13.6as
ORciscoios_xeMatch3.13.6bs
ORciscoios_xeMatch3.13.6s
ORciscoios_xeMatch3.13.7as
ORciscoios_xeMatch3.13.7s
ORciscoios_xeMatch3.13.8s
ORciscoios_xeMatch3.13.9s
ORciscoios_xeMatch3.13.10s
ORciscoios_xeMatch3.14.0s
ORciscoios_xeMatch3.14.1s
ORciscoios_xeMatch3.14.2s
ORciscoios_xeMatch3.14.3s
ORciscoios_xeMatch3.14.4s
ORciscoios_xeMatch3.15.0s
ORciscoios_xeMatch3.15.1cs
ORciscoios_xeMatch3.15.1s
ORciscoios_xeMatch3.15.2s
ORciscoios_xeMatch3.15.3s
ORciscoios_xeMatch3.15.4s
ORciscoios_xeMatch3.16.0as
ORciscoios_xeMatch3.16.0bs
ORciscoios_xeMatch3.16.0cs
ORciscoios_xeMatch3.16.0s
ORciscoios_xeMatch3.16.1as
ORciscoios_xeMatch3.16.1s
ORciscoios_xeMatch3.16.2as
ORciscoios_xeMatch3.16.2bs
ORciscoios_xeMatch3.16.2s
ORciscoios_xeMatch3.16.3as
ORciscoios_xeMatch3.16.3s
ORciscoios_xeMatch3.16.4as
ORciscoios_xeMatch3.16.4bs
ORciscoios_xeMatch3.16.4cs
ORciscoios_xeMatch3.16.4ds
ORciscoios_xeMatch3.16.4es
ORciscoios_xeMatch3.16.4gs
ORciscoios_xeMatch3.16.4s
ORciscoios_xeMatch3.16.5as
ORciscoios_xeMatch3.16.5bs
ORciscoios_xeMatch3.16.5s
ORciscoios_xeMatch3.16.6bs
ORciscoios_xeMatch3.16.6s
ORciscoios_xeMatch3.16.7as
ORciscoios_xeMatch3.16.7bs
ORciscoios_xeMatch3.16.7s
ORciscoios_xeMatch3.16.8s
ORciscoios_xeMatch3.16.9s
ORciscoios_xeMatch3.16.10s
ORciscoios_xeMatch3.17.0s
ORciscoios_xeMatch3.17.1as
ORciscoios_xeMatch3.17.1s
ORciscoios_xeMatch3.17.2s
ORciscoios_xeMatch3.17.3s
ORciscoios_xeMatch3.17.4s
ORciscoios_xeMatch3.18.0as
ORciscoios_xeMatch3.18.0s
ORciscoios_xeMatch3.18.0sp
ORciscoios_xeMatch3.18.1asp
ORciscoios_xeMatch3.18.1bsp
ORciscoios_xeMatch3.18.1csp
ORciscoios_xeMatch3.18.1gsp
ORciscoios_xeMatch3.18.1hsp
ORciscoios_xeMatch3.18.1isp
ORciscoios_xeMatch3.18.1s
ORciscoios_xeMatch3.18.1sp
ORciscoios_xeMatch3.18.2asp
ORciscoios_xeMatch3.18.2s
ORciscoios_xeMatch3.18.2sp
ORciscoios_xeMatch3.18.3asp
ORciscoios_xeMatch3.18.3bsp
ORciscoios_xeMatch3.18.3s
ORciscoios_xeMatch3.18.3sp
ORciscoios_xeMatch3.18.4s
ORciscoios_xeMatch3.18.4sp
ORciscoios_xeMatch3.18.5sp
ORciscoios_xeMatch3.18.6sp
ORciscoios_xeMatch3.18.7sp
ORciscoios_xeMatch3.18.8sp
ORciscoios_xeMatch16.1.1
ORciscoios_xeMatch16.1.2
ORciscoios_xeMatch16.1.3
ORciscoios_xeMatch16.2.1
ORciscoios_xeMatch16.2.2
ORciscoios_xeMatch16.3.1
ORciscoios_xeMatch16.3.1a
ORciscoios_xeMatch16.3.2
ORciscoios_xeMatch16.3.3
ORciscoios_xeMatch16.3.4
ORciscoios_xeMatch16.3.5
ORciscoios_xeMatch16.3.5b
ORciscoios_xeMatch16.3.6
ORciscoios_xeMatch16.3.7
ORciscoios_xeMatch16.3.8
ORciscoios_xeMatch16.4.1
ORciscoios_xeMatch16.4.2
ORciscoios_xeMatch16.4.3
ORciscoios_xeMatch16.5.1
ORciscoios_xeMatch16.5.1a
ORciscoios_xeMatch16.5.1b
ORciscoios_xeMatch16.5.2
ORciscoios_xeMatch16.5.3
ORciscoios_xeMatch16.6.1
ORciscoios_xeMatch16.6.2
ORciscoios_xeMatch16.6.3
ORciscoios_xeMatch16.6.4
ORciscoios_xeMatch16.6.4a
ORciscoios_xeMatch16.6.4s
ORciscoios_xeMatch16.6.5
ORciscoios_xeMatch16.6.5a
ORciscoios_xeMatch16.6.5b
ORciscoios_xeMatch16.6.6
ORciscoios_xeMatch16.6.7
ORciscoios_xeMatch16.6.7a
ORciscoios_xeMatch16.7.1
ORciscoios_xeMatch16.7.1a
ORciscoios_xeMatch16.7.1b
ORciscoios_xeMatch16.7.2
ORciscoios_xeMatch16.7.3
ORciscoios_xeMatch16.7.4
ORciscoios_xeMatch16.8.1
ORciscoios_xeMatch16.8.1a
ORciscoios_xeMatch16.8.1b
ORciscoios_xeMatch16.8.1c
ORciscoios_xeMatch16.8.1d
ORciscoios_xeMatch16.8.1e
ORciscoios_xeMatch16.8.1s
ORciscoios_xeMatch16.8.2
ORciscoios_xeMatch16.8.3
ORciscoios_xeMatch16.9.1
ORciscoios_xeMatch16.9.1a
ORciscoios_xeMatch16.9.1b
ORciscoios_xeMatch16.9.1c
ORciscoios_xeMatch16.9.1d
ORciscoios_xeMatch16.9.1s
ORciscoios_xeMatch16.9.2
ORciscoios_xeMatch16.9.2a
ORciscoios_xeMatch16.9.2s
ORciscoios_xeMatch16.9.3
ORciscoios_xeMatch16.9.3h
ORciscoios_xeMatch16.9.3s
ORciscoios_xeMatch16.9.4
ORciscoios_xeMatch16.9.4c
ORciscoios_xeMatch16.10.1
ORciscoios_xeMatch16.10.1a
ORciscoios_xeMatch16.10.1b
ORciscoios_xeMatch16.10.1c
ORciscoios_xeMatch16.10.1d
ORciscoios_xeMatch16.10.1e
ORciscoios_xeMatch16.10.1f
ORciscoios_xeMatch16.10.1g
ORciscoios_xeMatch16.10.1s
ORciscoios_xeMatch16.10.2
ORciscoios_xeMatch16.11.1
ORciscoios_xeMatch16.11.1a
ORciscoios_xeMatch16.11.1b
ORciscoios_xeMatch16.12.1y
CNA Affected
[
{
"product": "Cisco IOS XE Software 3.2.0SG",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
]Related
cisco
cisco
Cisco IOS XE Software Digital Signature Verification Bypass Vulnerability
2020-06-03 16:00:00
prion
prion
Input validation
2020-06-03 18:15:00
nvd
nvd
CVE-2020-3209
2020-06-03 18:15:18
cvelist
cvelist
nessus
nessus
ics
ics
Rockwell Automation Stratix Devices Containing Cisco IOS
2022-10-27 12:00:00
7.2 High
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
6.8 Medium
CVSS3
Attack Vector
PHYSICAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
6.6 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
30.8%
Related for CVE-2020-3209