Lucene search

[email protected]CVE-2023-20064

HistoryMar 09, 2023 - 10:15 p.m.

CVE-2023-20064

2023-03-0922:15:52

CWE-862

[email protected]

web.nvd.nist.gov

cve-2023-20064

vulnerability

grub

cisco

ios xr

unauthorized access

physical access

bootloader

command line

4.6 Medium

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

4.8 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

23.1%

JSON

A vulnerability in the GRand Unified Bootloader (GRUB) for Cisco IOS XR Software could allow an unauthenticated attacker with physical access to the device to view sensitive files on the console using the GRUB bootloader command line. This vulnerability is due to the inclusion of unnecessary commands within the GRUB environment that allow sensitive files to be viewed. An attacker could exploit this vulnerability by being connected to the console port of the Cisco IOS XR device when the device is power-cycled. A successful exploit could allow the attacker to view sensitive files that could be used to conduct additional attacks against the device.

Affected configurations

NVD

Node

ciscoios_xrRange<7.9.1

AND

ciscoasr_9000v-v2Match-x64

ciscoasr_9001Match-x64

ciscoasr_9006Match-x64

ciscoasr_9010Match-x64

ciscoasr_9901Match-x64

ciscoasr_9902Match-x64

ciscoasr_9903Match-x64

ciscoasr_9904Match-x64

ciscoasr_9906Match-x64

ciscoasr_9910Match-x64

ciscoasr_9912Match-x64

ciscoasr_9922Match-x64

ciscoios_xrv_9000Match-

cisconcs_1001Match-

cisconcs_1002Match-

cisconcs_1004Match-

Node

ciscoios_xrRange<7.6.1

AND

cisconc57-18dd-seMatch-

cisconc57-24ddMatch-

cisconc57-36h-seMatch-

cisconc57-36h6d-sMatch-

cisconcs_540Match-

cisconcs_540_fronthaulMatch-

cisconcs_5501Match-

cisconcs_5501-seMatch-

cisconcs_5502Match-

cisconcs_5502-seMatch-

cisconcs_5508Match-

cisconcs_5516Match-

cisconcs_560-4Match-

cisconcs_560-7Match-

cisconcs_57b1-5dse-sysMatch-

cisconcs_57b1-6d24-sysMatch-

cisconcs_57c1-48q6-sysMatch-

cisconcs_57c3-mod-sysMatch-

cisconcs_57c3-mods-sysMatch-

Node

ciscoios_xrRange<7.7.1

AND

cisconcs_5001Match-

cisconcs_5002Match-

cisconcs_5011Match-

Node

ciscoios_xr

AND

cisconcs_6000Match-

CPENameOperatorVersion
cisco:ios_xrcisco ios xrlt7.9.1

CPE	Name	Operator	Version
cisco:ios_xr	cisco ios xr	lt	7.9.1

CNA Affected

[
  {
    "vendor": "Cisco",
    "product": "Cisco IOS XR Software ",
    "versions": [
      {
        "version": "n/a",
        "status": "affected"
      }
    ]
  }
]