Lucene search
CiscoCVELIST:CVE-2023-20236HistorySep 13, 2023 - 4:39 p.m.
CVE-2023-20236
2023-09-1316:39:19
cisco
www.cve.org
cisco ios xr
vulnerability
image verification
ipxe boot
software image
authenticated
local attacker
6.7 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
0.0004 Low
EPSS
Percentile
5.1%
A vulnerability in the iPXE boot function of Cisco IOS XR software could allow an authenticated, local attacker to install an unverified software image on an affected device.
This vulnerability is due to insufficient image verification. An attacker could exploit this vulnerability by manipulating the boot parameters for image verification during the iPXE boot process on an affected device. A successful exploit could allow the attacker to boot an unverified software image on the affected device.
CNA Affected
[
{
"vendor": "Cisco",
"product": "Cisco IOS XR Software",
"versions": [
{
"version": "5.2.0",
"status": "affected"
},
{
"version": "5.2.1",
"status": "affected"
},
{
"version": "5.2.2",
"status": "affected"
},
{
"version": "5.2.4",
"status": "affected"
},
{
"version": "5.2.3",
"status": "affected"
},
{
"version": "5.2.5",
"status": "affected"
},
{
"version": "5.2.47",
"status": "affected"
},
{
"version": "5.3.0",
"status": "affected"
},
{
"version": "5.3.1",
"status": "affected"
},
{
"version": "5.3.2",
"status": "affected"
},
{
"version": "5.3.3",
"status": "affected"
},
{
"version": "5.3.4",
"status": "affected"
},
{
"version": "6.0.0",
"status": "affected"
},
{
"version": "6.0.1",
"status": "affected"
},
{
"version": "6.0.2",
"status": "affected"
},
{
"version": "6.1.1",
"status": "affected"
},
{
"version": "6.1.2",
"status": "affected"
},
{
"version": "6.1.3",
"status": "affected"
},
{
"version": "6.1.4",
"status": "affected"
},
{
"version": "6.1.12",
"status": "affected"
},
{
"version": "6.1.22",
"status": "affected"
},
{
"version": "6.1.32",
"status": "affected"
},
{
"version": "6.1.36",
"status": "affected"
},
{
"version": "6.1.42",
"status": "affected"
},
{
"version": "6.2.1",
"status": "affected"
},
{
"version": "6.2.2",
"status": "affected"
},
{
"version": "6.2.3",
"status": "affected"
},
{
"version": "6.2.25",
"status": "affected"
},
{
"version": "6.2.11",
"status": "affected"
},
{
"version": "6.3.2",
"status": "affected"
},
{
"version": "6.3.3",
"status": "affected"
},
{
"version": "6.3.15",
"status": "affected"
},
{
"version": "6.4.1",
"status": "affected"
},
{
"version": "6.4.2",
"status": "affected"
},
{
"version": "6.4.3",
"status": "affected"
},
{
"version": "6.5.1",
"status": "affected"
},
{
"version": "6.5.2",
"status": "affected"
},
{
"version": "6.5.3",
"status": "affected"
},
{
"version": "6.5.25",
"status": "affected"
},
{
"version": "6.5.26",
"status": "affected"
},
{
"version": "6.5.28",
"status": "affected"
},
{
"version": "6.5.29",
"status": "affected"
},
{
"version": "6.5.32",
"status": "affected"
},
{
"version": "6.5.33",
"status": "affected"
},
{
"version": "6.6.2",
"status": "affected"
},
{
"version": "6.6.3",
"status": "affected"
},
{
"version": "6.6.25",
"status": "affected"
},
{
"version": "6.6.4",
"status": "affected"
},
{
"version": "7.0.1",
"status": "affected"
},
{
"version": "7.0.2",
"status": "affected"
},
{
"version": "7.0.12",
"status": "affected"
},
{
"version": "7.0.14",
"status": "affected"
},
{
"version": "7.1.1",
"status": "affected"
},
{
"version": "7.1.15",
"status": "affected"
},
{
"version": "7.1.2",
"status": "affected"
},
{
"version": "7.1.3",
"status": "affected"
},
{
"version": "6.7.1",
"status": "affected"
},
{
"version": "6.7.2",
"status": "affected"
},
{
"version": "6.7.3",
"status": "affected"
},
{
"version": "6.7.4",
"status": "affected"
},
{
"version": "7.2.0",
"status": "affected"
},
{
"version": "7.2.1",
"status": "affected"
},
{
"version": "7.2.2",
"status": "affected"
},
{
"version": "7.3.1",
"status": "affected"
},
{
"version": "7.3.15",
"status": "affected"
},
{
"version": "7.3.2",
"status": "affected"
},
{
"version": "7.3.3",
"status": "affected"
},
{
"version": "7.3.5",
"status": "affected"
},
{
"version": "7.4.1",
"status": "affected"
},
{
"version": "7.4.2",
"status": "affected"
},
{
"version": "6.8.1",
"status": "affected"
},
{
"version": "6.8.2",
"status": "affected"
},
{
"version": "7.5.1",
"status": "affected"
},
{
"version": "7.5.3",
"status": "affected"
},
{
"version": "7.5.2",
"status": "affected"
},
{
"version": "7.5.4",
"status": "affected"
},
{
"version": "7.6.1",
"status": "affected"
},
{
"version": "7.6.2",
"status": "affected"
},
{
"version": "7.7.1",
"status": "affected"
},
{
"version": "7.7.2",
"status": "affected"
},
{
"version": "7.7.21",
"status": "affected"
},
{
"version": "6.9.1",
"status": "affected"
},
{
"version": "6.9.2",
"status": "affected"
},
{
"version": "7.8.1",
"status": "affected"
},
{
"version": "7.8.2",
"status": "affected"
},
{
"version": "7.9.1",
"status": "affected"
},
{
"version": "7.9.2",
"status": "affected"
}
]
}
]Related
prion
prion
Design/Logic Flaw
2023-09-13 17:15:00
nessus
nessus
cisco
cisco
Cisco IOS XR Software iPXE Boot Signature Bypass Vulnerability
2023-09-13 16:00:00
cve
cve
CVE-2023-20236
2023-09-13 17:15:09
nvd
nvd
CVE-2023-20236
2023-09-13 17:15:09
6.7 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
0.0004 Low
EPSS
Percentile
5.1%
Related for CVELIST:CVE-2023-20236