Lucene search

K
nvd[email protected]NVD:CVE-2023-20082
HistoryMar 23, 2023 - 5:15 p.m.

CVE-2023-20082

2023-03-2317:15:14
CWE-78
web.nvd.nist.gov
2
cisco
catalyst 9300
vulnerability
code execution
boot time

6.8 Medium

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

6.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

21.3%

A vulnerability in Cisco IOS XE Software for Cisco Catalyst 9300 Series Switches could allow an authenticated, local attacker with level-15 privileges or an unauthenticated attacker with physical access to the device to execute persistent code at boot time and break the chain of trust. This vulnerability is due to errors that occur when retrieving the public release key that is used for image signature verification. An attacker could exploit this vulnerability by modifying specific variables in the Serial Peripheral Interface (SPI) flash memory of an affected device. A successful exploit could allow the attacker to execute persistent code on the underlying operating system. Note: In Cisco IOS XE Software releases 16.11.1 and later, the complexity of an attack using this vulnerability is high. However, an attacker with level-15 privileges could easily downgrade the Cisco IOS XE Software on a device to a release that would lower the attack complexity.

Affected configurations

NVD
Node
ciscoios_xeRange<17.3.7
OR
ciscoios_xeRange17.417.6.5
OR
ciscoios_xeMatch17.7
AND
ciscocatalyst_9300Match-
OR
ciscocatalyst_9300-24p-aMatch-
OR
ciscocatalyst_9300-24p-eMatch-
OR
ciscocatalyst_9300-24s-aMatch-
OR
ciscocatalyst_9300-24s-eMatch-
OR
ciscocatalyst_9300-24t-aMatch-
OR
ciscocatalyst_9300-24t-eMatch-
OR
ciscocatalyst_9300-24u-aMatch-
OR
ciscocatalyst_9300-24u-eMatch-
OR
ciscocatalyst_9300-24ux-aMatch-
OR
ciscocatalyst_9300-24ux-eMatch-
OR
ciscocatalyst_9300-48p-aMatch-
OR
ciscocatalyst_9300-48p-eMatch-
OR
ciscocatalyst_9300-48s-aMatch-
OR
ciscocatalyst_9300-48s-eMatch-
OR
ciscocatalyst_9300-48t-aMatch-
OR
ciscocatalyst_9300-48t-eMatch-
OR
ciscocatalyst_9300-48u-aMatch-
OR
ciscocatalyst_9300-48u-eMatch-
OR
ciscocatalyst_9300-48un-aMatch-
OR
ciscocatalyst_9300-48un-eMatch-
OR
ciscocatalyst_9300-48uxm-aMatch-
OR
ciscocatalyst_9300-48uxm-eMatch-
OR
ciscocatalyst_9300lMatch-
OR
ciscocatalyst_9300l-24p-4g-aMatch-
OR
ciscocatalyst_9300l-24p-4g-eMatch-
OR
ciscocatalyst_9300l-24p-4x-aMatch-
OR
ciscocatalyst_9300l-24p-4x-eMatch-
OR
ciscocatalyst_9300l-24t-4g-aMatch-
OR
ciscocatalyst_9300l-24t-4g-eMatch-
OR
ciscocatalyst_9300l-24t-4x-aMatch-
OR
ciscocatalyst_9300l-24t-4x-eMatch-
OR
ciscocatalyst_9300l-48p-4g-aMatch-
OR
ciscocatalyst_9300l-48p-4g-eMatch-
OR
ciscocatalyst_9300l-48p-4x-aMatch-
OR
ciscocatalyst_9300l-48p-4x-eMatch-
OR
ciscocatalyst_9300l-48t-4g-aMatch-
OR
ciscocatalyst_9300l-48t-4g-eMatch-
OR
ciscocatalyst_9300l-48t-4x-aMatch-
OR
ciscocatalyst_9300l-48t-4x-eMatch-
OR
ciscocatalyst_9300l_stackMatch-
OR
ciscocatalyst_9300lmMatch-
OR
ciscocatalyst_9300xMatch-

6.8 Medium

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

6.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

21.3%

Related for NVD:CVE-2023-20082