Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
prionPRIOn knowledge basePRION:CVE-2023-20064
HistoryMar 09, 2023 - 10:15 p.m.

Design/Logic Flaw

2023-03-0922:15:00
PRIOn knowledge base
www.prio-n.com
2
grub
cisco ios xr
vulnerability
unauthenticated access
sensitive files
physical access
console-based exploit

4.8 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

23.1%

JSON

A vulnerability in the GRand Unified Bootloader (GRUB) for Cisco IOS XR Software could allow an unauthenticated attacker with physical access to the device to view sensitive files on the console using the GRUB bootloader command line. This vulnerability is due to the inclusion of unnecessary commands within the GRUB environment that allow sensitive files to be viewed. An attacker could exploit this vulnerability by being connected to the console port of the Cisco IOS XR device when the device is power-cycled. A successful exploit could allow the attacker to view sensitive files that could be used to conduct additional attacks against the device.

CPENameOperatorVersion
ios_xrlt7.9.1
ios_xrlt7.6.1
ios_xrlt7.7.1

Related

nvd 1
cvelist 1
cisco 1
cve 1
nessus 1
nvd
nvd
CVE-2023-20064
2023-03-09 22:15:52
cvelist
cvelist
CVE-2023-20064 Cisco IOS XR Software Bootloader Unauthenticated Information Disclosure Vulnerability
2023-03-09 00:00:00
cisco
cisco
Cisco IOS XR Software Bootloader Unauthenticated Information Disclosure Vulnerability
2023-03-08 16:00:00
cve
cve
CVE-2023-20064
2023-03-09 22:15:52
nessus
nessus
Cisco IOS XR Software Bootloader Unauthenticated Information Disclosure (cisco-sa-iosxr-load-infodisc-9rdOr5Fq)
2023-03-10 00:00:00

4.8 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

23.1%

JSON
Related for PRION:CVE-2023-20064
nvd1cvelist1cisco1cve1nessus1