FKIE_CVE-2023-20236

Vulnerability from fkie_nvd - Published: 2023-09-13 17:15 - Updated: 2024-11-21 07:40
Severity ?
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability in the iPXE boot function of Cisco IOS XR software could allow an authenticated, local attacker to install an unverified software image on an affected device. This vulnerability is due to insufficient image verification. An attacker could exploit this vulnerability by manipulating the boot parameters for image verification during the iPXE boot process on an affected device. A successful exploit could allow the attacker to boot an unverified software image on the affected device.
References
psirt@cisco.comhttps://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-ipxe-sigbypass-pymfyqgBVendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-ipxe-sigbypass-pymfyqgBVendor Advisory
Impacted products
Vendor Product Version
cisco ios_xr *
cisco 8201 -
cisco 8202 -
cisco 8208 -
cisco 8212 -
cisco 8218 -
cisco 8804 -
cisco 8808 -
cisco 8812 -
cisco 8818 -
cisco 8831 -
cisco asr_9000 -
cisco asr_9000v -
cisco asr_9001 -
cisco asr_9006 -
cisco asr_9010 -
cisco asr_9901 -
cisco asr_9902 -
cisco asr_9903 -
cisco asr_9904 -
cisco asr_9906 -
cisco asr_9910 -
cisco asr_9912 -
cisco asr_9920 -
cisco asr_9922 -
cisco ncs_1001 -
cisco ncs_1002 -
cisco ncs_1004 -
cisco ncs_4009 -
cisco ncs_4016 -
cisco ncs_4201 -
cisco ncs_4202 -
cisco ncs_4206 -
cisco ncs_4216 -
cisco ncs_5001 -
cisco ncs_5002 -
cisco ncs_5011 -
cisco ncs_540 -
cisco ncs_5500 -
cisco ncs_5501 -
cisco ncs_5501 se
cisco ncs_5502 -
cisco ncs_5502 se
cisco ncs_5504 -
cisco ncs_5508 -
cisco ncs_5516 -
cisco ncs_560 -
cisco ncs_560-4 -
cisco ncs_560-7 -
cisco ncs_57b1-5dse-sys -
cisco ncs_57b1-6d24-sys -
cisco ncs_57c1-48q6-sys -
cisco ncs_57c3-mod-sys -
cisco ncs_57c3-mods-sys -
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F31C819-2725-4295-8FF3-BA00A7A6BE92",
              "versionEndExcluding": "7.10.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:8201:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D8E7FFF-82A8-4ECB-BA0C-CBF0C2FDA3A3",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:8202:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "87DC4C2F-01C5-4D89-8D79-E5D28EDAD0F2",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:8208:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A34DAD43-0C95-4830-8078-EFE3E6C0A930",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:8212:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "46F5CBF0-7F55-44C0-B321-896BDBA22679",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:8218:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D381E343-416F-42AF-A780-D330954F238F",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:8804:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6655851F-58D9-49D9-A56E-8440A7F7BB45",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:8808:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F5E2AE67-DED3-4414-A194-386ADB2C8DC7",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:8812:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3920133A-684D-4A9F-B65A-FF4EAE5052E5",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:8818:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9ED06361-5A68-4656-AEA5-240C290594CD",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:8831:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BE2514A1-486C-40F7-8746-56E2B973CBE6",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:asr_9000:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3FEF8271-315F-4756-931F-015F790BE693",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:asr_9000v:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "71BD158E-71D8-4DCA-8C09-F8AB7EF0EBDD",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:asr_9001:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "324C97E6-1810-404F-9F45-6240F99FF039",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:asr_9006:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "57EB55BB-41B7-40A1-B6F5-142FE8AB4C16",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:asr_9010:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "433F4A82-04A4-4EAA-8C19-F7581DCD8D29",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:asr_9901:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D5E60AB-94FF-448A-89D8-5D2197E21C74",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:asr_9902:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "91474DBC-FB31-4DDF-96C5-311FA1D53A74",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:asr_9903:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA241214-2F05-4360-9B50-385355E29CF4",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:asr_9904:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A93212A4-50AB-42E7-89A4-5FBBAEA050C3",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:asr_9906:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EDA53A61-98B3-458C-8893-61CD7D6B1E48",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:asr_9910:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F396564E-B477-4A27-A189-CEB737552E25",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:asr_9912:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5445CC54-ACFB-4070-AF26-F91FEAA85181",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:asr_9920:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "49E7ED87-8AC0-4107-A7A5-F334236E2906",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:asr_9922:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D7AA58E5-D7E1-48CF-93FF-C60EB85B2BC7",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_1001:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F6E0FBE-70B7-413C-8943-39BEFE050298",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_1002:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "37AE5FB0-D9A6-4EBE-9F7F-243299AE918B",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_1004:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "60C9AAF8-4C5B-4EF5-B575-8235F3C54BCC",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_4009:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F40E779D-5865-4E4B-AE2D-CF1860BA19E2",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_4016:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC6A867F-E809-4CB5-82DB-2670CB0A6359",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_4201:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "41C5ECF8-EFFE-4C27-8DCB-2533BFD5200F",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_4202:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "68C23248-3D61-4BAF-9602-BA31FB4374DD",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_4206:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C36494B4-8E2D-4399-97B5-725792BD5C45",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_4216:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0819EF17-5102-45FF-96AD-85BE17FD6921",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_5001:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2A8C028-107B-4410-BCC6-5BCB8DB63603",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_5002:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA13FE67-F4AE-46DF-921B-3FB91BDF742B",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_5011:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "98622F14-CC47-45E0-85E4-A7243309487C",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_540:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BC7AE6C1-B7C6-4056-9719-B5CFF71970AD",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_5500:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D686F339-9406-4ADF-B124-C815D43E4CAA",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_5501:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A972EFE-4F7E-4BFC-8631-66A2D16B74A3",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_5501:se:*:*:*:*:*:*:*",
              "matchCriteriaId": "22FE69B4-DF27-46F1-8037-4B8D1F229C6B",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_5502:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F72AEF0-EE70-40F8-B52B-1390820B87BB",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_5502:se:*:*:*:*:*:*:*",
              "matchCriteriaId": "603980FE-9865-4A71-A37C-A90B7F3B72D6",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_5504:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6AC4E089-296D-4C19-BF21-DDF2501DD77C",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_5508:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "43D21B01-A754-474F-8E46-14D733AB307E",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_5516:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "17D6424C-972F-459C-B8F7-04FFD9F541BC",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_560:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D4CC8256-E4F8-4DCB-B69A-40A7C5AA41E8",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_560-4:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB01E968-E838-4D3C-B603-BF7E4E0F8A2C",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_560-7:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "08864A59-0840-4407-8D30-9CE34BAF05E7",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_57b1-5dse-sys:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "13EEDD1C-25BC-4AFA-AF60-66DE36927528",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_57b1-6d24-sys:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5CD3B06B-864E-4A35-B0C3-1654390022D2",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_57c1-48q6-sys:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD1B4F37-5AAA-4F40-8865-226289CB5CEB",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_57c3-mod-sys:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "355F78C3-C07F-48C3-9B6E-55714EAA7331",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ncs_57c3-mods-sys:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "98F06B5D-6CE8-42C3-8760-89B4EF1FFC21",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in the iPXE boot function of Cisco IOS XR software could allow an authenticated, local attacker to install an unverified software image on an affected device.\r\n\r This vulnerability is due to insufficient image verification. An attacker could exploit this vulnerability by manipulating the boot parameters for image verification during the iPXE boot process on an affected device. A successful exploit could allow the attacker to boot an unverified software image on the affected device."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en la funci\u00f3n de arranque iPXE del software Cisco IOS XR podr\u00eda permitir que un atacante local autenticado instale una imagen de software no verificada en un dispositivo afectado. Esta vulnerabilidad se debe a una verificaci\u00f3n de imagen insuficiente. Un atacante podr\u00eda aprovechar esta vulnerabilidad manipulando los par\u00e1metros de arranque para la verificaci\u00f3n de im\u00e1genes durante el proceso de arranque iPXE en un dispositivo afectado. Una explotaci\u00f3n exitosa podr\u00eda permitir al atacante iniciar una imagen de software no verificada en el dispositivo afectado."
    }
  ],
  "id": "CVE-2023-20236",
  "lastModified": "2024-11-21T07:40:57.700",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 6.7,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 0.8,
        "impactScore": 5.9,
        "source": "psirt@cisco.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-09-13T17:15:09.607",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-ipxe-sigbypass-pymfyqgB"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-ipxe-sigbypass-pymfyqgB"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-347"
        }
      ],
      "source": "psirt@cisco.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-345"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.