vulnerability

Cisco IOS-XR: CVE-2023-20236: Cisco IOS XR Software iPXE Boot Signature Bypass Vulnerability

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
6	(AV:L/AC:L/Au:M/C:C/I:C/A:C)	2023-09-13	2023-09-14	2024-11-04

Severity

CVSS

(AV:L/AC:L/Au:M/C:C/I:C/A:C)

Published

2023-09-13

Added

2023-09-14

Modified

2024-11-04

Description

A vulnerability in the iPXE boot function of Cisco IOS XR software could allow an authenticated, local attacker to install an unverified software image on an affected device.

This vulnerability is due to insufficient image verification. An attacker could exploit this vulnerability by manipulating the boot parameters for image verification during the iPXE boot process on an affected device. A successful exploit could allow the attacker to boot an unverified software image on the affected device.

Solution

update-xros

References

CVE-2023-20236
https://attackerkb.com/topics/CVE-2023-20236
URL-https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-ipxe-sigbypass-pymfyqgB
CISCO-cisco-sa-iosxr-ipxe-sigbypass-pymfyqgB

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today