Vulnerabilites related to cisco - 8201-32fh-o
CVE-2024-20320 (GCVE-0-2024-20320)
Vulnerability from cvelistv5
Published
2024-03-13 16:41
Modified
2024-08-16 18:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-266 - Incorrect Privilege Assignment
Summary
A vulnerability in the SSH client feature of Cisco IOS XR Software for Cisco 8000 Series Routers and Cisco Network Convergence System (NCS) 540 Series and 5700 Series Routers could allow an authenticated, local attacker to elevate privileges on an affected device.
This vulnerability is due to insufficient validation of arguments that are included with the SSH client CLI command. An attacker with low-privileged access to an affected device could exploit this vulnerability by issuing a crafted SSH client command to the CLI. A successful exploit could allow the attacker to elevate privileges to root on the affected device.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco IOS XR Software |
Version: 7.2.1 Version: 7.2.2 Version: 7.3.1 Version: 7.3.15 Version: 7.3.2 Version: 7.3.3 Version: 7.3.5 Version: 7.4.1 Version: 7.4.2 Version: 7.5.1 Version: 7.5.3 Version: 7.5.2 Version: 7.5.4 Version: 7.5.5 Version: 7.6.1 Version: 7.6.2 Version: 7.7.1 Version: 7.7.2 Version: 7.7.21 Version: 7.8.1 Version: 7.8.2 Version: 7.9.1 Version: 7.9.2 Version: 7.9.21 Version: 7.10.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:59:42.846Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "cisco-sa-iosxr-ssh-privesc-eWDMKew3",
"tags": [
"x_transferred"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-ssh-privesc-eWDMKew3"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ios_xr",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "7.2.1"
},
{
"status": "affected",
"version": "7.2.2"
},
{
"status": "affected",
"version": "7.3.1"
},
{
"status": "affected",
"version": "7.3.15"
},
{
"status": "affected",
"version": "7.3.2"
},
{
"status": "affected",
"version": "7.3.3"
},
{
"status": "affected",
"version": "7.3.5"
},
{
"status": "affected",
"version": "7.4.1"
},
{
"status": "affected",
"version": "7.4.2"
},
{
"status": "affected",
"version": "7.5.1"
},
{
"status": "affected",
"version": "7.5.3"
},
{
"status": "affected",
"version": "7.5.2"
},
{
"status": "affected",
"version": "7.5.4"
},
{
"status": "affected",
"version": "7.5.5"
},
{
"status": "affected",
"version": "7.6.1"
},
{
"status": "affected",
"version": "7.6.2"
},
{
"status": "affected",
"version": "7.7.1"
},
{
"status": "affected",
"version": "7.7.2"
},
{
"status": "affected",
"version": "7.7.21"
},
{
"status": "affected",
"version": "7.8.1"
},
{
"status": "affected",
"version": "7.8.2"
},
{
"status": "affected",
"version": "7.9.1"
},
{
"status": "affected",
"version": "7.9.2"
},
{
"status": "affected",
"version": "7.9.21"
},
{
"status": "affected",
"version": "7.10.1"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-20320",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-16T04:00:53.164644Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-16T18:53:02.009Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco IOS XR Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "7.2.1"
},
{
"status": "affected",
"version": "7.2.2"
},
{
"status": "affected",
"version": "7.3.1"
},
{
"status": "affected",
"version": "7.3.15"
},
{
"status": "affected",
"version": "7.3.2"
},
{
"status": "affected",
"version": "7.3.3"
},
{
"status": "affected",
"version": "7.3.5"
},
{
"status": "affected",
"version": "7.4.1"
},
{
"status": "affected",
"version": "7.4.2"
},
{
"status": "affected",
"version": "7.5.1"
},
{
"status": "affected",
"version": "7.5.3"
},
{
"status": "affected",
"version": "7.5.2"
},
{
"status": "affected",
"version": "7.5.4"
},
{
"status": "affected",
"version": "7.5.5"
},
{
"status": "affected",
"version": "7.6.1"
},
{
"status": "affected",
"version": "7.6.2"
},
{
"status": "affected",
"version": "7.7.1"
},
{
"status": "affected",
"version": "7.7.2"
},
{
"status": "affected",
"version": "7.7.21"
},
{
"status": "affected",
"version": "7.8.1"
},
{
"status": "affected",
"version": "7.8.2"
},
{
"status": "affected",
"version": "7.9.1"
},
{
"status": "affected",
"version": "7.9.2"
},
{
"status": "affected",
"version": "7.9.21"
},
{
"status": "affected",
"version": "7.10.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the SSH client feature of Cisco IOS XR Software for Cisco 8000 Series Routers and Cisco Network Convergence System (NCS) 540 Series and 5700 Series Routers could allow an authenticated, local attacker to elevate privileges on an affected device. \r\n\r This vulnerability is due to insufficient validation of arguments that are included with the SSH client CLI command. An attacker with low-privileged access to an affected device could exploit this vulnerability by issuing a crafted SSH client command to the CLI. A successful exploit could allow the attacker to elevate privileges to root on the affected device."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-266",
"description": "Incorrect Privilege Assignment",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-13T16:41:52.488Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-iosxr-ssh-privesc-eWDMKew3",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-ssh-privesc-eWDMKew3"
}
],
"source": {
"advisory": "cisco-sa-iosxr-ssh-privesc-eWDMKew3",
"defects": [
"CSCwh52374"
],
"discovery": "INTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2024-20320",
"datePublished": "2024-03-13T16:41:52.488Z",
"dateReserved": "2023-11-08T15:08:07.632Z",
"dateUpdated": "2024-08-16T18:53:02.009Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-20322 (GCVE-0-2024-20322)
Vulnerability from cvelistv5
Published
2024-03-13 16:43
Modified
2024-08-02 19:49
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-284 - Improper Access Control
Summary
A vulnerability in the access control list (ACL) processing on Pseudowire interfaces in the ingress direction of Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass a configured ACL.
This vulnerability is due to improper assignment of lookup keys to internal interface contexts. An attacker could exploit this vulnerability by attempting to send traffic through an affected device. A successful exploit could allow the attacker to access resources behind the affected device that were supposed to be protected by a configured ACL.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco IOS XR Software |
Version: 7.10.2 Version: 7.11.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:59:41.959Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "cisco-sa-iosxr-acl-bypass-RZU5NL3e",
"tags": [
"x_transferred"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-acl-bypass-RZU5NL3e"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:cisco:ios_xr_software:7.10.2:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ios_xr_software",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "7.10.2"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:ios_xr_software:7.11.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ios_xr_software",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "7.11.1"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-20322",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-02T19:47:43.541856Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-02T19:49:57.842Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco IOS XR Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "7.10.2"
},
{
"status": "affected",
"version": "7.11.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the access control list (ACL) processing on Pseudowire interfaces in the ingress direction of Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass a configured ACL.\r\n\r This vulnerability is due to improper assignment of lookup keys to internal interface contexts. An attacker could exploit this vulnerability by attempting to send traffic through an affected device. A successful exploit could allow the attacker to access resources behind the affected device that were supposed to be protected by a configured ACL."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "Improper Access Control",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-13T16:43:53.196Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-iosxr-acl-bypass-RZU5NL3e",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-acl-bypass-RZU5NL3e"
}
],
"source": {
"advisory": "cisco-sa-iosxr-acl-bypass-RZU5NL3e",
"defects": [
"CSCwh77265"
],
"discovery": "INTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2024-20322",
"datePublished": "2024-03-13T16:43:53.196Z",
"dateReserved": "2023-11-08T15:08:07.640Z",
"dateUpdated": "2024-08-02T19:49:57.842Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-20177 (GCVE-0-2025-20177)
Vulnerability from cvelistv5
Published
2025-03-12 16:13
Modified
2025-03-14 15:31
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-274 - Improper Handling of Insufficient Privileges
Summary
A vulnerability in the boot process of Cisco IOS XR Software could allow an authenticated, local attacker to bypass Cisco IOS XR image signature verification and load unverified software on an affected device. To exploit this vulnerability, the attacker must have root-system privileges on the affected device.
This vulnerability is due to incomplete validation of files in the boot verification process. An attacker could exploit this vulnerability by manipulating the system configuration options to bypass some of the integrity checks that are performed during the boot process. A successful exploit could allow the attacker to control the boot configuration, which could enable them to bypass the requirement to run Cisco-signed images or alter the security properties of the running system.
Note: Because exploitation of this vulnerability could result in the attacker bypassing Cisco image verification, Cisco has raised the Security Impact Rating (SIR) of this advisory from Medium to High.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco IOS XR Software |
Version: 7.0.1 Version: 7.0.0 Version: 7.1.1 Version: 7.0.90 Version: 6.7.1 Version: 7.0.2 Version: 7.1.15 Version: 7.2.0 Version: 7.2.1 Version: 7.1.2 Version: 6.7.2 Version: 7.0.11 Version: 7.0.12 Version: 7.0.14 Version: 7.1.25 Version: 7.2.12 Version: 7.3.1 Version: 7.1.3 Version: 6.7.3 Version: 7.4.1 Version: 7.2.2 Version: 6.7.4 Version: 7.3.15 Version: 7.3.16 Version: 6.8.1 Version: 7.4.15 Version: 7.3.2 Version: 7.5.1 Version: 7.4.16 Version: 7.3.27 Version: 7.6.1 Version: 7.5.2 Version: 7.8.1 Version: 7.6.15 Version: 7.5.12 Version: 7.3.3 Version: 7.7.1 Version: 6.8.2 Version: 7.3.4 Version: 7.4.2 Version: 6.7.35 Version: 6.9.1 Version: 7.6.2 Version: 7.5.3 Version: 7.7.2 Version: 6.9.2 Version: 7.9.1 Version: 7.10.1 Version: 7.8.2 Version: 7.5.4 Version: 7.8.22 Version: 7.7.21 Version: 7.9.2 Version: 7.3.5 Version: 7.5.5 Version: 7.11.1 Version: 7.9.21 Version: 7.10.2 Version: 24.1.1 Version: 7.6.3 Version: 7.3.6 Version: 7.11.2 Version: 24.2.1 Version: 24.1.2 Version: 24.2.11 Version: 24.3.1 Version: 7.8.23 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-20177",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-13T03:55:23.530580Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-14T15:31:19.971Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco IOS XR Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "7.0.1"
},
{
"status": "affected",
"version": "7.0.0"
},
{
"status": "affected",
"version": "7.1.1"
},
{
"status": "affected",
"version": "7.0.90"
},
{
"status": "affected",
"version": "6.7.1"
},
{
"status": "affected",
"version": "7.0.2"
},
{
"status": "affected",
"version": "7.1.15"
},
{
"status": "affected",
"version": "7.2.0"
},
{
"status": "affected",
"version": "7.2.1"
},
{
"status": "affected",
"version": "7.1.2"
},
{
"status": "affected",
"version": "6.7.2"
},
{
"status": "affected",
"version": "7.0.11"
},
{
"status": "affected",
"version": "7.0.12"
},
{
"status": "affected",
"version": "7.0.14"
},
{
"status": "affected",
"version": "7.1.25"
},
{
"status": "affected",
"version": "7.2.12"
},
{
"status": "affected",
"version": "7.3.1"
},
{
"status": "affected",
"version": "7.1.3"
},
{
"status": "affected",
"version": "6.7.3"
},
{
"status": "affected",
"version": "7.4.1"
},
{
"status": "affected",
"version": "7.2.2"
},
{
"status": "affected",
"version": "6.7.4"
},
{
"status": "affected",
"version": "7.3.15"
},
{
"status": "affected",
"version": "7.3.16"
},
{
"status": "affected",
"version": "6.8.1"
},
{
"status": "affected",
"version": "7.4.15"
},
{
"status": "affected",
"version": "7.3.2"
},
{
"status": "affected",
"version": "7.5.1"
},
{
"status": "affected",
"version": "7.4.16"
},
{
"status": "affected",
"version": "7.3.27"
},
{
"status": "affected",
"version": "7.6.1"
},
{
"status": "affected",
"version": "7.5.2"
},
{
"status": "affected",
"version": "7.8.1"
},
{
"status": "affected",
"version": "7.6.15"
},
{
"status": "affected",
"version": "7.5.12"
},
{
"status": "affected",
"version": "7.3.3"
},
{
"status": "affected",
"version": "7.7.1"
},
{
"status": "affected",
"version": "6.8.2"
},
{
"status": "affected",
"version": "7.3.4"
},
{
"status": "affected",
"version": "7.4.2"
},
{
"status": "affected",
"version": "6.7.35"
},
{
"status": "affected",
"version": "6.9.1"
},
{
"status": "affected",
"version": "7.6.2"
},
{
"status": "affected",
"version": "7.5.3"
},
{
"status": "affected",
"version": "7.7.2"
},
{
"status": "affected",
"version": "6.9.2"
},
{
"status": "affected",
"version": "7.9.1"
},
{
"status": "affected",
"version": "7.10.1"
},
{
"status": "affected",
"version": "7.8.2"
},
{
"status": "affected",
"version": "7.5.4"
},
{
"status": "affected",
"version": "7.8.22"
},
{
"status": "affected",
"version": "7.7.21"
},
{
"status": "affected",
"version": "7.9.2"
},
{
"status": "affected",
"version": "7.3.5"
},
{
"status": "affected",
"version": "7.5.5"
},
{
"status": "affected",
"version": "7.11.1"
},
{
"status": "affected",
"version": "7.9.21"
},
{
"status": "affected",
"version": "7.10.2"
},
{
"status": "affected",
"version": "24.1.1"
},
{
"status": "affected",
"version": "7.6.3"
},
{
"status": "affected",
"version": "7.3.6"
},
{
"status": "affected",
"version": "7.11.2"
},
{
"status": "affected",
"version": "24.2.1"
},
{
"status": "affected",
"version": "24.1.2"
},
{
"status": "affected",
"version": "24.2.11"
},
{
"status": "affected",
"version": "24.3.1"
},
{
"status": "affected",
"version": "7.8.23"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the boot process of Cisco IOS XR Software could allow an authenticated, local attacker to bypass Cisco IOS XR image signature verification and load unverified software on an affected device. To exploit this vulnerability, the attacker must have root-system privileges on the affected device.\r\n\r\nThis vulnerability is due to incomplete validation of files in the boot verification process. An attacker could exploit this vulnerability by manipulating the system configuration options to bypass some of the integrity checks that are performed during the boot process. A successful exploit could allow the attacker to control the boot configuration, which could enable them to bypass the requirement to run Cisco-signed images or alter the security properties of the running system.\r\nNote: Because exploitation of this vulnerability could result in the attacker bypassing Cisco image verification, Cisco has raised the Security Impact Rating (SIR) of this advisory from Medium to High."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-274",
"description": "Improper Handling of Insufficient Privileges",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-12T16:13:04.362Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-ios-xr-verii-bypass-HhPwQRvx",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-xr-verii-bypass-HhPwQRvx"
},
{
"name": "Crafting endless AS-PATHS in BGP",
"url": "https://blog.apnic.net/2024/09/02/crafting-endless-as-paths-in-bgp/"
}
],
"source": {
"advisory": "cisco-sa-ios-xr-verii-bypass-HhPwQRvx",
"defects": [
"CSCwk67262"
],
"discovery": "INTERNAL"
},
"title": "Cisco IOS XR Software Image Verification Bypass Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2025-20177",
"datePublished": "2025-03-12T16:13:04.362Z",
"dateReserved": "2024-10-10T19:15:13.220Z",
"dateUpdated": "2025-03-14T15:31:19.971Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-20456 (GCVE-0-2024-20456)
Vulnerability from cvelistv5
Published
2024-07-10 16:06
Modified
2024-08-01 21:59
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-732 - Incorrect Permission Assignment for Critical Resource
Summary
A vulnerability in the boot process of Cisco IOS XR Software could allow an authenticated, local attacker with high privileges to bypass the Cisco Secure Boot functionality and load unverified software on an affected device. To exploit this successfully, the attacker must have root-system privileges on the affected device.
This vulnerability is due to an error in the software build process. An attacker could exploit this vulnerability by manipulating the system’s configuration options to bypass some of the integrity checks that are performed during the booting process. A successful exploit could allow the attacker to control the boot configuration, which could enable them to bypass of the requirement to run Cisco signed images or alter the security properties of the running system.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco IOS XR Software |
Version: 24.2.1 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:cisco:ios_xr_software:24.2.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ios_xr_software",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "24.2.1"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-20456",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-11T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-12T03:55:19.039Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:59:42.190Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "cisco-sa-xr-secure-boot-quD5g8Ap",
"tags": [
"x_transferred"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xr-secure-boot-quD5g8Ap"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cisco IOS XR Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "24.2.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the boot process of Cisco IOS XR Software could allow an authenticated, local attacker with high privileges to bypass the Cisco Secure Boot functionality and load unverified software on an affected device. To exploit this successfully, the attacker must have root-system privileges on the affected device.\r\n\r This vulnerability is due to an error in the software build process. An attacker could exploit this vulnerability by manipulating the system\u0026rsquo;s configuration options to bypass some of the integrity checks that are performed during the booting process. A successful exploit could allow the attacker to control the boot configuration, which could enable them to bypass of the requirement to run Cisco signed images or alter the security properties of the running system."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-732",
"description": "Incorrect Permission Assignment for Critical Resource",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-10T16:06:22.104Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-xr-secure-boot-quD5g8Ap",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xr-secure-boot-quD5g8Ap"
}
],
"source": {
"advisory": "cisco-sa-xr-secure-boot-quD5g8Ap",
"defects": [
"CSCwk58609"
],
"discovery": "INTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2024-20456",
"datePublished": "2024-07-10T16:06:22.104Z",
"dateReserved": "2023-11-08T15:08:07.679Z",
"dateUpdated": "2024-08-01T21:59:42.190Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2024-03-13 17:15
Modified
2025-08-05 14:40
Severity ?
Summary
A vulnerability in the SSH client feature of Cisco IOS XR Software for Cisco 8000 Series Routers and Cisco Network Convergence System (NCS) 540 Series and 5700 Series Routers could allow an authenticated, local attacker to elevate privileges on an affected device.
This vulnerability is due to insufficient validation of arguments that are included with the SSH client CLI command. An attacker with low-privileged access to an affected device could exploit this vulnerability by issuing a crafted SSH client command to the CLI. A successful exploit could allow the attacker to elevate privileges to root on the affected device.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B7FE3667-1B5E-48FB-B3BB-1C1854FFEE72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2B0370A9-E422-4109-81A3-DE2118A20827",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "82CD7F68-9569-43F4-88ED-96F9A15C065D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D2C4C062-F816-41FE-ADAD-F994F4FA4A07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A07E9C56-D143-45FA-99FF-30F54A828BF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DB9D0641-28F8-4CCB-AEC3-205409D1704A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.3.15:*:*:*:*:*:*:*",
"matchCriteriaId": "D21DEFD5-EC43-496B-BBE1-C71C6055BC04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "40C6D7C4-A5D9-4365-9664-EF35586925AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EC41A004-2029-4E22-A88F-2B93D9786B6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "57F7D7FD-24A8-4DD4-8280-A18244059F34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7A7448D1-BC19-45AB-BF6F-3434F8CA2CC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7A057808-1BCA-4C7C-A2D9-0BD5B09D20F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A7D09FC0-73C5-4F7A-8013-0B0E5CC834FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DFA4A8AF-348D-4F90-B1CB-AE784E0A6EBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6C95648D-A37A-446B-B106-12612C00A34D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4DF31489-C029-4D4C-8401-26873FC469E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1807BE16-BAA9-4BC6-B98A-13D584A12821",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "375746CB-695E-4019-89C9-42ED37A5E958",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.7.21:*:*:*:*:*:*:*",
"matchCriteriaId": "CE7D05C0-4065-448B-AAC6-F29E379F3DA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D8ADA2B1-FD5A-4900-953B-30951C8EF9AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9B4C7223-3EFB-48C2-BE22-941F60826D0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "164B241C-397A-4921-BC5B-F928A21E91C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FAD3875D-D283-4961-BE31-750FDF9CDF56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.9.21:*:*:*:*:*:*:*",
"matchCriteriaId": "87EF9DC5-4BE2-429D-B9BA-EF9F29E7E0F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BAEC28C0-8091-49F9-88D1-CB96234BF52A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:ios_xrd_control_plane:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3E05A05E-C9A5-40E1-A205-62EE00AF1EAF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:cisco:ios_xrd_vrouter:*:*:*:*:*:*:*:*",
"matchCriteriaId": "546F18E0-335C-4841-A0A5-32CAD2DDE7BF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8011-4g24y4h-i:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1C422517-1BC8-4BCE-97E8-A2C165C7BB64",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8101-32fh:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E055F58F-F9FB-4B27-841E-61ECAB5F42B8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8101-32fh-o:-:*:*:*:*:*:*:*",
"matchCriteriaId": "437EBDAF-0633-409C-9EA4-DAD099D553B6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8101-32h-o:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8153C555-9AF4-4793-8F27-B01F1B3D76B9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8102-28fh-dpu-o:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F0229018-3C4A-4174-B50F-F352FB1CCF9A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8102-64h:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A3C3DDAC-7D0F-4D1D-9632-F001F2EB5D34",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8102-64h-o:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2B14EC7C-4916-49C8-B919-E0149A4C44BF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8111-32eh-o:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9E0443E9-9309-4503-9D21-ED5359F87E71",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8122-64eh-o:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9911F911-E322-4B0F-B31A-8FDA80D7AE5B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8122-64ehf-o:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5FA5968D-7167-4D7D-A055-6F3C8023B496",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8201:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3D8E7FFF-82A8-4ECB-BA0C-CBF0C2FDA3A3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8201-24h8fh:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7A554611-6B1B-482E-AF77-CD032EA7A978",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8201-32fh:-:*:*:*:*:*:*:*",
"matchCriteriaId": "528BE0D3-E5ED-4836-B0D8-0C8508C5BDD7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8201-32fh-o:-:*:*:*:*:*:*:*",
"matchCriteriaId": "321767C3-BEBB-4A70-A4BF-4EED7E6669D9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8202:-:*:*:*:*:*:*:*",
"matchCriteriaId": "87DC4C2F-01C5-4D89-8D79-E5D28EDAD0F2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8202-32fh-m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "17EF50F5-0A9F-4649-BEBB-1F181E27C5B7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8212-48fh-m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "59AB5F5A-2346-4F4B-A6ED-1884C5BE9353",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8404:-:*:*:*:*:*:*:*",
"matchCriteriaId": "540DCD6A-722D-4173-8046-885FEFA23A14",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8501-sys-mt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "18A5A74F-458A-4D51-B487-949E637E58AD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8608:-:*:*:*:*:*:*:*",
"matchCriteriaId": "58B8D161-2D5E-4BD8-9518-B2FAB73ADEEE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8700:-:*:*:*:*:*:*:*",
"matchCriteriaId": "115B1C4A-A508-4F22-8E15-545AB4301017",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8711-32fh-m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D4DF4211-FC4B-4A4A-9154-D64F0B84EEA3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8712-mod-m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3432E52B-6914-4DF2-8D7C-C19A435BF542",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8804:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6655851F-58D9-49D9-A56E-8440A7F7BB45",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8808:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F5E2AE67-DED3-4414-A194-386ADB2C8DC7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8812:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3920133A-684D-4A9F-B65A-FF4EAE5052E5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8818:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9ED06361-5A68-4656-AEA5-240C290594CD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540-12z20g-sys-a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D5494B4B-0BB4-48AE-8B0D-04DE649F9313",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540-12z20g-sys-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B3A0C835-6C98-4AB6-89FF-C27117BB6B12",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540-24q2c2dd-sys:-:*:*:*:*:*:*:*",
"matchCriteriaId": "24550EBB-6FEE-4916-B58A-5FD8E45E962B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540-24q8l2dd-sys:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AAD71DBE-AE18-49FA-826E-52D87A73F496",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540-24z8q2c-sys:-:*:*:*:*:*:*:*",
"matchCriteriaId": "395F25CD-FDF5-48D7-A048-A6B4F4779EC9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540-28z4c-sys-a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2E926BBC-F5C5-4D02-8A62-F1A5DE3C54DA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540-28z4c-sys-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EFB1323A-C472-4EA1-A969-1D1C10AB0CE8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540-6z14s-sys-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A64FB4E3-4393-4A89-B6FB-E990D33427C5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540-6z18g-sys-a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E2E585D1-F2E7-4CBE-ACA2-6552ACDF492A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540-6z18g-sys-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "44BB03A0-9152-444B-B5CD-70F4CBD53D03",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540-acc-sys:-:*:*:*:*:*:*:*",
"matchCriteriaId": "124CE49C-1C2B-40A5-8F59-7A223766E12F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540-fh-agg:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3D7DFE35-76BA-4BAE-9C4B-0625DAE573B0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540-fh-csr-sys:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1645EAA7-0847-4418-BA9B-FA8E36B59626",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540x-12z16g-sys-a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A83F3D33-0674-4F74-AEA9-BC824D8536F5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540x-12z16g-sys-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "784A450D-8DCA-43E5-8044-A9F2363FB006",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540x-16z4g8q2c-a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "92E88ED4-C2AF-407C-A395-3D7806D68758",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540x-16z4g8q2c-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2DA11E43-F821-45F6-A2DB-E1EBC8BDE68B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540x-16z8q2c-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A93F10D9-CF79-4DF2-964C-D423D1C1D993",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540x-4z14g2q-a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A52A23CF-2D33-46CD-9784-D54826F63C71",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540x-4z14g2q-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BB9BD2FE-BADB-489F-B832-2EF53F8679E6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540x-6z18g-sys-a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "42610AAA-9830-44C3-8D1D-2433FCA0541B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540x-6z18g-sys-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "31CE816F-858C-421A-99D1-FCD4BB5FAD47",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540x-8z16g-sys-a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2C4A522F-560C-438D-AB68-BF0175C06F78",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540x-8z16g-sys-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A405E23C-24BC-42C8-99DB-D8E5EFD98261",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540x-acc-sys:-:*:*:*:*:*:*:*",
"matchCriteriaId": "871D84C5-71EE-4B82-A48C-A1CC68DA332A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_57b1-5dse-sys:-:*:*:*:*:*:*:*",
"matchCriteriaId": "13EEDD1C-25BC-4AFA-AF60-66DE36927528",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_57b1-6d24-sys:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5CD3B06B-864E-4A35-B0C3-1654390022D2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_57c1-48q6-sys:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AD1B4F37-5AAA-4F40-8865-226289CB5CEB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the SSH client feature of Cisco IOS XR Software for Cisco 8000 Series Routers and Cisco Network Convergence System (NCS) 540 Series and 5700 Series Routers could allow an authenticated, local attacker to elevate privileges on an affected device. \r\n\r This vulnerability is due to insufficient validation of arguments that are included with the SSH client CLI command. An attacker with low-privileged access to an affected device could exploit this vulnerability by issuing a crafted SSH client command to the CLI. A successful exploit could allow the attacker to elevate privileges to root on the affected device."
},
{
"lang": "es",
"value": "Una vulnerabilidad en la funci\u00f3n de cliente SSH del software Cisco IOS XR para los enrutadores Cisco de la serie 8000 y los enrutadores Cisco Network Convergence System (NCS) de las series 540 y 5700 podr\u00eda permitir que un atacante local autenticado eleve los privilegios en un dispositivo afectado. Esta vulnerabilidad se debe a una validaci\u00f3n insuficiente de los argumentos que se incluyen con el comando CLI del cliente SSH. Un atacante con acceso con pocos privilegios a un dispositivo afectado podr\u00eda aprovechar esta vulnerabilidad emitiendo un comando de cliente SSH manipulado a la CLI. Un exploit exitoso podr\u00eda permitir al atacante elevar los privilegios a root en el dispositivo afectado."
}
],
"id": "CVE-2024-20320",
"lastModified": "2025-08-05T14:40:07.707",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "psirt@cisco.com",
"type": "Secondary"
}
]
},
"published": "2024-03-13T17:15:48.193",
"references": [
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-ssh-privesc-eWDMKew3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-ssh-privesc-eWDMKew3"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-266"
}
],
"source": "psirt@cisco.com",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-03-13 17:15
Modified
2025-08-05 14:41
Severity ?
Summary
A vulnerability in the access control list (ACL) processing on Pseudowire interfaces in the ingress direction of Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass a configured ACL.
This vulnerability is due to improper assignment of lookup keys to internal interface contexts. An attacker could exploit this vulnerability by attempting to send traffic through an affected device. A successful exploit could allow the attacker to access resources behind the affected device that were supposed to be protected by a configured ACL.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E1ED2B72-A65C-47E4-87B3-D83F29428396",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.11:*:*:*:*:*:*:*",
"matchCriteriaId": "FC973609-4C39-4B38-A5E3-94C841F89E02",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:8011-4g24y4h-i:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1C422517-1BC8-4BCE-97E8-A2C165C7BB64",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8101-32fh:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E055F58F-F9FB-4B27-841E-61ECAB5F42B8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8101-32fh-o:-:*:*:*:*:*:*:*",
"matchCriteriaId": "437EBDAF-0633-409C-9EA4-DAD099D553B6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8101-32h-o:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8153C555-9AF4-4793-8F27-B01F1B3D76B9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8102-28fh-dpu-o:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F0229018-3C4A-4174-B50F-F352FB1CCF9A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8102-64h:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A3C3DDAC-7D0F-4D1D-9632-F001F2EB5D34",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8102-64h-o:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2B14EC7C-4916-49C8-B919-E0149A4C44BF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8111-32eh-o:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9E0443E9-9309-4503-9D21-ED5359F87E71",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8122-64eh-o:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9911F911-E322-4B0F-B31A-8FDA80D7AE5B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8122-64ehf-o:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5FA5968D-7167-4D7D-A055-6F3C8023B496",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8201:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3D8E7FFF-82A8-4ECB-BA0C-CBF0C2FDA3A3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8201-24h8fh:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7A554611-6B1B-482E-AF77-CD032EA7A978",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8201-32fh:-:*:*:*:*:*:*:*",
"matchCriteriaId": "528BE0D3-E5ED-4836-B0D8-0C8508C5BDD7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8201-32fh-o:-:*:*:*:*:*:*:*",
"matchCriteriaId": "321767C3-BEBB-4A70-A4BF-4EED7E6669D9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8202:-:*:*:*:*:*:*:*",
"matchCriteriaId": "87DC4C2F-01C5-4D89-8D79-E5D28EDAD0F2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8202-32fh-m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "17EF50F5-0A9F-4649-BEBB-1F181E27C5B7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8212-48fh-m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "59AB5F5A-2346-4F4B-A6ED-1884C5BE9353",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8404:-:*:*:*:*:*:*:*",
"matchCriteriaId": "540DCD6A-722D-4173-8046-885FEFA23A14",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8501-sys-mt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "18A5A74F-458A-4D51-B487-949E637E58AD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8608:-:*:*:*:*:*:*:*",
"matchCriteriaId": "58B8D161-2D5E-4BD8-9518-B2FAB73ADEEE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8700:-:*:*:*:*:*:*:*",
"matchCriteriaId": "115B1C4A-A508-4F22-8E15-545AB4301017",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8711-32fh-m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D4DF4211-FC4B-4A4A-9154-D64F0B84EEA3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8712-mod-m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3432E52B-6914-4DF2-8D7C-C19A435BF542",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8804:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6655851F-58D9-49D9-A56E-8440A7F7BB45",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8808:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F5E2AE67-DED3-4414-A194-386ADB2C8DC7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8812:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3920133A-684D-4A9F-B65A-FF4EAE5052E5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8818:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9ED06361-5A68-4656-AEA5-240C290594CD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540-12z20g-sys-a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D5494B4B-0BB4-48AE-8B0D-04DE649F9313",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540-12z20g-sys-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B3A0C835-6C98-4AB6-89FF-C27117BB6B12",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540-24q2c2dd-sys:-:*:*:*:*:*:*:*",
"matchCriteriaId": "24550EBB-6FEE-4916-B58A-5FD8E45E962B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540-24q8l2dd-sys:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AAD71DBE-AE18-49FA-826E-52D87A73F496",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540-24z8q2c-sys:-:*:*:*:*:*:*:*",
"matchCriteriaId": "395F25CD-FDF5-48D7-A048-A6B4F4779EC9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540-28z4c-sys-a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2E926BBC-F5C5-4D02-8A62-F1A5DE3C54DA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540-28z4c-sys-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EFB1323A-C472-4EA1-A969-1D1C10AB0CE8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540-6z14s-sys-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A64FB4E3-4393-4A89-B6FB-E990D33427C5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540-6z18g-sys-a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E2E585D1-F2E7-4CBE-ACA2-6552ACDF492A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540-6z18g-sys-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "44BB03A0-9152-444B-B5CD-70F4CBD53D03",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540-acc-sys:-:*:*:*:*:*:*:*",
"matchCriteriaId": "124CE49C-1C2B-40A5-8F59-7A223766E12F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540-fh-agg:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3D7DFE35-76BA-4BAE-9C4B-0625DAE573B0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540-fh-csr-sys:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1645EAA7-0847-4418-BA9B-FA8E36B59626",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540x-12z16g-sys-a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A83F3D33-0674-4F74-AEA9-BC824D8536F5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540x-12z16g-sys-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "784A450D-8DCA-43E5-8044-A9F2363FB006",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540x-16z4g8q2c-a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "92E88ED4-C2AF-407C-A395-3D7806D68758",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540x-16z4g8q2c-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2DA11E43-F821-45F6-A2DB-E1EBC8BDE68B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540x-16z8q2c-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A93F10D9-CF79-4DF2-964C-D423D1C1D993",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540x-4z14g2q-a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A52A23CF-2D33-46CD-9784-D54826F63C71",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540x-4z14g2q-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BB9BD2FE-BADB-489F-B832-2EF53F8679E6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540x-6z18g-sys-a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "42610AAA-9830-44C3-8D1D-2433FCA0541B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540x-6z18g-sys-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "31CE816F-858C-421A-99D1-FCD4BB5FAD47",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540x-8z16g-sys-a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2C4A522F-560C-438D-AB68-BF0175C06F78",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540x-8z16g-sys-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A405E23C-24BC-42C8-99DB-D8E5EFD98261",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540x-acc-sys:-:*:*:*:*:*:*:*",
"matchCriteriaId": "871D84C5-71EE-4B82-A48C-A1CC68DA332A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5501:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0A972EFE-4F7E-4BFC-8631-66A2D16B74A3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5501-se:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1B254955-C485-45D7-A19B-E78CE1D997AD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5502:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7F72AEF0-EE70-40F8-B52B-1390820B87BB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5502-se:-:*:*:*:*:*:*:*",
"matchCriteriaId": "50C7B71A-2559-4E90-BAAA-C6FAAFE35FC3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5504:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6AC4E089-296D-4C19-BF21-DDF2501DD77C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5508:-:*:*:*:*:*:*:*",
"matchCriteriaId": "43D21B01-A754-474F-8E46-14D733AB307E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5516:-:*:*:*:*:*:*:*",
"matchCriteriaId": "17D6424C-972F-459C-B8F7-04FFD9F541BC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_55a1-24h:-:*:*:*:*:*:*:*",
"matchCriteriaId": "281FC7F6-C3E2-405F-83C4-A0AD7ECAF213",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_55a1-24q6h-s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DA339C23-841E-44A0-A6F5-B12B904A000E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_55a1-24q6h-ss:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C57DBC4F-102C-490D-B69D-7E21CF0C7F60",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_55a1-36h:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7440BF48-60A5-4BF2-8D75-63E3AF3ACCC9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_55a1-36h-se:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4A64CD22-3E53-4848-B526-DAAAB427626A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_55a1-48q6h:-:*:*:*:*:*:*:*",
"matchCriteriaId": "98157A1D-224F-4BF0-9AA9-07CB1807AD12",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_55a2-mod-hd-s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A94BAC7E-F0F9-4E20-9DBE-C1E13585BE7A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_55a2-mod-s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B0874ECF-6237-44EE-BFA6-E639AAD43F68",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_55a2-mod-se-s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B1DD4339-512E-4422-93F4-CEF836FF1EDD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_560-4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BB01E968-E838-4D3C-B603-BF7E4E0F8A2C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_560-7:-:*:*:*:*:*:*:*",
"matchCriteriaId": "08864A59-0840-4407-8D30-9CE34BAF05E7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_57b1-5dse-sys:-:*:*:*:*:*:*:*",
"matchCriteriaId": "13EEDD1C-25BC-4AFA-AF60-66DE36927528",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_57b1-6d24-sys:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5CD3B06B-864E-4A35-B0C3-1654390022D2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_57c1-48q6-sys:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AD1B4F37-5AAA-4F40-8865-226289CB5CEB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_57c3-mod-sys:-:*:*:*:*:*:*:*",
"matchCriteriaId": "355F78C3-C07F-48C3-9B6E-55714EAA7331",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_57d2-18dd-sys:-:*:*:*:*:*:*:*",
"matchCriteriaId": "976AC38F-5873-41ED-82B6-31C22FCC6BEE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the access control list (ACL) processing on Pseudowire interfaces in the ingress direction of Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass a configured ACL.\r\n\r This vulnerability is due to improper assignment of lookup keys to internal interface contexts. An attacker could exploit this vulnerability by attempting to send traffic through an affected device. A successful exploit could allow the attacker to access resources behind the affected device that were supposed to be protected by a configured ACL."
},
{
"lang": "es",
"value": "Una vulnerabilidad en el procesamiento de la lista de control de acceso (ACL) en interfaces Pseudowire en la direcci\u00f3n de ingreso del software Cisco IOS XR podr\u00eda permitir que un atacante remoto no autenticado omita una ACL configurada. Esta vulnerabilidad se debe a una asignaci\u00f3n incorrecta de claves de b\u00fasqueda a contextos de interfaz interna. Un atacante podr\u00eda aprovechar esta vulnerabilidad intentando enviar tr\u00e1fico a trav\u00e9s de un dispositivo afectado. Un exploit exitoso podr\u00eda permitir al atacante acceder a recursos detr\u00e1s del dispositivo afectado que se supon\u00eda estaban protegidos por una ACL configurada."
}
],
"id": "CVE-2024-20322",
"lastModified": "2025-08-05T14:41:53.510",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "psirt@cisco.com",
"type": "Secondary"
}
]
},
"published": "2024-03-13T17:15:48.407",
"references": [
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-acl-bypass-RZU5NL3e"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-acl-bypass-RZU5NL3e"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "psirt@cisco.com",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-07-10 16:15
Modified
2025-08-04 17:44
Severity ?
Summary
A vulnerability in the boot process of Cisco IOS XR Software could allow an authenticated, local attacker with high privileges to bypass the Cisco Secure Boot functionality and load unverified software on an affected device. To exploit this successfully, the attacker must have root-system privileges on the affected device.
This vulnerability is due to an error in the software build process. An attacker could exploit this vulnerability by manipulating the system’s configuration options to bypass some of the integrity checks that are performed during the booting process. A successful exploit could allow the attacker to control the boot configuration, which could enable them to bypass of the requirement to run Cisco signed images or alter the security properties of the running system.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ios_xr:24.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D64E1C4D-46B0-4A18-B8EE-BEA732CBF1F8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:8011-4g24y4h-i:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1C422517-1BC8-4BCE-97E8-A2C165C7BB64",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8101-32fh:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E055F58F-F9FB-4B27-841E-61ECAB5F42B8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8101-32fh-o:-:*:*:*:*:*:*:*",
"matchCriteriaId": "437EBDAF-0633-409C-9EA4-DAD099D553B6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8101-32h-o:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8153C555-9AF4-4793-8F27-B01F1B3D76B9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8102-28fh-dpu-o:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F0229018-3C4A-4174-B50F-F352FB1CCF9A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8102-64h:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A3C3DDAC-7D0F-4D1D-9632-F001F2EB5D34",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8102-64h-o:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2B14EC7C-4916-49C8-B919-E0149A4C44BF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8111-32eh-o:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9E0443E9-9309-4503-9D21-ED5359F87E71",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8122-64eh-o:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9911F911-E322-4B0F-B31A-8FDA80D7AE5B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8122-64ehf-o:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5FA5968D-7167-4D7D-A055-6F3C8023B496",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8201:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3D8E7FFF-82A8-4ECB-BA0C-CBF0C2FDA3A3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8201-24h8fh:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7A554611-6B1B-482E-AF77-CD032EA7A978",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8201-32fh:-:*:*:*:*:*:*:*",
"matchCriteriaId": "528BE0D3-E5ED-4836-B0D8-0C8508C5BDD7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8201-32fh-o:-:*:*:*:*:*:*:*",
"matchCriteriaId": "321767C3-BEBB-4A70-A4BF-4EED7E6669D9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8202:-:*:*:*:*:*:*:*",
"matchCriteriaId": "87DC4C2F-01C5-4D89-8D79-E5D28EDAD0F2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8202-32fh-m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "17EF50F5-0A9F-4649-BEBB-1F181E27C5B7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8212-48fh-m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "59AB5F5A-2346-4F4B-A6ED-1884C5BE9353",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8404:-:*:*:*:*:*:*:*",
"matchCriteriaId": "540DCD6A-722D-4173-8046-885FEFA23A14",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8501-sys-mt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "18A5A74F-458A-4D51-B487-949E637E58AD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8608:-:*:*:*:*:*:*:*",
"matchCriteriaId": "58B8D161-2D5E-4BD8-9518-B2FAB73ADEEE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8700:-:*:*:*:*:*:*:*",
"matchCriteriaId": "115B1C4A-A508-4F22-8E15-545AB4301017",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8711-32fh-m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D4DF4211-FC4B-4A4A-9154-D64F0B84EEA3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8712-mod-m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3432E52B-6914-4DF2-8D7C-C19A435BF542",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8804:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6655851F-58D9-49D9-A56E-8440A7F7BB45",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8808:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F5E2AE67-DED3-4414-A194-386ADB2C8DC7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8812:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3920133A-684D-4A9F-B65A-FF4EAE5052E5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8818:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9ED06361-5A68-4656-AEA5-240C290594CD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_1010:-:*:*:*:*:*:*:*",
"matchCriteriaId": "97D1123D-39F9-4D22-99CE-F28CA57FE191",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_1014:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F2E3F337-0CF5-456E-B313-DC3ED4BF9D9B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540-12z20g-sys-a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D5494B4B-0BB4-48AE-8B0D-04DE649F9313",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540-12z20g-sys-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B3A0C835-6C98-4AB6-89FF-C27117BB6B12",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540-24q2c2dd-sys:-:*:*:*:*:*:*:*",
"matchCriteriaId": "24550EBB-6FEE-4916-B58A-5FD8E45E962B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540-24q8l2dd-sys:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AAD71DBE-AE18-49FA-826E-52D87A73F496",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540-24z8q2c-sys:-:*:*:*:*:*:*:*",
"matchCriteriaId": "395F25CD-FDF5-48D7-A048-A6B4F4779EC9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540-28z4c-sys-a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2E926BBC-F5C5-4D02-8A62-F1A5DE3C54DA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540-28z4c-sys-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EFB1323A-C472-4EA1-A969-1D1C10AB0CE8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540-6z14s-sys-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A64FB4E3-4393-4A89-B6FB-E990D33427C5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540-6z18g-sys-a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E2E585D1-F2E7-4CBE-ACA2-6552ACDF492A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540-6z18g-sys-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "44BB03A0-9152-444B-B5CD-70F4CBD53D03",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540-acc-sys:-:*:*:*:*:*:*:*",
"matchCriteriaId": "124CE49C-1C2B-40A5-8F59-7A223766E12F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540-fh-agg:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3D7DFE35-76BA-4BAE-9C4B-0625DAE573B0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540-fh-csr-sys:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1645EAA7-0847-4418-BA9B-FA8E36B59626",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540x-12z16g-sys-a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A83F3D33-0674-4F74-AEA9-BC824D8536F5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540x-12z16g-sys-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "784A450D-8DCA-43E5-8044-A9F2363FB006",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540x-16z4g8q2c-a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "92E88ED4-C2AF-407C-A395-3D7806D68758",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540x-16z4g8q2c-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2DA11E43-F821-45F6-A2DB-E1EBC8BDE68B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540x-16z8q2c-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A93F10D9-CF79-4DF2-964C-D423D1C1D993",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540x-4z14g2q-a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A52A23CF-2D33-46CD-9784-D54826F63C71",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540x-4z14g2q-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BB9BD2FE-BADB-489F-B832-2EF53F8679E6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540x-6z18g-sys-a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "42610AAA-9830-44C3-8D1D-2433FCA0541B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540x-6z18g-sys-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "31CE816F-858C-421A-99D1-FCD4BB5FAD47",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540x-8z16g-sys-a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2C4A522F-560C-438D-AB68-BF0175C06F78",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540x-8z16g-sys-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A405E23C-24BC-42C8-99DB-D8E5EFD98261",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540x-acc-sys:-:*:*:*:*:*:*:*",
"matchCriteriaId": "871D84C5-71EE-4B82-A48C-A1CC68DA332A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_57b1-5dse-sys:-:*:*:*:*:*:*:*",
"matchCriteriaId": "13EEDD1C-25BC-4AFA-AF60-66DE36927528",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_57b1-6d24-sys:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5CD3B06B-864E-4A35-B0C3-1654390022D2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_57c1-48q6-sys:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AD1B4F37-5AAA-4F40-8865-226289CB5CEB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_57d2-18dd-sys:-:*:*:*:*:*:*:*",
"matchCriteriaId": "976AC38F-5873-41ED-82B6-31C22FCC6BEE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the boot process of Cisco IOS XR Software could allow an authenticated, local attacker with high privileges to bypass the Cisco Secure Boot functionality and load unverified software on an affected device. To exploit this successfully, the attacker must have root-system privileges on the affected device.\r\n\r This vulnerability is due to an error in the software build process. An attacker could exploit this vulnerability by manipulating the system\u0026rsquo;s configuration options to bypass some of the integrity checks that are performed during the booting process. A successful exploit could allow the attacker to control the boot configuration, which could enable them to bypass of the requirement to run Cisco signed images or alter the security properties of the running system."
},
{
"lang": "es",
"value": "Una vulnerabilidad en el proceso de arranque del software Cisco IOS XR podr\u00eda permitir que un atacante local autenticado con altos privilegios omita la funcionalidad de arranque seguro de Cisco y cargue software no verificado en un dispositivo afectado. Para aprovechar esto con \u00e9xito, el atacante debe tener privilegios de system root en el dispositivo afectado. Esta vulnerabilidad se debe a un error en el proceso de compilaci\u00f3n del software. Un atacante podr\u00eda aprovechar esta vulnerabilidad manipulando las opciones de configuraci\u00f3n del sistema para omitir algunas de las comprobaciones de integridad que se realizan durante el proceso de arranque. Un exploit exitoso podr\u00eda permitir al atacante controlar la configuraci\u00f3n de arranque, lo que podr\u00eda permitirle eludir el requisito de ejecutar im\u00e1genes firmadas de Cisco o alterar las propiedades de seguridad del sistema en ejecuci\u00f3n."
}
],
"id": "CVE-2024-20456",
"lastModified": "2025-08-04T17:44:16.417",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9,
"source": "psirt@cisco.com",
"type": "Secondary"
}
]
},
"published": "2024-07-10T16:15:03.703",
"references": [
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xr-secure-boot-quD5g8Ap"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xr-secure-boot-quD5g8Ap"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-732"
}
],
"source": "psirt@cisco.com",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-03-12 16:15
Modified
2025-08-06 17:04
Severity ?
Summary
A vulnerability in the boot process of Cisco IOS XR Software could allow an authenticated, local attacker to bypass Cisco IOS XR image signature verification and load unverified software on an affected device. To exploit this vulnerability, the attacker must have root-system privileges on the affected device.
This vulnerability is due to incomplete validation of files in the boot verification process. An attacker could exploit this vulnerability by manipulating the system configuration options to bypass some of the integrity checks that are performed during the boot process. A successful exploit could allow the attacker to control the boot configuration, which could enable them to bypass the requirement to run Cisco-signed images or alter the security properties of the running system.
Note: Because exploitation of this vulnerability could result in the attacker bypassing Cisco image verification, Cisco has raised the Security Impact Rating (SIR) of this advisory from Medium to High.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8EC4CBFD-BFB8-4D89-B5F7-3CBD156778A7",
"versionEndExcluding": "7.11.21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DCAF5A0C-D731-4BE1-AAD8-88ADDB8A65DE",
"versionEndExcluding": "24.2.2",
"versionStartIncluding": "24.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5C9D6AD9-652C-491A-9B61-04691D82BBBE",
"versionEndExcluding": "24.3.2",
"versionStartIncluding": "24.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:24.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1FCE9AC2-F70A-4B54-8B1C-8F28E4FB32D3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:8011-4g24y4h-i:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1C422517-1BC8-4BCE-97E8-A2C165C7BB64",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8101-32fh:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E055F58F-F9FB-4B27-841E-61ECAB5F42B8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8101-32fh-o:-:*:*:*:*:*:*:*",
"matchCriteriaId": "437EBDAF-0633-409C-9EA4-DAD099D553B6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8101-32h-o:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8153C555-9AF4-4793-8F27-B01F1B3D76B9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8102-28fh-dpu-o:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F0229018-3C4A-4174-B50F-F352FB1CCF9A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8102-64h:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A3C3DDAC-7D0F-4D1D-9632-F001F2EB5D34",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8102-64h-o:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2B14EC7C-4916-49C8-B919-E0149A4C44BF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8111-32eh-o:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9E0443E9-9309-4503-9D21-ED5359F87E71",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8122-64eh-o:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9911F911-E322-4B0F-B31A-8FDA80D7AE5B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8122-64ehf-o:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5FA5968D-7167-4D7D-A055-6F3C8023B496",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8201:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3D8E7FFF-82A8-4ECB-BA0C-CBF0C2FDA3A3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8201-24h8fh:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7A554611-6B1B-482E-AF77-CD032EA7A978",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8201-32fh:-:*:*:*:*:*:*:*",
"matchCriteriaId": "528BE0D3-E5ED-4836-B0D8-0C8508C5BDD7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8201-32fh-o:-:*:*:*:*:*:*:*",
"matchCriteriaId": "321767C3-BEBB-4A70-A4BF-4EED7E6669D9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8202:-:*:*:*:*:*:*:*",
"matchCriteriaId": "87DC4C2F-01C5-4D89-8D79-E5D28EDAD0F2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8202-32fh-m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "17EF50F5-0A9F-4649-BEBB-1F181E27C5B7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8212-48fh-m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "59AB5F5A-2346-4F4B-A6ED-1884C5BE9353",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8404:-:*:*:*:*:*:*:*",
"matchCriteriaId": "540DCD6A-722D-4173-8046-885FEFA23A14",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8501-sys-mt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "18A5A74F-458A-4D51-B487-949E637E58AD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8608:-:*:*:*:*:*:*:*",
"matchCriteriaId": "58B8D161-2D5E-4BD8-9518-B2FAB73ADEEE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8700:-:*:*:*:*:*:*:*",
"matchCriteriaId": "115B1C4A-A508-4F22-8E15-545AB4301017",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8711-32fh-m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D4DF4211-FC4B-4A4A-9154-D64F0B84EEA3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8712-mod-m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3432E52B-6914-4DF2-8D7C-C19A435BF542",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8804:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6655851F-58D9-49D9-A56E-8440A7F7BB45",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8808:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F5E2AE67-DED3-4414-A194-386ADB2C8DC7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8812:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3920133A-684D-4A9F-B65A-FF4EAE5052E5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8818:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9ED06361-5A68-4656-AEA5-240C290594CD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_1010:-:*:*:*:*:*:*:*",
"matchCriteriaId": "97D1123D-39F9-4D22-99CE-F28CA57FE191",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_1014:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F2E3F337-0CF5-456E-B313-DC3ED4BF9D9B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540-12z20g-sys-a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D5494B4B-0BB4-48AE-8B0D-04DE649F9313",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540-12z20g-sys-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B3A0C835-6C98-4AB6-89FF-C27117BB6B12",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540-24q2c2dd-sys:-:*:*:*:*:*:*:*",
"matchCriteriaId": "24550EBB-6FEE-4916-B58A-5FD8E45E962B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540-24q8l2dd-sys:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AAD71DBE-AE18-49FA-826E-52D87A73F496",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540-24z8q2c-sys:-:*:*:*:*:*:*:*",
"matchCriteriaId": "395F25CD-FDF5-48D7-A048-A6B4F4779EC9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540-28z4c-sys-a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2E926BBC-F5C5-4D02-8A62-F1A5DE3C54DA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540-28z4c-sys-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EFB1323A-C472-4EA1-A969-1D1C10AB0CE8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540-6z14s-sys-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A64FB4E3-4393-4A89-B6FB-E990D33427C5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540-6z18g-sys-a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E2E585D1-F2E7-4CBE-ACA2-6552ACDF492A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540-6z18g-sys-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "44BB03A0-9152-444B-B5CD-70F4CBD53D03",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540-acc-sys:-:*:*:*:*:*:*:*",
"matchCriteriaId": "124CE49C-1C2B-40A5-8F59-7A223766E12F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540-fh-agg:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3D7DFE35-76BA-4BAE-9C4B-0625DAE573B0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540-fh-csr-sys:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1645EAA7-0847-4418-BA9B-FA8E36B59626",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540x-12z16g-sys-a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A83F3D33-0674-4F74-AEA9-BC824D8536F5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540x-12z16g-sys-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "784A450D-8DCA-43E5-8044-A9F2363FB006",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540x-16z4g8q2c-a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "92E88ED4-C2AF-407C-A395-3D7806D68758",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540x-16z4g8q2c-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2DA11E43-F821-45F6-A2DB-E1EBC8BDE68B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540x-16z8q2c-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A93F10D9-CF79-4DF2-964C-D423D1C1D993",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540x-4z14g2q-a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A52A23CF-2D33-46CD-9784-D54826F63C71",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540x-4z14g2q-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BB9BD2FE-BADB-489F-B832-2EF53F8679E6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540x-6z18g-sys-a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "42610AAA-9830-44C3-8D1D-2433FCA0541B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540x-6z18g-sys-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "31CE816F-858C-421A-99D1-FCD4BB5FAD47",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540x-8z16g-sys-a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2C4A522F-560C-438D-AB68-BF0175C06F78",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540x-8z16g-sys-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A405E23C-24BC-42C8-99DB-D8E5EFD98261",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540x-acc-sys:-:*:*:*:*:*:*:*",
"matchCriteriaId": "871D84C5-71EE-4B82-A48C-A1CC68DA332A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_57b1-5dse-sys:-:*:*:*:*:*:*:*",
"matchCriteriaId": "13EEDD1C-25BC-4AFA-AF60-66DE36927528",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_57b1-6d24-sys:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5CD3B06B-864E-4A35-B0C3-1654390022D2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_57c1-48q6-sys:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AD1B4F37-5AAA-4F40-8865-226289CB5CEB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_57c3-mod-sys:-:*:*:*:*:*:*:*",
"matchCriteriaId": "355F78C3-C07F-48C3-9B6E-55714EAA7331",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_57d2-18dd-sys:-:*:*:*:*:*:*:*",
"matchCriteriaId": "976AC38F-5873-41ED-82B6-31C22FCC6BEE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the boot process of Cisco IOS XR Software could allow an authenticated, local attacker to bypass Cisco IOS XR image signature verification and load unverified software on an affected device. To exploit this vulnerability, the attacker must have root-system privileges on the affected device.\r\n\r\nThis vulnerability is due to incomplete validation of files in the boot verification process. An attacker could exploit this vulnerability by manipulating the system configuration options to bypass some of the integrity checks that are performed during the boot process. A successful exploit could allow the attacker to control the boot configuration, which could enable them to bypass the requirement to run Cisco-signed images or alter the security properties of the running system.\r\nNote: Because exploitation of this vulnerability could result in the attacker bypassing Cisco image verification, Cisco has raised the Security Impact Rating (SIR) of this advisory from Medium to High."
},
{
"lang": "es",
"value": "Una vulnerabilidad en el proceso de arranque del software Cisco IOS XR podr\u00eda permitir que un atacante local autenticado omita la verificaci\u00f3n de la firma de la imagen de Cisco IOS XR e instale software no verificado en un dispositivo afectado. Para explotar esta vulnerabilidad, el atacante debe tener privilegios de administrador en el dispositivo afectado. Esta vulnerabilidad se debe a una validaci\u00f3n incompleta de los archivos durante el proceso de verificaci\u00f3n de arranque. Un atacante podr\u00eda explotarla manipulando las opciones de configuraci\u00f3n del sistema para omitir algunas de las comprobaciones de integridad que se realizan durante el proceso de arranque. Una explotaci\u00f3n exitosa podr\u00eda permitir al atacante controlar la configuraci\u00f3n de arranque, lo que podr\u00eda permitirle omitir el requisito de ejecutar im\u00e1genes firmadas por Cisco o alterar las propiedades de seguridad del sistema en ejecuci\u00f3n. Nota: Dado que la explotaci\u00f3n de esta vulnerabilidad podr\u00eda provocar que el atacante omita la verificaci\u00f3n de la imagen de Cisco, Cisco ha elevado la calificaci\u00f3n de impacto de seguridad (SIR) de este aviso de media a alta."
}
],
"id": "CVE-2025-20177",
"lastModified": "2025-08-06T17:04:34.603",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9,
"source": "psirt@cisco.com",
"type": "Primary"
}
]
},
"published": "2025-03-12T16:15:22.347",
"references": [
{
"source": "psirt@cisco.com",
"tags": [
"Product"
],
"url": "https://blog.apnic.net/2024/09/02/crafting-endless-as-paths-in-bgp/"
},
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-xr-verii-bypass-HhPwQRvx"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-274"
}
],
"source": "psirt@cisco.com",
"type": "Primary"
}
]
}