Vulnerabilites related to cisco - ncs_540-28z4c-sys-d
CVE-2024-20322 (GCVE-0-2024-20322)
Vulnerability from cvelistv5
Published
2024-03-13 16:43
Modified
2024-08-02 19:49
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-284 - Improper Access Control
Summary
A vulnerability in the access control list (ACL) processing on Pseudowire interfaces in the ingress direction of Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass a configured ACL.
This vulnerability is due to improper assignment of lookup keys to internal interface contexts. An attacker could exploit this vulnerability by attempting to send traffic through an affected device. A successful exploit could allow the attacker to access resources behind the affected device that were supposed to be protected by a configured ACL.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco IOS XR Software |
Version: 7.10.2 Version: 7.11.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:59:41.959Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "cisco-sa-iosxr-acl-bypass-RZU5NL3e",
"tags": [
"x_transferred"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-acl-bypass-RZU5NL3e"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:cisco:ios_xr_software:7.10.2:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ios_xr_software",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "7.10.2"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:ios_xr_software:7.11.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ios_xr_software",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "7.11.1"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-20322",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-02T19:47:43.541856Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-02T19:49:57.842Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco IOS XR Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "7.10.2"
},
{
"status": "affected",
"version": "7.11.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the access control list (ACL) processing on Pseudowire interfaces in the ingress direction of Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass a configured ACL.\r\n\r This vulnerability is due to improper assignment of lookup keys to internal interface contexts. An attacker could exploit this vulnerability by attempting to send traffic through an affected device. A successful exploit could allow the attacker to access resources behind the affected device that were supposed to be protected by a configured ACL."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "Improper Access Control",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-13T16:43:53.196Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-iosxr-acl-bypass-RZU5NL3e",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-acl-bypass-RZU5NL3e"
}
],
"source": {
"advisory": "cisco-sa-iosxr-acl-bypass-RZU5NL3e",
"defects": [
"CSCwh77265"
],
"discovery": "INTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2024-20322",
"datePublished": "2024-03-13T16:43:53.196Z",
"dateReserved": "2023-11-08T15:08:07.640Z",
"dateUpdated": "2024-08-02T19:49:57.842Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-20320 (GCVE-0-2024-20320)
Vulnerability from cvelistv5
Published
2024-03-13 16:41
Modified
2024-08-16 18:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-266 - Incorrect Privilege Assignment
Summary
A vulnerability in the SSH client feature of Cisco IOS XR Software for Cisco 8000 Series Routers and Cisco Network Convergence System (NCS) 540 Series and 5700 Series Routers could allow an authenticated, local attacker to elevate privileges on an affected device.
This vulnerability is due to insufficient validation of arguments that are included with the SSH client CLI command. An attacker with low-privileged access to an affected device could exploit this vulnerability by issuing a crafted SSH client command to the CLI. A successful exploit could allow the attacker to elevate privileges to root on the affected device.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco IOS XR Software |
Version: 7.2.1 Version: 7.2.2 Version: 7.3.1 Version: 7.3.15 Version: 7.3.2 Version: 7.3.3 Version: 7.3.5 Version: 7.4.1 Version: 7.4.2 Version: 7.5.1 Version: 7.5.3 Version: 7.5.2 Version: 7.5.4 Version: 7.5.5 Version: 7.6.1 Version: 7.6.2 Version: 7.7.1 Version: 7.7.2 Version: 7.7.21 Version: 7.8.1 Version: 7.8.2 Version: 7.9.1 Version: 7.9.2 Version: 7.9.21 Version: 7.10.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:59:42.846Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "cisco-sa-iosxr-ssh-privesc-eWDMKew3",
"tags": [
"x_transferred"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-ssh-privesc-eWDMKew3"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ios_xr",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "7.2.1"
},
{
"status": "affected",
"version": "7.2.2"
},
{
"status": "affected",
"version": "7.3.1"
},
{
"status": "affected",
"version": "7.3.15"
},
{
"status": "affected",
"version": "7.3.2"
},
{
"status": "affected",
"version": "7.3.3"
},
{
"status": "affected",
"version": "7.3.5"
},
{
"status": "affected",
"version": "7.4.1"
},
{
"status": "affected",
"version": "7.4.2"
},
{
"status": "affected",
"version": "7.5.1"
},
{
"status": "affected",
"version": "7.5.3"
},
{
"status": "affected",
"version": "7.5.2"
},
{
"status": "affected",
"version": "7.5.4"
},
{
"status": "affected",
"version": "7.5.5"
},
{
"status": "affected",
"version": "7.6.1"
},
{
"status": "affected",
"version": "7.6.2"
},
{
"status": "affected",
"version": "7.7.1"
},
{
"status": "affected",
"version": "7.7.2"
},
{
"status": "affected",
"version": "7.7.21"
},
{
"status": "affected",
"version": "7.8.1"
},
{
"status": "affected",
"version": "7.8.2"
},
{
"status": "affected",
"version": "7.9.1"
},
{
"status": "affected",
"version": "7.9.2"
},
{
"status": "affected",
"version": "7.9.21"
},
{
"status": "affected",
"version": "7.10.1"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-20320",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-16T04:00:53.164644Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-16T18:53:02.009Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco IOS XR Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "7.2.1"
},
{
"status": "affected",
"version": "7.2.2"
},
{
"status": "affected",
"version": "7.3.1"
},
{
"status": "affected",
"version": "7.3.15"
},
{
"status": "affected",
"version": "7.3.2"
},
{
"status": "affected",
"version": "7.3.3"
},
{
"status": "affected",
"version": "7.3.5"
},
{
"status": "affected",
"version": "7.4.1"
},
{
"status": "affected",
"version": "7.4.2"
},
{
"status": "affected",
"version": "7.5.1"
},
{
"status": "affected",
"version": "7.5.3"
},
{
"status": "affected",
"version": "7.5.2"
},
{
"status": "affected",
"version": "7.5.4"
},
{
"status": "affected",
"version": "7.5.5"
},
{
"status": "affected",
"version": "7.6.1"
},
{
"status": "affected",
"version": "7.6.2"
},
{
"status": "affected",
"version": "7.7.1"
},
{
"status": "affected",
"version": "7.7.2"
},
{
"status": "affected",
"version": "7.7.21"
},
{
"status": "affected",
"version": "7.8.1"
},
{
"status": "affected",
"version": "7.8.2"
},
{
"status": "affected",
"version": "7.9.1"
},
{
"status": "affected",
"version": "7.9.2"
},
{
"status": "affected",
"version": "7.9.21"
},
{
"status": "affected",
"version": "7.10.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the SSH client feature of Cisco IOS XR Software for Cisco 8000 Series Routers and Cisco Network Convergence System (NCS) 540 Series and 5700 Series Routers could allow an authenticated, local attacker to elevate privileges on an affected device. \r\n\r This vulnerability is due to insufficient validation of arguments that are included with the SSH client CLI command. An attacker with low-privileged access to an affected device could exploit this vulnerability by issuing a crafted SSH client command to the CLI. A successful exploit could allow the attacker to elevate privileges to root on the affected device."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-266",
"description": "Incorrect Privilege Assignment",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-13T16:41:52.488Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-iosxr-ssh-privesc-eWDMKew3",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-ssh-privesc-eWDMKew3"
}
],
"source": {
"advisory": "cisco-sa-iosxr-ssh-privesc-eWDMKew3",
"defects": [
"CSCwh52374"
],
"discovery": "INTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2024-20320",
"datePublished": "2024-03-13T16:41:52.488Z",
"dateReserved": "2023-11-08T15:08:07.632Z",
"dateUpdated": "2024-08-16T18:53:02.009Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-20177 (GCVE-0-2025-20177)
Vulnerability from cvelistv5
Published
2025-03-12 16:13
Modified
2025-03-14 15:31
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-274 - Improper Handling of Insufficient Privileges
Summary
A vulnerability in the boot process of Cisco IOS XR Software could allow an authenticated, local attacker to bypass Cisco IOS XR image signature verification and load unverified software on an affected device. To exploit this vulnerability, the attacker must have root-system privileges on the affected device.
This vulnerability is due to incomplete validation of files in the boot verification process. An attacker could exploit this vulnerability by manipulating the system configuration options to bypass some of the integrity checks that are performed during the boot process. A successful exploit could allow the attacker to control the boot configuration, which could enable them to bypass the requirement to run Cisco-signed images or alter the security properties of the running system.
Note: Because exploitation of this vulnerability could result in the attacker bypassing Cisco image verification, Cisco has raised the Security Impact Rating (SIR) of this advisory from Medium to High.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco IOS XR Software |
Version: 7.0.1 Version: 7.0.0 Version: 7.1.1 Version: 7.0.90 Version: 6.7.1 Version: 7.0.2 Version: 7.1.15 Version: 7.2.0 Version: 7.2.1 Version: 7.1.2 Version: 6.7.2 Version: 7.0.11 Version: 7.0.12 Version: 7.0.14 Version: 7.1.25 Version: 7.2.12 Version: 7.3.1 Version: 7.1.3 Version: 6.7.3 Version: 7.4.1 Version: 7.2.2 Version: 6.7.4 Version: 7.3.15 Version: 7.3.16 Version: 6.8.1 Version: 7.4.15 Version: 7.3.2 Version: 7.5.1 Version: 7.4.16 Version: 7.3.27 Version: 7.6.1 Version: 7.5.2 Version: 7.8.1 Version: 7.6.15 Version: 7.5.12 Version: 7.3.3 Version: 7.7.1 Version: 6.8.2 Version: 7.3.4 Version: 7.4.2 Version: 6.7.35 Version: 6.9.1 Version: 7.6.2 Version: 7.5.3 Version: 7.7.2 Version: 6.9.2 Version: 7.9.1 Version: 7.10.1 Version: 7.8.2 Version: 7.5.4 Version: 7.8.22 Version: 7.7.21 Version: 7.9.2 Version: 7.3.5 Version: 7.5.5 Version: 7.11.1 Version: 7.9.21 Version: 7.10.2 Version: 24.1.1 Version: 7.6.3 Version: 7.3.6 Version: 7.11.2 Version: 24.2.1 Version: 24.1.2 Version: 24.2.11 Version: 24.3.1 Version: 7.8.23 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-20177",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-13T03:55:23.530580Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-14T15:31:19.971Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco IOS XR Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "7.0.1"
},
{
"status": "affected",
"version": "7.0.0"
},
{
"status": "affected",
"version": "7.1.1"
},
{
"status": "affected",
"version": "7.0.90"
},
{
"status": "affected",
"version": "6.7.1"
},
{
"status": "affected",
"version": "7.0.2"
},
{
"status": "affected",
"version": "7.1.15"
},
{
"status": "affected",
"version": "7.2.0"
},
{
"status": "affected",
"version": "7.2.1"
},
{
"status": "affected",
"version": "7.1.2"
},
{
"status": "affected",
"version": "6.7.2"
},
{
"status": "affected",
"version": "7.0.11"
},
{
"status": "affected",
"version": "7.0.12"
},
{
"status": "affected",
"version": "7.0.14"
},
{
"status": "affected",
"version": "7.1.25"
},
{
"status": "affected",
"version": "7.2.12"
},
{
"status": "affected",
"version": "7.3.1"
},
{
"status": "affected",
"version": "7.1.3"
},
{
"status": "affected",
"version": "6.7.3"
},
{
"status": "affected",
"version": "7.4.1"
},
{
"status": "affected",
"version": "7.2.2"
},
{
"status": "affected",
"version": "6.7.4"
},
{
"status": "affected",
"version": "7.3.15"
},
{
"status": "affected",
"version": "7.3.16"
},
{
"status": "affected",
"version": "6.8.1"
},
{
"status": "affected",
"version": "7.4.15"
},
{
"status": "affected",
"version": "7.3.2"
},
{
"status": "affected",
"version": "7.5.1"
},
{
"status": "affected",
"version": "7.4.16"
},
{
"status": "affected",
"version": "7.3.27"
},
{
"status": "affected",
"version": "7.6.1"
},
{
"status": "affected",
"version": "7.5.2"
},
{
"status": "affected",
"version": "7.8.1"
},
{
"status": "affected",
"version": "7.6.15"
},
{
"status": "affected",
"version": "7.5.12"
},
{
"status": "affected",
"version": "7.3.3"
},
{
"status": "affected",
"version": "7.7.1"
},
{
"status": "affected",
"version": "6.8.2"
},
{
"status": "affected",
"version": "7.3.4"
},
{
"status": "affected",
"version": "7.4.2"
},
{
"status": "affected",
"version": "6.7.35"
},
{
"status": "affected",
"version": "6.9.1"
},
{
"status": "affected",
"version": "7.6.2"
},
{
"status": "affected",
"version": "7.5.3"
},
{
"status": "affected",
"version": "7.7.2"
},
{
"status": "affected",
"version": "6.9.2"
},
{
"status": "affected",
"version": "7.9.1"
},
{
"status": "affected",
"version": "7.10.1"
},
{
"status": "affected",
"version": "7.8.2"
},
{
"status": "affected",
"version": "7.5.4"
},
{
"status": "affected",
"version": "7.8.22"
},
{
"status": "affected",
"version": "7.7.21"
},
{
"status": "affected",
"version": "7.9.2"
},
{
"status": "affected",
"version": "7.3.5"
},
{
"status": "affected",
"version": "7.5.5"
},
{
"status": "affected",
"version": "7.11.1"
},
{
"status": "affected",
"version": "7.9.21"
},
{
"status": "affected",
"version": "7.10.2"
},
{
"status": "affected",
"version": "24.1.1"
},
{
"status": "affected",
"version": "7.6.3"
},
{
"status": "affected",
"version": "7.3.6"
},
{
"status": "affected",
"version": "7.11.2"
},
{
"status": "affected",
"version": "24.2.1"
},
{
"status": "affected",
"version": "24.1.2"
},
{
"status": "affected",
"version": "24.2.11"
},
{
"status": "affected",
"version": "24.3.1"
},
{
"status": "affected",
"version": "7.8.23"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the boot process of Cisco IOS XR Software could allow an authenticated, local attacker to bypass Cisco IOS XR image signature verification and load unverified software on an affected device. To exploit this vulnerability, the attacker must have root-system privileges on the affected device.\r\n\r\nThis vulnerability is due to incomplete validation of files in the boot verification process. An attacker could exploit this vulnerability by manipulating the system configuration options to bypass some of the integrity checks that are performed during the boot process. A successful exploit could allow the attacker to control the boot configuration, which could enable them to bypass the requirement to run Cisco-signed images or alter the security properties of the running system.\r\nNote: Because exploitation of this vulnerability could result in the attacker bypassing Cisco image verification, Cisco has raised the Security Impact Rating (SIR) of this advisory from Medium to High."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-274",
"description": "Improper Handling of Insufficient Privileges",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-12T16:13:04.362Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-ios-xr-verii-bypass-HhPwQRvx",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-xr-verii-bypass-HhPwQRvx"
},
{
"name": "Crafting endless AS-PATHS in BGP",
"url": "https://blog.apnic.net/2024/09/02/crafting-endless-as-paths-in-bgp/"
}
],
"source": {
"advisory": "cisco-sa-ios-xr-verii-bypass-HhPwQRvx",
"defects": [
"CSCwk67262"
],
"discovery": "INTERNAL"
},
"title": "Cisco IOS XR Software Image Verification Bypass Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2025-20177",
"datePublished": "2025-03-12T16:13:04.362Z",
"dateReserved": "2024-10-10T19:15:13.220Z",
"dateUpdated": "2025-03-14T15:31:19.971Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-3120 (GCVE-0-2020-3120)
Vulnerability from cvelistv5
Published
2020-02-05 17:50
Modified
2024-11-15 17:42
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
A vulnerability in the Cisco Discovery Protocol implementation for Cisco FXOS Software, Cisco IOS XR Software, and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to a missing check when the affected software processes Cisco Discovery Protocol messages. An attacker could exploit this vulnerability by sending a malicious Cisco Discovery Protocol packet to an affected device. A successful exploit could allow the attacker to exhaust system memory, causing the device to reload. Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco IOS XR Software |
Version: unspecified < 2.3.1.173 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T07:24:00.647Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20200205 Cisco FXOS, IOS XR, and NX-OS Software Cisco Discovery Protocol Denial of Service Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200205-fxnxos-iosxr-cdp-dos"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/156203/Cisco-Discovery-Protocol-CDP-Remote-Device-Takeover.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-3120",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-15T16:29:31.395421Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-15T17:42:14.893Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco IOS XR Software",
"vendor": "Cisco",
"versions": [
{
"lessThan": "2.3.1.173",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-02-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Cisco Discovery Protocol implementation for Cisco FXOS Software, Cisco IOS XR Software, and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to a missing check when the affected software processes Cisco Discovery Protocol messages. An attacker could exploit this vulnerability by sending a malicious Cisco Discovery Protocol packet to an affected device. A successful exploit could allow the attacker to exhaust system memory, causing the device to reload. Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent)."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is aware of public announcements about the vulnerability that is described in this advisory. Cisco PSIRT is not aware of any malicious use of this vulnerability."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-05T18:06:04",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20200205 Cisco FXOS, IOS XR, and NX-OS Software Cisco Discovery Protocol Denial of Service Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200205-fxnxos-iosxr-cdp-dos"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/156203/Cisco-Discovery-Protocol-CDP-Remote-Device-Takeover.html"
}
],
"source": {
"advisory": "cisco-sa-20200205-fxnxos-iosxr-cdp-dos",
"defect": [
[
"CSCvr14976",
"CSCvr15024",
"CSCvr15072",
"CSCvr15073",
"CSCvr15078",
"CSCvr15079",
"CSCvr15082",
"CSCvr15083",
"CSCvr15111"
]
],
"discovery": "INTERNAL"
},
"title": "Cisco FXOS, IOS XR, and NX-OS Software Cisco Discovery Protocol Denial of Service Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2020-02-05T16:00:00-0800",
"ID": "CVE-2020-3120",
"STATE": "PUBLIC",
"TITLE": "Cisco FXOS, IOS XR, and NX-OS Software Cisco Discovery Protocol Denial of Service Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco IOS XR Software",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_value": "2.3.1.173"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the Cisco Discovery Protocol implementation for Cisco FXOS Software, Cisco IOS XR Software, and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to a missing check when the affected software processes Cisco Discovery Protocol messages. An attacker could exploit this vulnerability by sending a malicious Cisco Discovery Protocol packet to an affected device. A successful exploit could allow the attacker to exhaust system memory, causing the device to reload. Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent)."
}
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is aware of public announcements about the vulnerability that is described in this advisory. Cisco PSIRT is not aware of any malicious use of this vulnerability."
}
],
"impact": {
"cvss": {
"baseScore": "7.4",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-190"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20200205 Cisco FXOS, IOS XR, and NX-OS Software Cisco Discovery Protocol Denial of Service Vulnerability",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200205-fxnxos-iosxr-cdp-dos"
},
{
"name": "http://packetstormsecurity.com/files/156203/Cisco-Discovery-Protocol-CDP-Remote-Device-Takeover.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/156203/Cisco-Discovery-Protocol-CDP-Remote-Device-Takeover.html"
}
]
},
"source": {
"advisory": "cisco-sa-20200205-fxnxos-iosxr-cdp-dos",
"defect": [
[
"CSCvr14976",
"CSCvr15024",
"CSCvr15072",
"CSCvr15073",
"CSCvr15078",
"CSCvr15079",
"CSCvr15082",
"CSCvr15083",
"CSCvr15111"
]
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2020-3120",
"datePublished": "2020-02-05T17:50:18.427416Z",
"dateReserved": "2019-12-12T00:00:00",
"dateUpdated": "2024-11-15T17:42:14.893Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-20141 (GCVE-0-2025-20141)
Vulnerability from cvelistv5
Published
2025-03-12 16:12
Modified
2025-03-21 20:35
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-770 - Allocation of Resources Without Limits or Throttling
Summary
A vulnerability in the handling of specific packets that are punted from a line card to a route processor in Cisco IOS XR Software Release 7.9.2 could allow an unauthenticated, adjacent attacker to cause control plane traffic to stop working on multiple Cisco IOS XR platforms.
This vulnerability is due to incorrect handling of packets that are punted to the route processor. An attacker could exploit this vulnerability by sending traffic, which must be handled by the Linux stack on the route processor, to an affected device. A successful exploit could allow the attacker to cause control plane traffic to stop working, resulting in a denial of service (DoS) condition.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco IOS XR Software |
Version: 7.9.2 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-20141",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-21T20:35:07.856911Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-21T20:35:20.642Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco IOS XR Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "7.9.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the handling of specific packets that are punted from a line card to a route processor in Cisco IOS XR Software Release 7.9.2 could allow an unauthenticated, adjacent attacker to cause control plane traffic to stop working on multiple Cisco IOS XR platforms.\u0026nbsp;\r\n\r\nThis vulnerability is due to incorrect handling of packets that are punted to the route processor. An attacker could exploit this vulnerability by sending traffic, which must be handled by the Linux stack on the route processor, to an affected device. A successful exploit could allow the attacker to cause control plane traffic to stop working, resulting in a denial of service (DoS) condition."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-12T16:12:15.494Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-xr792-bWfVDPY",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xr792-bWfVDPY"
},
{
"name": "Crafting endless AS-PATHS in BGP",
"url": "https://blog.apnic.net/2024/09/02/crafting-endless-as-paths-in-bgp/"
}
],
"source": {
"advisory": "cisco-sa-xr792-bWfVDPY",
"defects": [
"CSCwf89955"
],
"discovery": "INTERNAL"
},
"title": "Cisco IOS XR Software Release 7.9.2 Denial of Service Vulnerabillity"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2025-20141",
"datePublished": "2025-03-12T16:12:15.494Z",
"dateReserved": "2024-10-10T19:15:13.214Z",
"dateUpdated": "2025-03-21T20:35:20.642Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-20144 (GCVE-0-2025-20144)
Vulnerability from cvelistv5
Published
2025-03-12 16:12
Modified
2025-03-21 20:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-284 - Improper Access Control
Summary
A vulnerability in the hybrid access control list (ACL) processing of IPv4 packets in Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass a configured ACL.
This vulnerability is due to incorrect handling of packets when a specific configuration of the hybrid ACL exists. An attacker could exploit this vulnerability by attempting to send traffic through an affected device. A successful exploit could allow the attacker to bypass a configured ACL on the affected device.
For more information, see the section of this advisory.
Cisco has released software updates that address this vulnerability. There are workarounds that address this vulnerability.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco IOS XR Software |
Version: 6.5.3 Version: 6.5.2 Version: 6.5.92 Version: 6.5.1 Version: 6.6.2 Version: 7.0.1 Version: 6.6.25 Version: 6.6.1 Version: 6.5.93 Version: 7.1.1 Version: 7.0.90 Version: 6.6.3 Version: 7.0.2 Version: 7.2.1 Version: 7.1.2 Version: 6.6.4 Version: 7.3.1 Version: 7.4.1 Version: 7.2.2 Version: 7.3.2 Version: 7.5.1 Version: 7.6.1 Version: 7.5.2 Version: 7.7.1 Version: 7.3.3 Version: 7.4.2 Version: 7.3.4 Version: 7.6.2 Version: 7.8.1 Version: 7.5.3 Version: 7.7.2 Version: 7.9.1 Version: 7.8.2 Version: 7.5.4 Version: 7.8.22 Version: 7.10.1 Version: 7.7.21 Version: 7.9.2 Version: 7.3.5 Version: 7.5.5 Version: 7.11.1 Version: 7.10.2 Version: 7.3.6 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-20144",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-21T20:33:04.758400Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-21T20:33:28.254Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco IOS XR Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "6.5.3"
},
{
"status": "affected",
"version": "6.5.2"
},
{
"status": "affected",
"version": "6.5.92"
},
{
"status": "affected",
"version": "6.5.1"
},
{
"status": "affected",
"version": "6.6.2"
},
{
"status": "affected",
"version": "7.0.1"
},
{
"status": "affected",
"version": "6.6.25"
},
{
"status": "affected",
"version": "6.6.1"
},
{
"status": "affected",
"version": "6.5.93"
},
{
"status": "affected",
"version": "7.1.1"
},
{
"status": "affected",
"version": "7.0.90"
},
{
"status": "affected",
"version": "6.6.3"
},
{
"status": "affected",
"version": "7.0.2"
},
{
"status": "affected",
"version": "7.2.1"
},
{
"status": "affected",
"version": "7.1.2"
},
{
"status": "affected",
"version": "6.6.4"
},
{
"status": "affected",
"version": "7.3.1"
},
{
"status": "affected",
"version": "7.4.1"
},
{
"status": "affected",
"version": "7.2.2"
},
{
"status": "affected",
"version": "7.3.2"
},
{
"status": "affected",
"version": "7.5.1"
},
{
"status": "affected",
"version": "7.6.1"
},
{
"status": "affected",
"version": "7.5.2"
},
{
"status": "affected",
"version": "7.7.1"
},
{
"status": "affected",
"version": "7.3.3"
},
{
"status": "affected",
"version": "7.4.2"
},
{
"status": "affected",
"version": "7.3.4"
},
{
"status": "affected",
"version": "7.6.2"
},
{
"status": "affected",
"version": "7.8.1"
},
{
"status": "affected",
"version": "7.5.3"
},
{
"status": "affected",
"version": "7.7.2"
},
{
"status": "affected",
"version": "7.9.1"
},
{
"status": "affected",
"version": "7.8.2"
},
{
"status": "affected",
"version": "7.5.4"
},
{
"status": "affected",
"version": "7.8.22"
},
{
"status": "affected",
"version": "7.10.1"
},
{
"status": "affected",
"version": "7.7.21"
},
{
"status": "affected",
"version": "7.9.2"
},
{
"status": "affected",
"version": "7.3.5"
},
{
"status": "affected",
"version": "7.5.5"
},
{
"status": "affected",
"version": "7.11.1"
},
{
"status": "affected",
"version": "7.10.2"
},
{
"status": "affected",
"version": "7.3.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the hybrid access control list (ACL) processing of IPv4 packets in Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass a configured ACL.\r\n\r\nThis vulnerability is due to incorrect handling of packets when a specific configuration of the hybrid ACL exists. An attacker could exploit this vulnerability by attempting to send traffic through an affected device. A successful exploit could allow the attacker to bypass a configured ACL on the affected device.\r\nFor more information, see the section of this advisory.\r\nCisco has released software updates that address this vulnerability. There are workarounds that address this vulnerability."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "Improper Access Control",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-12T16:12:39.882Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-ncs-hybridacl-crMZFfKQ",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ncs-hybridacl-crMZFfKQ"
},
{
"name": "Crafting endless AS-PATHS in BGP",
"url": "https://blog.apnic.net/2024/09/02/crafting-endless-as-paths-in-bgp/"
}
],
"source": {
"advisory": "cisco-sa-ncs-hybridacl-crMZFfKQ",
"defects": [
"CSCwi49569"
],
"discovery": "INTERNAL"
},
"title": "Cisco IOS XR Software Access Control List Bypass Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2025-20144",
"datePublished": "2025-03-12T16:12:39.882Z",
"dateReserved": "2024-10-10T19:15:13.215Z",
"dateUpdated": "2025-03-21T20:33:28.254Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-20456 (GCVE-0-2024-20456)
Vulnerability from cvelistv5
Published
2024-07-10 16:06
Modified
2024-08-01 21:59
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-732 - Incorrect Permission Assignment for Critical Resource
Summary
A vulnerability in the boot process of Cisco IOS XR Software could allow an authenticated, local attacker with high privileges to bypass the Cisco Secure Boot functionality and load unverified software on an affected device. To exploit this successfully, the attacker must have root-system privileges on the affected device.
This vulnerability is due to an error in the software build process. An attacker could exploit this vulnerability by manipulating the system’s configuration options to bypass some of the integrity checks that are performed during the booting process. A successful exploit could allow the attacker to control the boot configuration, which could enable them to bypass of the requirement to run Cisco signed images or alter the security properties of the running system.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco IOS XR Software |
Version: 24.2.1 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:cisco:ios_xr_software:24.2.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ios_xr_software",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "24.2.1"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-20456",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-11T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-12T03:55:19.039Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:59:42.190Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "cisco-sa-xr-secure-boot-quD5g8Ap",
"tags": [
"x_transferred"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xr-secure-boot-quD5g8Ap"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cisco IOS XR Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "24.2.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the boot process of Cisco IOS XR Software could allow an authenticated, local attacker with high privileges to bypass the Cisco Secure Boot functionality and load unverified software on an affected device. To exploit this successfully, the attacker must have root-system privileges on the affected device.\r\n\r This vulnerability is due to an error in the software build process. An attacker could exploit this vulnerability by manipulating the system\u0026rsquo;s configuration options to bypass some of the integrity checks that are performed during the booting process. A successful exploit could allow the attacker to control the boot configuration, which could enable them to bypass of the requirement to run Cisco signed images or alter the security properties of the running system."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-732",
"description": "Incorrect Permission Assignment for Critical Resource",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-10T16:06:22.104Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-xr-secure-boot-quD5g8Ap",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xr-secure-boot-quD5g8Ap"
}
],
"source": {
"advisory": "cisco-sa-xr-secure-boot-quD5g8Ap",
"defects": [
"CSCwk58609"
],
"discovery": "INTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2024-20456",
"datePublished": "2024-07-10T16:06:22.104Z",
"dateReserved": "2023-11-08T15:08:07.679Z",
"dateUpdated": "2024-08-01T21:59:42.190Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-3118 (GCVE-0-2020-3118)
Vulnerability from cvelistv5
Published
2020-02-05 17:40
Modified
2025-07-30 01:45
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
A vulnerability in the Cisco Discovery Protocol implementation for Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to execute arbitrary code or cause a reload on an affected device. The vulnerability is due to improper validation of string input from certain fields in Cisco Discovery Protocol messages. An attacker could exploit this vulnerability by sending a malicious Cisco Discovery Protocol packet to an affected device. A successful exploit could allow the attacker to cause a stack overflow, which could allow the attacker to execute arbitrary code with administrative privileges on an affected device. Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco IOS XR Software |
Version: unspecified < 6.6.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T07:24:00.571Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20200205 Cisco IOS XR Software Cisco Discovery Protocol Format String Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200205-iosxr-cdp-rce"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/156203/Cisco-Discovery-Protocol-CDP-Remote-Device-Takeover.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-3118",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-08T16:12:28.712809Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2021-11-03",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-3118"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-30T01:45:49.827Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"timeline": [
{
"lang": "en",
"time": "2021-11-03T00:00:00+00:00",
"value": "CVE-2020-3118 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco IOS XR Software",
"vendor": "Cisco",
"versions": [
{
"lessThan": "6.6.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-02-05T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Cisco Discovery Protocol implementation for Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to execute arbitrary code or cause a reload on an affected device. The vulnerability is due to improper validation of string input from certain fields in Cisco Discovery Protocol messages. An attacker could exploit this vulnerability by sending a malicious Cisco Discovery Protocol packet to an affected device. A successful exploit could allow the attacker to cause a stack overflow, which could allow the attacker to execute arbitrary code with administrative privileges on an affected device. Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent)."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is aware of public announcements about this vulnerability. Cisco PSIRT is not aware of any malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-134",
"description": "CWE-134",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-05T18:06:04.000Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20200205 Cisco IOS XR Software Cisco Discovery Protocol Format String Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200205-iosxr-cdp-rce"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/156203/Cisco-Discovery-Protocol-CDP-Remote-Device-Takeover.html"
}
],
"source": {
"advisory": "cisco-sa-20200205-iosxr-cdp-rce",
"defect": [
[
"CSCvr09190"
]
],
"discovery": "INTERNAL"
},
"title": "Cisco IOS XR Software Cisco Discovery Protocol Format String Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2020-02-05T16:00:00-0800",
"ID": "CVE-2020-3118",
"STATE": "PUBLIC",
"TITLE": "Cisco IOS XR Software Cisco Discovery Protocol Format String Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco IOS XR Software",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_value": "6.6.3"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the Cisco Discovery Protocol implementation for Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to execute arbitrary code or cause a reload on an affected device. The vulnerability is due to improper validation of string input from certain fields in Cisco Discovery Protocol messages. An attacker could exploit this vulnerability by sending a malicious Cisco Discovery Protocol packet to an affected device. A successful exploit could allow the attacker to cause a stack overflow, which could allow the attacker to execute arbitrary code with administrative privileges on an affected device. Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent)."
}
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is aware of public announcements about this vulnerability. Cisco PSIRT is not aware of any malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": {
"baseScore": "8.8",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-134"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20200205 Cisco IOS XR Software Cisco Discovery Protocol Format String Vulnerability",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200205-iosxr-cdp-rce"
},
{
"name": "http://packetstormsecurity.com/files/156203/Cisco-Discovery-Protocol-CDP-Remote-Device-Takeover.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/156203/Cisco-Discovery-Protocol-CDP-Remote-Device-Takeover.html"
}
]
},
"source": {
"advisory": "cisco-sa-20200205-iosxr-cdp-rce",
"defect": [
[
"CSCvr09190"
]
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2020-3118",
"datePublished": "2020-02-05T17:40:16.080Z",
"dateReserved": "2019-12-12T00:00:00.000Z",
"dateUpdated": "2025-07-30T01:45:49.827Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2020-02-05 18:15
Modified
2025-02-24 15:35
Severity ?
Summary
A vulnerability in the Cisco Discovery Protocol implementation for Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to execute arbitrary code or cause a reload on an affected device. The vulnerability is due to improper validation of string input from certain fields in Cisco Discovery Protocol messages. An attacker could exploit this vulnerability by sending a malicious Cisco Discovery Protocol packet to an affected device. A successful exploit could allow the attacker to cause a stack overflow, which could allow the attacker to execute arbitrary code with administrative privileges on an affected device. Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).
References
Impacted products
{
"cisaActionDue": "2022-05-03",
"cisaExploitAdd": "2021-11-03",
"cisaRequiredAction": "Apply updates per vendor instructions.",
"cisaVulnerabilityName": "Cisco IOS XR Software Discovery Protocol Format String Vulnerability",
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "024D2B99-34D5-48B0-AFD6-114200D154E5",
"versionEndExcluding": "6.6.12",
"versionStartIncluding": "6.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "00AFC058-2750-4A6F-B321-DF159214FCA5",
"versionEndExcluding": "7.0.2",
"versionStartIncluding": "7.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "86E05C3F-4095-4B9C-8C11-E32567EB14AC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:asr_9000v:-:*:*:*:*:*:*:*",
"matchCriteriaId": "71BD158E-71D8-4DCA-8C09-F8AB7EF0EBDD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9001:-:*:*:*:*:*:*:*",
"matchCriteriaId": "324C97E6-1810-404F-9F45-6240F99FF039",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9006:-:*:*:*:*:*:*:*",
"matchCriteriaId": "57EB55BB-41B7-40A1-B6F5-142FE8AB4C16",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9010:-:*:*:*:*:*:*:*",
"matchCriteriaId": "433F4A82-04A4-4EAA-8C19-F7581DCD8D29",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9901:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2D5E60AB-94FF-448A-89D8-5D2197E21C74",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9904:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A93212A4-50AB-42E7-89A4-5FBBAEA050C3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9906:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EDA53A61-98B3-458C-8893-61CD7D6B1E48",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9910:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F396564E-B477-4A27-A189-CEB737552E25",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9912:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5445CC54-ACFB-4070-AF26-F91FEAA85181",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9922:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D7AA58E5-D7E1-48CF-93FF-C60EB85B2BC7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540-12z20g-sys-a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D5494B4B-0BB4-48AE-8B0D-04DE649F9313",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540-12z20g-sys-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B3A0C835-6C98-4AB6-89FF-C27117BB6B12",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540-24z8q2c-sys:-:*:*:*:*:*:*:*",
"matchCriteriaId": "395F25CD-FDF5-48D7-A048-A6B4F4779EC9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540-28z4c-sys-a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2E926BBC-F5C5-4D02-8A62-F1A5DE3C54DA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540-28z4c-sys-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EFB1323A-C472-4EA1-A969-1D1C10AB0CE8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540-acc-sys:-:*:*:*:*:*:*:*",
"matchCriteriaId": "124CE49C-1C2B-40A5-8F59-7A223766E12F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540x-12z16g-sys-a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A83F3D33-0674-4F74-AEA9-BC824D8536F5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540x-12z16g-sys-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "784A450D-8DCA-43E5-8044-A9F2363FB006",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540x-16z4g8q2c-a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "92E88ED4-C2AF-407C-A395-3D7806D68758",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540x-16z4g8q2c-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2DA11E43-F821-45F6-A2DB-E1EBC8BDE68B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540x-acc-sys:-:*:*:*:*:*:*:*",
"matchCriteriaId": "871D84C5-71EE-4B82-A48C-A1CC68DA332A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5501:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0A972EFE-4F7E-4BFC-8631-66A2D16B74A3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5501-se:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1B254955-C485-45D7-A19B-E78CE1D997AD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5502:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7F72AEF0-EE70-40F8-B52B-1390820B87BB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5502-se:-:*:*:*:*:*:*:*",
"matchCriteriaId": "50C7B71A-2559-4E90-BAAA-C6FAAFE35FC3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5508:-:*:*:*:*:*:*:*",
"matchCriteriaId": "43D21B01-A754-474F-8E46-14D733AB307E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5516:-:*:*:*:*:*:*:*",
"matchCriteriaId": "17D6424C-972F-459C-B8F7-04FFD9F541BC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:xrv_9000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0B529456-23DB-4917-A316-4CFC6AEC9964",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ios_xr:5.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A0B5C0F4-1BEC-4B54-ABF0-948CFF80E5E0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ncs_6000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "523058BF-DE14-4FAD-8A67-C8CA795032D9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_6008:-:*:*:*:*:*:*:*",
"matchCriteriaId": "61AF653C-DCD4-4B20-A555-71120F9A5BB9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E67F538A-3E1A-4749-BB8D-4F8043653B6E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:asr_9000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3FEF8271-315F-4756-931F-015F790BE693",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9000v:-:*:*:*:*:*:*:*",
"matchCriteriaId": "71BD158E-71D8-4DCA-8C09-F8AB7EF0EBDD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9001:-:*:*:*:*:*:*:*",
"matchCriteriaId": "324C97E6-1810-404F-9F45-6240F99FF039",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9006:-:*:*:*:*:*:*:*",
"matchCriteriaId": "57EB55BB-41B7-40A1-B6F5-142FE8AB4C16",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9010:-:*:*:*:*:*:*:*",
"matchCriteriaId": "433F4A82-04A4-4EAA-8C19-F7581DCD8D29",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9901:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2D5E60AB-94FF-448A-89D8-5D2197E21C74",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9903:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FA241214-2F05-4360-9B50-385355E29CF4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9904:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A93212A4-50AB-42E7-89A4-5FBBAEA050C3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9906:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EDA53A61-98B3-458C-8893-61CD7D6B1E48",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9910:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F396564E-B477-4A27-A189-CEB737552E25",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9912:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5445CC54-ACFB-4070-AF26-F91FEAA85181",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9920:-:*:*:*:*:*:*:*",
"matchCriteriaId": "49E7ED87-8AC0-4107-A7A5-F334236E2906",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9922:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D7AA58E5-D7E1-48CF-93FF-C60EB85B2BC7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:crs-x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "62F5E007-0CB6-424C-9AE8-01618C8C44E0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.6.25:*:*:*:*:*:*:*",
"matchCriteriaId": "3DC7F758-5AB7-4A45-A889-BE9DD8D0474E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ncs_560:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D4CC8256-E4F8-4DCB-B69A-40A7C5AA41E8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "82AF763B-9299-4EDC-B42D-B83736839CA1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ncs_540l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7987161E-E0C6-4BBB-91FC-F49A7F4AE6B6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Cisco Discovery Protocol implementation for Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to execute arbitrary code or cause a reload on an affected device. The vulnerability is due to improper validation of string input from certain fields in Cisco Discovery Protocol messages. An attacker could exploit this vulnerability by sending a malicious Cisco Discovery Protocol packet to an affected device. A successful exploit could allow the attacker to cause a stack overflow, which could allow the attacker to execute arbitrary code with administrative privileges on an affected device. Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent)."
},
{
"lang": "es",
"value": "Una vulnerabilidad en la implementaci\u00f3n de Cisco Discovery Protocol para Cisco IOS XR Software, podr\u00eda permitir a un atacante adyacente no autenticado ejecutar c\u00f3digo arbitrario o causar una recarga sobre un dispositivo afectado. La vulnerabilidad es debido a la comprobaci\u00f3n inapropiada de la entrada de cadena de determinados campos en los mensajes de Cisco Discovery Protocol. Un atacante podr\u00eda explotar esta vulnerabilidad mediante el env\u00edo de un paquete malicioso de Cisco Discovery Protocol hacia un dispositivo afectado. Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir al atacante causar un desbordamiento del b\u00fafer de la pila, lo que podr\u00eda permitir al atacante ejecutar c\u00f3digo arbitrario con privilegios administrativos sobre un dispositivo afectado. Cisco Discovery Protocol es un protocolo de Capa 2. Para explotar esta vulnerabilidad, un atacante debe encontrarse en el mismo dominio de difusi\u00f3n que el dispositivo afectado (Capa 2 adyacente)."
}
],
"id": "CVE-2020-3118",
"lastModified": "2025-02-24T15:35:44.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 6.5,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "psirt@cisco.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-02-05T18:15:10.907",
"references": [
{
"source": "psirt@cisco.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/156203/Cisco-Discovery-Protocol-CDP-Remote-Device-Takeover.html"
},
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200205-iosxr-cdp-rce"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/156203/Cisco-Discovery-Protocol-CDP-Remote-Device-Takeover.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200205-iosxr-cdp-rce"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-134"
}
],
"source": "psirt@cisco.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-03-13 17:15
Modified
2025-08-05 14:40
Severity ?
Summary
A vulnerability in the SSH client feature of Cisco IOS XR Software for Cisco 8000 Series Routers and Cisco Network Convergence System (NCS) 540 Series and 5700 Series Routers could allow an authenticated, local attacker to elevate privileges on an affected device.
This vulnerability is due to insufficient validation of arguments that are included with the SSH client CLI command. An attacker with low-privileged access to an affected device could exploit this vulnerability by issuing a crafted SSH client command to the CLI. A successful exploit could allow the attacker to elevate privileges to root on the affected device.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B7FE3667-1B5E-48FB-B3BB-1C1854FFEE72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2B0370A9-E422-4109-81A3-DE2118A20827",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "82CD7F68-9569-43F4-88ED-96F9A15C065D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D2C4C062-F816-41FE-ADAD-F994F4FA4A07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A07E9C56-D143-45FA-99FF-30F54A828BF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DB9D0641-28F8-4CCB-AEC3-205409D1704A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.3.15:*:*:*:*:*:*:*",
"matchCriteriaId": "D21DEFD5-EC43-496B-BBE1-C71C6055BC04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "40C6D7C4-A5D9-4365-9664-EF35586925AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EC41A004-2029-4E22-A88F-2B93D9786B6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "57F7D7FD-24A8-4DD4-8280-A18244059F34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7A7448D1-BC19-45AB-BF6F-3434F8CA2CC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7A057808-1BCA-4C7C-A2D9-0BD5B09D20F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A7D09FC0-73C5-4F7A-8013-0B0E5CC834FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DFA4A8AF-348D-4F90-B1CB-AE784E0A6EBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6C95648D-A37A-446B-B106-12612C00A34D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4DF31489-C029-4D4C-8401-26873FC469E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1807BE16-BAA9-4BC6-B98A-13D584A12821",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "375746CB-695E-4019-89C9-42ED37A5E958",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.7.21:*:*:*:*:*:*:*",
"matchCriteriaId": "CE7D05C0-4065-448B-AAC6-F29E379F3DA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D8ADA2B1-FD5A-4900-953B-30951C8EF9AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9B4C7223-3EFB-48C2-BE22-941F60826D0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "164B241C-397A-4921-BC5B-F928A21E91C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FAD3875D-D283-4961-BE31-750FDF9CDF56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.9.21:*:*:*:*:*:*:*",
"matchCriteriaId": "87EF9DC5-4BE2-429D-B9BA-EF9F29E7E0F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BAEC28C0-8091-49F9-88D1-CB96234BF52A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:ios_xrd_control_plane:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3E05A05E-C9A5-40E1-A205-62EE00AF1EAF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:cisco:ios_xrd_vrouter:*:*:*:*:*:*:*:*",
"matchCriteriaId": "546F18E0-335C-4841-A0A5-32CAD2DDE7BF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8011-4g24y4h-i:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1C422517-1BC8-4BCE-97E8-A2C165C7BB64",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8101-32fh:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E055F58F-F9FB-4B27-841E-61ECAB5F42B8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8101-32fh-o:-:*:*:*:*:*:*:*",
"matchCriteriaId": "437EBDAF-0633-409C-9EA4-DAD099D553B6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8101-32h-o:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8153C555-9AF4-4793-8F27-B01F1B3D76B9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8102-28fh-dpu-o:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F0229018-3C4A-4174-B50F-F352FB1CCF9A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8102-64h:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A3C3DDAC-7D0F-4D1D-9632-F001F2EB5D34",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8102-64h-o:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2B14EC7C-4916-49C8-B919-E0149A4C44BF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8111-32eh-o:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9E0443E9-9309-4503-9D21-ED5359F87E71",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8122-64eh-o:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9911F911-E322-4B0F-B31A-8FDA80D7AE5B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8122-64ehf-o:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5FA5968D-7167-4D7D-A055-6F3C8023B496",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8201:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3D8E7FFF-82A8-4ECB-BA0C-CBF0C2FDA3A3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8201-24h8fh:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7A554611-6B1B-482E-AF77-CD032EA7A978",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8201-32fh:-:*:*:*:*:*:*:*",
"matchCriteriaId": "528BE0D3-E5ED-4836-B0D8-0C8508C5BDD7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8201-32fh-o:-:*:*:*:*:*:*:*",
"matchCriteriaId": "321767C3-BEBB-4A70-A4BF-4EED7E6669D9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8202:-:*:*:*:*:*:*:*",
"matchCriteriaId": "87DC4C2F-01C5-4D89-8D79-E5D28EDAD0F2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8202-32fh-m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "17EF50F5-0A9F-4649-BEBB-1F181E27C5B7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8212-48fh-m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "59AB5F5A-2346-4F4B-A6ED-1884C5BE9353",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8404:-:*:*:*:*:*:*:*",
"matchCriteriaId": "540DCD6A-722D-4173-8046-885FEFA23A14",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8501-sys-mt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "18A5A74F-458A-4D51-B487-949E637E58AD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8608:-:*:*:*:*:*:*:*",
"matchCriteriaId": "58B8D161-2D5E-4BD8-9518-B2FAB73ADEEE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8700:-:*:*:*:*:*:*:*",
"matchCriteriaId": "115B1C4A-A508-4F22-8E15-545AB4301017",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8711-32fh-m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D4DF4211-FC4B-4A4A-9154-D64F0B84EEA3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8712-mod-m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3432E52B-6914-4DF2-8D7C-C19A435BF542",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8804:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6655851F-58D9-49D9-A56E-8440A7F7BB45",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8808:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F5E2AE67-DED3-4414-A194-386ADB2C8DC7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8812:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3920133A-684D-4A9F-B65A-FF4EAE5052E5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8818:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9ED06361-5A68-4656-AEA5-240C290594CD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540-12z20g-sys-a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D5494B4B-0BB4-48AE-8B0D-04DE649F9313",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540-12z20g-sys-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B3A0C835-6C98-4AB6-89FF-C27117BB6B12",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540-24q2c2dd-sys:-:*:*:*:*:*:*:*",
"matchCriteriaId": "24550EBB-6FEE-4916-B58A-5FD8E45E962B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540-24q8l2dd-sys:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AAD71DBE-AE18-49FA-826E-52D87A73F496",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540-24z8q2c-sys:-:*:*:*:*:*:*:*",
"matchCriteriaId": "395F25CD-FDF5-48D7-A048-A6B4F4779EC9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540-28z4c-sys-a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2E926BBC-F5C5-4D02-8A62-F1A5DE3C54DA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540-28z4c-sys-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EFB1323A-C472-4EA1-A969-1D1C10AB0CE8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540-6z14s-sys-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A64FB4E3-4393-4A89-B6FB-E990D33427C5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540-6z18g-sys-a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E2E585D1-F2E7-4CBE-ACA2-6552ACDF492A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540-6z18g-sys-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "44BB03A0-9152-444B-B5CD-70F4CBD53D03",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540-acc-sys:-:*:*:*:*:*:*:*",
"matchCriteriaId": "124CE49C-1C2B-40A5-8F59-7A223766E12F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540-fh-agg:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3D7DFE35-76BA-4BAE-9C4B-0625DAE573B0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540-fh-csr-sys:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1645EAA7-0847-4418-BA9B-FA8E36B59626",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540x-12z16g-sys-a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A83F3D33-0674-4F74-AEA9-BC824D8536F5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540x-12z16g-sys-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "784A450D-8DCA-43E5-8044-A9F2363FB006",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540x-16z4g8q2c-a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "92E88ED4-C2AF-407C-A395-3D7806D68758",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540x-16z4g8q2c-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2DA11E43-F821-45F6-A2DB-E1EBC8BDE68B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540x-16z8q2c-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A93F10D9-CF79-4DF2-964C-D423D1C1D993",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540x-4z14g2q-a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A52A23CF-2D33-46CD-9784-D54826F63C71",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540x-4z14g2q-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BB9BD2FE-BADB-489F-B832-2EF53F8679E6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540x-6z18g-sys-a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "42610AAA-9830-44C3-8D1D-2433FCA0541B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540x-6z18g-sys-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "31CE816F-858C-421A-99D1-FCD4BB5FAD47",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540x-8z16g-sys-a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2C4A522F-560C-438D-AB68-BF0175C06F78",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540x-8z16g-sys-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A405E23C-24BC-42C8-99DB-D8E5EFD98261",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540x-acc-sys:-:*:*:*:*:*:*:*",
"matchCriteriaId": "871D84C5-71EE-4B82-A48C-A1CC68DA332A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_57b1-5dse-sys:-:*:*:*:*:*:*:*",
"matchCriteriaId": "13EEDD1C-25BC-4AFA-AF60-66DE36927528",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_57b1-6d24-sys:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5CD3B06B-864E-4A35-B0C3-1654390022D2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_57c1-48q6-sys:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AD1B4F37-5AAA-4F40-8865-226289CB5CEB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the SSH client feature of Cisco IOS XR Software for Cisco 8000 Series Routers and Cisco Network Convergence System (NCS) 540 Series and 5700 Series Routers could allow an authenticated, local attacker to elevate privileges on an affected device. \r\n\r This vulnerability is due to insufficient validation of arguments that are included with the SSH client CLI command. An attacker with low-privileged access to an affected device could exploit this vulnerability by issuing a crafted SSH client command to the CLI. A successful exploit could allow the attacker to elevate privileges to root on the affected device."
},
{
"lang": "es",
"value": "Una vulnerabilidad en la funci\u00f3n de cliente SSH del software Cisco IOS XR para los enrutadores Cisco de la serie 8000 y los enrutadores Cisco Network Convergence System (NCS) de las series 540 y 5700 podr\u00eda permitir que un atacante local autenticado eleve los privilegios en un dispositivo afectado. Esta vulnerabilidad se debe a una validaci\u00f3n insuficiente de los argumentos que se incluyen con el comando CLI del cliente SSH. Un atacante con acceso con pocos privilegios a un dispositivo afectado podr\u00eda aprovechar esta vulnerabilidad emitiendo un comando de cliente SSH manipulado a la CLI. Un exploit exitoso podr\u00eda permitir al atacante elevar los privilegios a root en el dispositivo afectado."
}
],
"id": "CVE-2024-20320",
"lastModified": "2025-08-05T14:40:07.707",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "psirt@cisco.com",
"type": "Secondary"
}
]
},
"published": "2024-03-13T17:15:48.193",
"references": [
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-ssh-privesc-eWDMKew3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-ssh-privesc-eWDMKew3"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-266"
}
],
"source": "psirt@cisco.com",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-03-12 16:15
Modified
2025-08-04 12:02
Severity ?
4.0 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N
5.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
5.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
Summary
A vulnerability in the hybrid access control list (ACL) processing of IPv4 packets in Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass a configured ACL.
This vulnerability is due to incorrect handling of packets when a specific configuration of the hybrid ACL exists. An attacker could exploit this vulnerability by attempting to send traffic through an affected device. A successful exploit could allow the attacker to bypass a configured ACL on the affected device.
For more information, see the section of this advisory.
Cisco has released software updates that address this vulnerability. There are workarounds that address this vulnerability.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B2FD2C84-CD64-4C1C-BC38-2F7A2A6EEF45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2DE98B34-501B-449A-843A-58F297EDBE1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "86E05C3F-4095-4B9C-8C11-E32567EB14AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.5.92:*:*:*:*:*:*:*",
"matchCriteriaId": "6CFC77F8-4131-42E1-93A4-13149BDCDC1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.5.93:*:*:*:*:*:*:*",
"matchCriteriaId": "676F3DD0-6081-4C37-8E4F-210BC59C3C09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "54EA6C52-E541-4426-A3DF-2FA88CA28BA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B8AE8971-5003-4A39-8173-E17CE9C2523F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "36944A2B-E4F5-41DE-AC4D-55BFA603BE5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4E6EA55E-05BA-483F-AAE1-DD573D22D6A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.6.25:*:*:*:*:*:*:*",
"matchCriteriaId": "3DC7F758-5AB7-4A45-A889-BE9DD8D0474E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "82AF763B-9299-4EDC-B42D-B83736839CA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5F70AB37-3C0B-40A8-BC37-5A79DA5F45F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.0.90:*:*:*:*:*:*:*",
"matchCriteriaId": "2E5C0909-27D8-4B6E-A644-9B8ADFA24266",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E90BEFD1-AAA5-4D39-A180-4B5ED3427AFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8B842317-A5DB-4890-948A-DD26B7AE2540",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B7FE3667-1B5E-48FB-B3BB-1C1854FFEE72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2B0370A9-E422-4109-81A3-DE2118A20827",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "82CD7F68-9569-43F4-88ED-96F9A15C065D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D2C4C062-F816-41FE-ADAD-F994F4FA4A07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A07E9C56-D143-45FA-99FF-30F54A828BF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F406EAA7-0607-419F-97E3-7ACEC8A3FA5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DB9D0641-28F8-4CCB-AEC3-205409D1704A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1ECA7B4C-8FDD-4053-B37B-E5E0969C0CB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "40C6D7C4-A5D9-4365-9664-EF35586925AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EC41A004-2029-4E22-A88F-2B93D9786B6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "57F7D7FD-24A8-4DD4-8280-A18244059F34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7A7448D1-BC19-45AB-BF6F-3434F8CA2CC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7A057808-1BCA-4C7C-A2D9-0BD5B09D20F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A7D09FC0-73C5-4F7A-8013-0B0E5CC834FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DFA4A8AF-348D-4F90-B1CB-AE784E0A6EBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6C95648D-A37A-446B-B106-12612C00A34D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4DF31489-C029-4D4C-8401-26873FC469E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1807BE16-BAA9-4BC6-B98A-13D584A12821",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "375746CB-695E-4019-89C9-42ED37A5E958",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.7.21:*:*:*:*:*:*:*",
"matchCriteriaId": "CE7D05C0-4065-448B-AAC6-F29E379F3DA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D8ADA2B1-FD5A-4900-953B-30951C8EF9AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9B4C7223-3EFB-48C2-BE22-941F60826D0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.8.22:*:*:*:*:*:*:*",
"matchCriteriaId": "4EE83701-C0B7-4ED2-866B-44B7F54FCA0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "164B241C-397A-4921-BC5B-F928A21E91C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FAD3875D-D283-4961-BE31-750FDF9CDF56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BAEC28C0-8091-49F9-88D1-CB96234BF52A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E1ED2B72-A65C-47E4-87B3-D83F29428396",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8904CAA5-4E01-462C-AE57-067902CD95FC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ncs_540-12z20g-sys-a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D5494B4B-0BB4-48AE-8B0D-04DE649F9313",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540-12z20g-sys-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B3A0C835-6C98-4AB6-89FF-C27117BB6B12",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540-24q2c2dd-sys:-:*:*:*:*:*:*:*",
"matchCriteriaId": "24550EBB-6FEE-4916-B58A-5FD8E45E962B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540-24q8l2dd-sys:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AAD71DBE-AE18-49FA-826E-52D87A73F496",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540-24z8q2c-sys:-:*:*:*:*:*:*:*",
"matchCriteriaId": "395F25CD-FDF5-48D7-A048-A6B4F4779EC9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540-28z4c-sys-a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2E926BBC-F5C5-4D02-8A62-F1A5DE3C54DA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540-28z4c-sys-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EFB1323A-C472-4EA1-A969-1D1C10AB0CE8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540-6z14s-sys-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A64FB4E3-4393-4A89-B6FB-E990D33427C5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540-6z18g-sys-a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E2E585D1-F2E7-4CBE-ACA2-6552ACDF492A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540-6z18g-sys-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "44BB03A0-9152-444B-B5CD-70F4CBD53D03",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540-acc-sys:-:*:*:*:*:*:*:*",
"matchCriteriaId": "124CE49C-1C2B-40A5-8F59-7A223766E12F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540-fh-agg:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3D7DFE35-76BA-4BAE-9C4B-0625DAE573B0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540-fh-csr-sys:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1645EAA7-0847-4418-BA9B-FA8E36B59626",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540x-12z16g-sys-a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A83F3D33-0674-4F74-AEA9-BC824D8536F5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540x-12z16g-sys-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "784A450D-8DCA-43E5-8044-A9F2363FB006",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540x-16z4g8q2c-a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "92E88ED4-C2AF-407C-A395-3D7806D68758",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540x-16z4g8q2c-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2DA11E43-F821-45F6-A2DB-E1EBC8BDE68B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540x-16z8q2c-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A93F10D9-CF79-4DF2-964C-D423D1C1D993",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540x-4z14g2q-a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A52A23CF-2D33-46CD-9784-D54826F63C71",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540x-4z14g2q-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BB9BD2FE-BADB-489F-B832-2EF53F8679E6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540x-6z18g-sys-a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "42610AAA-9830-44C3-8D1D-2433FCA0541B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540x-6z18g-sys-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "31CE816F-858C-421A-99D1-FCD4BB5FAD47",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540x-8z16g-sys-a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2C4A522F-560C-438D-AB68-BF0175C06F78",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540x-8z16g-sys-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A405E23C-24BC-42C8-99DB-D8E5EFD98261",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540x-acc-sys:-:*:*:*:*:*:*:*",
"matchCriteriaId": "871D84C5-71EE-4B82-A48C-A1CC68DA332A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5501:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0A972EFE-4F7E-4BFC-8631-66A2D16B74A3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5501-se:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1B254955-C485-45D7-A19B-E78CE1D997AD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5502:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7F72AEF0-EE70-40F8-B52B-1390820B87BB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5502-se:-:*:*:*:*:*:*:*",
"matchCriteriaId": "50C7B71A-2559-4E90-BAAA-C6FAAFE35FC3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5508:-:*:*:*:*:*:*:*",
"matchCriteriaId": "43D21B01-A754-474F-8E46-14D733AB307E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5516:-:*:*:*:*:*:*:*",
"matchCriteriaId": "17D6424C-972F-459C-B8F7-04FFD9F541BC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_560-4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BB01E968-E838-4D3C-B603-BF7E4E0F8A2C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_560-7:-:*:*:*:*:*:*:*",
"matchCriteriaId": "08864A59-0840-4407-8D30-9CE34BAF05E7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_57b1-5dse-sys:-:*:*:*:*:*:*:*",
"matchCriteriaId": "13EEDD1C-25BC-4AFA-AF60-66DE36927528",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_57b1-6d24-sys:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5CD3B06B-864E-4A35-B0C3-1654390022D2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_57c1-48q6-sys:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AD1B4F37-5AAA-4F40-8865-226289CB5CEB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_57c3-mod-sys:-:*:*:*:*:*:*:*",
"matchCriteriaId": "355F78C3-C07F-48C3-9B6E-55714EAA7331",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_57d2-18dd-sys:-:*:*:*:*:*:*:*",
"matchCriteriaId": "976AC38F-5873-41ED-82B6-31C22FCC6BEE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the hybrid access control list (ACL) processing of IPv4 packets in Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass a configured ACL.\r\n\r\nThis vulnerability is due to incorrect handling of packets when a specific configuration of the hybrid ACL exists. An attacker could exploit this vulnerability by attempting to send traffic through an affected device. A successful exploit could allow the attacker to bypass a configured ACL on the affected device.\r\nFor more information, see the section of this advisory.\r\nCisco has released software updates that address this vulnerability. There are workarounds that address this vulnerability."
},
{
"lang": "es",
"value": "Una vulnerabilidad en el procesamiento de la lista de control de acceso (ACL) h\u00edbrida de paquetes IPv4 en el software Cisco IOS XR podr\u00eda permitir que un atacante remoto no autenticado omita una ACL configurada. Esta vulnerabilidad se debe a una gesti\u00f3n incorrecta de paquetes cuando existe una configuraci\u00f3n espec\u00edfica de la ACL h\u00edbrida. Un atacante podr\u00eda explotar esta vulnerabilidad intentando enviar tr\u00e1fico a trav\u00e9s de un dispositivo afectado. Una explotaci\u00f3n exitosa podr\u00eda permitirle omitir una ACL configurada en el dispositivo afectado. Para obtener m\u00e1s informaci\u00f3n, consulte la secci\u00f3n de este aviso. Cisco ha publicado actualizaciones de software que solucionan esta vulnerabilidad. Existen workarounds que la solucionan."
}
],
"id": "CVE-2025-20144",
"lastModified": "2025-08-04T12:02:45.527",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 1.4,
"source": "psirt@cisco.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-03-12T16:15:21.890",
"references": [
{
"source": "psirt@cisco.com",
"tags": [
"Technical Description"
],
"url": "https://blog.apnic.net/2024/09/02/crafting-endless-as-paths-in-bgp/"
},
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ncs-hybridacl-crMZFfKQ"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "psirt@cisco.com",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-03-12 16:15
Modified
2025-08-06 17:05
Severity ?
Summary
A vulnerability in the handling of specific packets that are punted from a line card to a route processor in Cisco IOS XR Software Release 7.9.2 could allow an unauthenticated, adjacent attacker to cause control plane traffic to stop working on multiple Cisco IOS XR platforms.
This vulnerability is due to incorrect handling of packets that are punted to the route processor. An attacker could exploit this vulnerability by sending traffic, which must be handled by the Linux stack on the route processor, to an affected device. A successful exploit could allow the attacker to cause control plane traffic to stop working, resulting in a denial of service (DoS) condition.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FAD3875D-D283-4961-BE31-750FDF9CDF56",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ncs_540-12z20g-sys-a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D5494B4B-0BB4-48AE-8B0D-04DE649F9313",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540-12z20g-sys-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B3A0C835-6C98-4AB6-89FF-C27117BB6B12",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540-24q2c2dd-sys:-:*:*:*:*:*:*:*",
"matchCriteriaId": "24550EBB-6FEE-4916-B58A-5FD8E45E962B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540-24q8l2dd-sys:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AAD71DBE-AE18-49FA-826E-52D87A73F496",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540-24z8q2c-sys:-:*:*:*:*:*:*:*",
"matchCriteriaId": "395F25CD-FDF5-48D7-A048-A6B4F4779EC9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540-28z4c-sys-a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2E926BBC-F5C5-4D02-8A62-F1A5DE3C54DA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540-28z4c-sys-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EFB1323A-C472-4EA1-A969-1D1C10AB0CE8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540-6z14s-sys-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A64FB4E3-4393-4A89-B6FB-E990D33427C5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540-6z18g-sys-a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E2E585D1-F2E7-4CBE-ACA2-6552ACDF492A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540-6z18g-sys-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "44BB03A0-9152-444B-B5CD-70F4CBD53D03",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540-acc-sys:-:*:*:*:*:*:*:*",
"matchCriteriaId": "124CE49C-1C2B-40A5-8F59-7A223766E12F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540-fh-agg:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3D7DFE35-76BA-4BAE-9C4B-0625DAE573B0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540-fh-csr-sys:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1645EAA7-0847-4418-BA9B-FA8E36B59626",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540x-12z16g-sys-a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A83F3D33-0674-4F74-AEA9-BC824D8536F5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540x-12z16g-sys-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "784A450D-8DCA-43E5-8044-A9F2363FB006",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540x-16z4g8q2c-a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "92E88ED4-C2AF-407C-A395-3D7806D68758",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540x-16z4g8q2c-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2DA11E43-F821-45F6-A2DB-E1EBC8BDE68B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540x-16z8q2c-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A93F10D9-CF79-4DF2-964C-D423D1C1D993",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540x-4z14g2q-a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A52A23CF-2D33-46CD-9784-D54826F63C71",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540x-4z14g2q-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BB9BD2FE-BADB-489F-B832-2EF53F8679E6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540x-6z18g-sys-a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "42610AAA-9830-44C3-8D1D-2433FCA0541B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540x-6z18g-sys-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "31CE816F-858C-421A-99D1-FCD4BB5FAD47",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540x-8z16g-sys-a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2C4A522F-560C-438D-AB68-BF0175C06F78",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540x-8z16g-sys-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A405E23C-24BC-42C8-99DB-D8E5EFD98261",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540x-acc-sys:-:*:*:*:*:*:*:*",
"matchCriteriaId": "871D84C5-71EE-4B82-A48C-A1CC68DA332A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5501:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0A972EFE-4F7E-4BFC-8631-66A2D16B74A3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5501-se:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1B254955-C485-45D7-A19B-E78CE1D997AD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5502:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7F72AEF0-EE70-40F8-B52B-1390820B87BB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5502-se:-:*:*:*:*:*:*:*",
"matchCriteriaId": "50C7B71A-2559-4E90-BAAA-C6FAAFE35FC3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5504:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6AC4E089-296D-4C19-BF21-DDF2501DD77C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5508:-:*:*:*:*:*:*:*",
"matchCriteriaId": "43D21B01-A754-474F-8E46-14D733AB307E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5516:-:*:*:*:*:*:*:*",
"matchCriteriaId": "17D6424C-972F-459C-B8F7-04FFD9F541BC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_55a1-24h:-:*:*:*:*:*:*:*",
"matchCriteriaId": "281FC7F6-C3E2-405F-83C4-A0AD7ECAF213",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_55a1-24q6h-s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DA339C23-841E-44A0-A6F5-B12B904A000E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_55a1-24q6h-ss:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C57DBC4F-102C-490D-B69D-7E21CF0C7F60",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_55a1-36h:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7440BF48-60A5-4BF2-8D75-63E3AF3ACCC9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_55a1-36h-se:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4A64CD22-3E53-4848-B526-DAAAB427626A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_55a1-48q6h:-:*:*:*:*:*:*:*",
"matchCriteriaId": "98157A1D-224F-4BF0-9AA9-07CB1807AD12",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_55a2-mod-hd-s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A94BAC7E-F0F9-4E20-9DBE-C1E13585BE7A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_55a2-mod-s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B0874ECF-6237-44EE-BFA6-E639AAD43F68",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_55a2-mod-se-s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B1DD4339-512E-4422-93F4-CEF836FF1EDD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_57b1-5dse-sys:-:*:*:*:*:*:*:*",
"matchCriteriaId": "13EEDD1C-25BC-4AFA-AF60-66DE36927528",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_57b1-6d24-sys:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5CD3B06B-864E-4A35-B0C3-1654390022D2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_57c1-48q6-sys:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AD1B4F37-5AAA-4F40-8865-226289CB5CEB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_57c3-mod-sys:-:*:*:*:*:*:*:*",
"matchCriteriaId": "355F78C3-C07F-48C3-9B6E-55714EAA7331",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_57d2-18dd-sys:-:*:*:*:*:*:*:*",
"matchCriteriaId": "976AC38F-5873-41ED-82B6-31C22FCC6BEE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the handling of specific packets that are punted from a line card to a route processor in Cisco IOS XR Software Release 7.9.2 could allow an unauthenticated, adjacent attacker to cause control plane traffic to stop working on multiple Cisco IOS XR platforms.\u0026nbsp;\r\n\r\nThis vulnerability is due to incorrect handling of packets that are punted to the route processor. An attacker could exploit this vulnerability by sending traffic, which must be handled by the Linux stack on the route processor, to an affected device. A successful exploit could allow the attacker to cause control plane traffic to stop working, resulting in a denial of service (DoS) condition."
},
{
"lang": "es",
"value": "Una vulnerabilidad en la gesti\u00f3n de paquetes espec\u00edficos que se env\u00edan desde una tarjeta de l\u00ednea a un procesador de rutas en la versi\u00f3n 7.9.2 del software Cisco IOS XR podr\u00eda permitir que un atacante adyacente no autenticado provoque la interrupci\u00f3n del tr\u00e1fico del plano de control en varias plataformas Cisco IOS XR. Esta vulnerabilidad se debe a la gesti\u00f3n incorrecta de los paquetes que se env\u00edan al procesador de rutas. Un atacante podr\u00eda explotar esta vulnerabilidad enviando tr\u00e1fico, que debe ser gestionado por la pila de Linux en el procesador de rutas, a un dispositivo afectado. Una explotaci\u00f3n exitosa podr\u00eda permitir al atacante provocar la interrupci\u00f3n del tr\u00e1fico del plano de control, lo que resultar\u00eda en una denegaci\u00f3n de servicio (DoS)."
}
],
"id": "CVE-2025-20141",
"lastModified": "2025-08-06T17:05:07.530",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 4.0,
"source": "psirt@cisco.com",
"type": "Primary"
}
]
},
"published": "2025-03-12T16:15:21.420",
"references": [
{
"source": "psirt@cisco.com",
"tags": [
"Product"
],
"url": "https://blog.apnic.net/2024/09/02/crafting-endless-as-paths-in-bgp/"
},
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xr792-bWfVDPY"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-770"
}
],
"source": "psirt@cisco.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-02-05 18:15
Modified
2024-11-21 05:30
Severity ?
Summary
A vulnerability in the Cisco Discovery Protocol implementation for Cisco FXOS Software, Cisco IOS XR Software, and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to a missing check when the affected software processes Cisco Discovery Protocol messages. An attacker could exploit this vulnerability by sending a malicious Cisco Discovery Protocol packet to an affected device. A successful exploit could allow the attacker to exhaust system memory, causing the device to reload. Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:firepower_extensible_operating_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6793CE39-88B6-42DF-A586-43BC656F00DD",
"versionEndIncluding": "2.3.1.173",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:firepower_extensible_operating_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B5CD86FB-4B86-470E-A1F8-3F3EBC66F0F3",
"versionEndExcluding": "2.6.1.187",
"versionStartIncluding": "2.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:firepower_extensible_operating_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A19CF844-DCAA-46DD-95FC-1BC200E7DE91",
"versionEndExcluding": "2.7.1.106",
"versionStartIncluding": "2.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:fxos:2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "35E2BDED-6263-4948-89A3-5D867D52BD48",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:firepower_4110:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A0CBC7F5-7767-43B6-9384-BE143FCDBD7F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:firepower_4115:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A694AD51-9008-4AE6-8240-98B17AB527EE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:firepower_4120:-:*:*:*:*:*:*:*",
"matchCriteriaId": "38AE6DC0-2B03-4D36-9856-42530312CC46",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:firepower_4125:-:*:*:*:*:*:*:*",
"matchCriteriaId": "71DCEF22-ED20-4330-8502-EC2DD4C9838F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:firepower_4140:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3DB2822B-B752-4CD9-A178-934957E306B4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:firepower_4145:-:*:*:*:*:*:*:*",
"matchCriteriaId": "81F4868A-6D62-479C-9C19-F9AABDBB6B24",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:firepower_4150:-:*:*:*:*:*:*:*",
"matchCriteriaId": "65378F3A-777C-4AE2-87FB-1E7402F9EA1B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:firepower_9300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "07DAFDDA-718B-4B69-A524-B0CEB80FE960",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ios_xr:5.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A0B5C0F4-1BEC-4B54-ABF0-948CFF80E5E0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ncs_6000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "523058BF-DE14-4FAD-8A67-C8CA795032D9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E67F538A-3E1A-4749-BB8D-4F8043653B6E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:asr_9000v:-:*:*:*:*:*:*:*",
"matchCriteriaId": "71BD158E-71D8-4DCA-8C09-F8AB7EF0EBDD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9001:-:*:*:*:*:*:*:*",
"matchCriteriaId": "324C97E6-1810-404F-9F45-6240F99FF039",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9006:-:*:*:*:*:*:*:*",
"matchCriteriaId": "57EB55BB-41B7-40A1-B6F5-142FE8AB4C16",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9010:-:*:*:*:*:*:*:*",
"matchCriteriaId": "433F4A82-04A4-4EAA-8C19-F7581DCD8D29",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9901:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2D5E60AB-94FF-448A-89D8-5D2197E21C74",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9904:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A93212A4-50AB-42E7-89A4-5FBBAEA050C3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9906:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EDA53A61-98B3-458C-8893-61CD7D6B1E48",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9910:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F396564E-B477-4A27-A189-CEB737552E25",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9912:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5445CC54-ACFB-4070-AF26-F91FEAA85181",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9922:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D7AA58E5-D7E1-48CF-93FF-C60EB85B2BC7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:crs:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4B051AF4-592A-4201-9DD3-8683C1847A00",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "86E05C3F-4095-4B9C-8C11-E32567EB14AC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:asr_9000v:-:*:*:*:*:*:*:*",
"matchCriteriaId": "71BD158E-71D8-4DCA-8C09-F8AB7EF0EBDD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9001:-:*:*:*:*:*:*:*",
"matchCriteriaId": "324C97E6-1810-404F-9F45-6240F99FF039",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9006:-:*:*:*:*:*:*:*",
"matchCriteriaId": "57EB55BB-41B7-40A1-B6F5-142FE8AB4C16",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9010:-:*:*:*:*:*:*:*",
"matchCriteriaId": "433F4A82-04A4-4EAA-8C19-F7581DCD8D29",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9901:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2D5E60AB-94FF-448A-89D8-5D2197E21C74",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9904:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A93212A4-50AB-42E7-89A4-5FBBAEA050C3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9906:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EDA53A61-98B3-458C-8893-61CD7D6B1E48",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9910:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F396564E-B477-4A27-A189-CEB737552E25",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9912:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5445CC54-ACFB-4070-AF26-F91FEAA85181",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9922:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D7AA58E5-D7E1-48CF-93FF-C60EB85B2BC7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5001:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E2A8C028-107B-4410-BCC6-5BCB8DB63603",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5002:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DA13FE67-F4AE-46DF-921B-3FB91BDF742B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5011:-:*:*:*:*:*:*:*",
"matchCriteriaId": "98622F14-CC47-45E0-85E4-A7243309487C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540-12z20g-sys-a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D5494B4B-0BB4-48AE-8B0D-04DE649F9313",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540-12z20g-sys-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B3A0C835-6C98-4AB6-89FF-C27117BB6B12",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540-24z8q2c-sys:-:*:*:*:*:*:*:*",
"matchCriteriaId": "395F25CD-FDF5-48D7-A048-A6B4F4779EC9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540-28z4c-sys-a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2E926BBC-F5C5-4D02-8A62-F1A5DE3C54DA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540-28z4c-sys-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EFB1323A-C472-4EA1-A969-1D1C10AB0CE8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540-acc-sys:-:*:*:*:*:*:*:*",
"matchCriteriaId": "124CE49C-1C2B-40A5-8F59-7A223766E12F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540x-12z16g-sys-a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A83F3D33-0674-4F74-AEA9-BC824D8536F5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540x-12z16g-sys-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "784A450D-8DCA-43E5-8044-A9F2363FB006",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540x-16z4g8q2c-a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "92E88ED4-C2AF-407C-A395-3D7806D68758",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540x-16z4g8q2c-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2DA11E43-F821-45F6-A2DB-E1EBC8BDE68B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540x-acc-sys:-:*:*:*:*:*:*:*",
"matchCriteriaId": "871D84C5-71EE-4B82-A48C-A1CC68DA332A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5501:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0A972EFE-4F7E-4BFC-8631-66A2D16B74A3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5501-se:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1B254955-C485-45D7-A19B-E78CE1D997AD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5502:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7F72AEF0-EE70-40F8-B52B-1390820B87BB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5502-se:-:*:*:*:*:*:*:*",
"matchCriteriaId": "50C7B71A-2559-4E90-BAAA-C6FAAFE35FC3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5508:-:*:*:*:*:*:*:*",
"matchCriteriaId": "43D21B01-A754-474F-8E46-14D733AB307E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5516:-:*:*:*:*:*:*:*",
"matchCriteriaId": "17D6424C-972F-459C-B8F7-04FFD9F541BC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_560:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D4CC8256-E4F8-4DCB-B69A-40A7C5AA41E8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:xrv_9000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0B529456-23DB-4917-A316-4CFC6AEC9964",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ios_xr:6.6.25:*:*:*:*:*:*:*",
"matchCriteriaId": "3DC7F758-5AB7-4A45-A889-BE9DD8D0474E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ncs_560:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D4CC8256-E4F8-4DCB-B69A-40A7C5AA41E8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "82AF763B-9299-4EDC-B42D-B83736839CA1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ncs_540l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7987161E-E0C6-4BBB-91FC-F49A7F4AE6B6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "55812D67-23B2-4EE1-8DEF-B1386551D825",
"versionEndExcluding": "6.2\\(29\\)",
"versionStartIncluding": "5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2516465F-34B9-4E24-B65B-3952DAEF25FD",
"versionEndExcluding": "8.4\\(1a\\)",
"versionStartIncluding": "7.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:mds_9132t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "56426D35-FCFD-406E-9144-2E66C8C86EFC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:mds_9148s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D25FA4A8-408B-4E94-B7D9-7DC54B61322F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:mds_9148t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "831B6D0F-A975-4CBA-B5BB-0AC4AD718FE8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:mds_9216:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8A72BDC4-6640-45CC-A128-0CDEE38D3ADC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:mds_9216a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "90094569-AA2C-4D35-807F-9551FACE255F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:mds_9216i:-:*:*:*:*:*:*:*",
"matchCriteriaId": "306AFBC9-A236-4D03-A1EB-CE7E838D8415",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:mds_9222i:-:*:*:*:*:*:*:*",
"matchCriteriaId": "12DB1A25-A7C9-412F-88BC-E89588896395",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:mds_9506:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3925D2CF-9D7C-4498-8AF2-45E15D5D009F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:mds_9509:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C677D356-86C9-4491-A6CA-5E6306B2BB70",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:mds_9513:-:*:*:*:*:*:*:*",
"matchCriteriaId": "28A3C579-7AAD-41A4-947F-CCB9B09402A5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:mds_9706:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5182CB50-4D32-4835-B1A8-817D989F919F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:mds_9710:-:*:*:*:*:*:*:*",
"matchCriteriaId": "36B3B617-7554-4C36-9B41-19AA3BD2F6E9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:mds_9718:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B88879A9-A7F5-41E0-8A38-0E09E3FD27F4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "33FD38EF-3B47-4739-BF0B-FC50D8520DBC",
"versionEndExcluding": "5.2\\(1\\)sv5\\(1.3\\)",
"versionStartIncluding": "5.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:nexus_1000ve:-:*:*:*:*:vsphere:*:*",
"matchCriteriaId": "707970E0-8B5F-4C9D-A1C2-6AF4286CFE2F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4832A094-92DB-402F-AF05-34B3A7C7CA0E",
"versionEndIncluding": "5.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:nexus_1000v:-:*:*:*:*:hyper-v:*:*",
"matchCriteriaId": "69E1B4D2-4200-4C05-9E64-57A18823AF38",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2FE8F16B-D59C-43C7-BECA-3D62B609AB94",
"versionEndExcluding": "5.2\\(1\\)sv3\\(4.1b\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:nexus_1000v:-:*:*:*:*:vsphere:*:*",
"matchCriteriaId": "30E0EDCF-CF41-4DEA-85E6-C39F49B03F31",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1D562562-099B-47D6-8A27-592960AEDB5C",
"versionEndExcluding": "9.3\\(2\\)",
"versionStartIncluding": "7.0\\(3\\)f2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CBBBECB4-431D-42AE-9A15-E1B8C7186EE2",
"versionEndExcluding": "7.0\\(3\\)i7\\(8\\)",
"versionStartIncluding": "7.0\\(3\\)i",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:nexus_3016:-:*:*:*:*:*:*:*",
"matchCriteriaId": "528ED62B-D739-4E06-AC64-B506FD73BBAB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3048:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FC2A6C31-438A-4CF5-A3F3-364B1672EB7D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3064:-:*:*:*:*:*:*:*",
"matchCriteriaId": "76C10D85-88AC-4A79-8866-BED88A0F8DF8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3064-t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "65CB7F6D-A82B-4A31-BFAC-FF4A4B8DF9C1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_31108pc-v:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4E930332-CDDD-48D5-93BC-C22D693BBFA2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_31108tc-v:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7BF4B8FE-E134-4491-B5C2-C1CFEB64731B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_31128pq:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F4226DA0-9371-401C-8247-E6E636A116C3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3132c-z:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7664666F-BCE4-4799-AEEA-3A73E6AD33F4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3132q:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D3DBBFE9-835C-4411-8492-6006E74BAC65",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3132q-v:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B3293438-3D18-45A2-B093-2C3F65783336",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3132q-xl:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8F43B770-D96C-44EA-BC12-9F39FC4317B9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3164q:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FA782EB3-E8E6-4DCF-B39C-B3CBD46E4384",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3172:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7817F4E6-B2DA-4F06-95A4-AF329F594C02",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3172pq-xl:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7BB9DD73-E31D-4921-A6D6-E14E04703588",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3172tq:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4532F513-0543-4960-9877-01F23CA7BA1B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3172tq-32t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0B43502B-FD53-465A-B60F-6A359C6ACD99",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3172tq-xl:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F3229124-B097-4AAC-8ACD-2F9C89DCC3AB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3232c_:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D008CA1C-6F5A-40EA-BB12-A9D84D5AF700",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3264c-e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "24FBE87B-8A4F-43A8-98A3-4A7D9C630937",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3264q:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6ACD09AC-8B28-4ACB-967B-AB3D450BC137",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3408-s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7D397349-CCC6-479B-9273-FB1FFF4F34F2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_34180yc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DC7286A7-780F-4A45-940A-4AD5C9D0F201",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3432d-s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5F7AF8D7-431B-43CE-840F-CC0817D159C0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3464c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DAC204C8-1A5A-4E85-824E-DC9B8F6A802D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3524:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EAF5AF71-15DF-4151-A1CF-E138A7103FC8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3524-x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "10F80A72-AD54-4699-B8AE-82715F0B58E2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3524-xl:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9354B6A2-D7D6-442E-BF4C-FE8A336D9E94",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3548:-:*:*:*:*:*:*:*",
"matchCriteriaId": "088C0323-683A-44F5-8D42-FF6EC85D080E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3548-x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "74CB4002-7636-4382-B33E-FBA060A13C34",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3548-xl:-:*:*:*:*:*:*:*",
"matchCriteriaId": "10CEBF73-3EE0-459A-86C5-F8F6243FE27C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_36180yc-r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "95D2C4C3-65CE-4612-A027-AF70CEFC3233",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_3636c-r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "57572E4A-78D5-4D1A-938B-F05F01759612",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9000v:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0CD9C1F1-8582-4F67-A77D-97CBFECB88B8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_92160yc-x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4283E433-7F8C-4410-B565-471415445811",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_92300yc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F80AB6FB-32FD-43D7-A9F1-80FA47696210",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_92304qc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D5B2E4C1-2627-4B9D-8E92-4B483F647651",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_92348gc-x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "557ED31C-C26A-4FAE-8B14-D06B49F7F08B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9236c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "11411BFD-3F4D-4309-AB35-A3629A360FB0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9272q:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E663DE91-C86D-48DC-B771-FA72A8DF7A7C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_93108tc-ex:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A90184B3-C82F-4CE5-B2AD-97D5E4690871",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_93108tc-fx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4AB89849-6DA4-4C9D-BC3F-EE0E41FD1901",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_93120tx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "07DE6F63-2C7D-415B-8C34-01EC05C062F3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_93128tx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F423E45D-A6DD-4305-9C6A-EAB26293E53A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_93180lc-ex:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E952A96A-0F48-4357-B7DD-1127D8827650",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_93180yc-ex:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F70D81F1-8B12-4474-9060-B4934D8A3873",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_93180yc-fx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7349D69B-D8FA-4462-AA28-69DD18A652D9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_93216tc-fx2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B1CC5F78-E88B-4B82-9E3E-C73D3A49DE26",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_93240yc-fx2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "91231DC6-2773-4238-8C14-A346F213B5E5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9332c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2DF88547-BAF4-47B0-9F60-80A30297FCEB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9332pq:-:*:*:*:*:*:*:*",
"matchCriteriaId": "113772B6-E9D2-4094-9468-3F4E1A87D07D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_93360yc-fx2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C45A38D6-BED6-4FEF-AD87-A1E813695DE0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9336c-fx2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F1FC2B1F-232E-4754-8076-CC82F3648730",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9336pq_aci_spine:-:*:*:*:*:*:*:*",
"matchCriteriaId": "785FD17C-F32E-4042-9DDE-A89B3AAE0334",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9348gc-fxp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "17C7E3DB-8E1A-47AD-B1C5-61747DC0CFB9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9364c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "63842B25-8C32-4988-BBBD-61E9CB09B4F3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9372px:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4364ADB9-8162-451D-806A-B98924E6B2CF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9372px-e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B53BCB42-ED61-4FCF-8068-CB467631C63C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9372tx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "49E0371B-FDE2-473C-AA59-47E1269D050F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9372tx-e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "489D11EC-5A18-4F32-BC7C-AC1FCEC27222",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9396px:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1BC5293E-F2B4-46DC-85DA-167EA323FCFD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9396tx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EA022E77-6557-4A33-9A3A-D028E2DB669A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9504:-:*:*:*:*:*:*:*",
"matchCriteriaId": "768BE390-5ED5-48A7-9E80-C4DE8BA979B1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9508:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DDC2F709-AFBE-48EA-A3A2-DA1134534FB6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9516:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7E02DC82-0D26-436F-BA64-73C958932B0A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "80E4C5F7-050A-40D8-B087-5F7597B97EEA",
"versionEndExcluding": "7.3\\(6\\)n1\\(1\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:nexus_5548p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E5519EA9-1236-4F51-9974-E3FC1B26B5D2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_5548up:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CB0A3B06-8B25-4CD3-AFA9-5F928B1042F4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_5596t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1766443C-1C5A-486E-A36F-D3045F364D78",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_5596up:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DC4D4403-F93B-4CC8-B75F-7A5B03FEDD85",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_56128p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ABB6E612-4246-4408-B3F6-B31E771F5ACB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_5624q:-:*:*:*:*:*:*:*",
"matchCriteriaId": "91B129B2-2B31-4DE0-9F83-CC6E0C8729A0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_5648q:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3CBD3CD0-B542-4B23-9C9D-061643BE44E8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_5672up:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A22A2647-A4C0-4681-BBC5-D95ADBAA0457",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_5696q:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B2BB1A3A-668C-4B0D-8AC2-6B4758B3420B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B7D74A33-E46C-4A26-AEFF-A9064415F89E",
"versionEndExcluding": "6.2\\(24\\)",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DA088812-07C5-47BF-9CB1-66D2E4E6D27C",
"versionEndExcluding": "7.3\\(5\\)d1\\(1\\)",
"versionStartIncluding": "7.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A8934F95-3C91-4499-ACA3-8C22DA785ED5",
"versionEndExcluding": "8.2\\(5\\)",
"versionStartIncluding": "8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "66360174-9C40-4147-A94C-8007021C55A5",
"versionEndExcluding": "8.4\\(2\\)",
"versionStartIncluding": "8.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:nexus_7000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "12180BEB-7F21-4FA7-ABD2-E9A8EA7340F3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_7700:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DD7A4B4B-3BB1-4A4D-911E-C4EEF01BBC45",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "97BA8B03-822E-4544-89A0-23608D635DA7",
"versionEndExcluding": "13.2\\(9b\\)",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7A415FC0-EC1A-4172-B88E-5AC3BEE291BE",
"versionEndExcluding": "14.2\\(1j\\)",
"versionStartIncluding": "14.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:nexus_9000v:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0CD9C1F1-8582-4F67-A77D-97CBFECB88B8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_92160yc-x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4283E433-7F8C-4410-B565-471415445811",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_92300yc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F80AB6FB-32FD-43D7-A9F1-80FA47696210",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_92304qc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D5B2E4C1-2627-4B9D-8E92-4B483F647651",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_92348gc-x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "557ED31C-C26A-4FAE-8B14-D06B49F7F08B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9236c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "11411BFD-3F4D-4309-AB35-A3629A360FB0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9272q:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E663DE91-C86D-48DC-B771-FA72A8DF7A7C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_93108tc-ex:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A90184B3-C82F-4CE5-B2AD-97D5E4690871",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_93108tc-fx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4AB89849-6DA4-4C9D-BC3F-EE0E41FD1901",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_93120tx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "07DE6F63-2C7D-415B-8C34-01EC05C062F3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_93128tx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F423E45D-A6DD-4305-9C6A-EAB26293E53A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_93180lc-ex:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E952A96A-0F48-4357-B7DD-1127D8827650",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_93180yc-ex:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F70D81F1-8B12-4474-9060-B4934D8A3873",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_93180yc-fx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7349D69B-D8FA-4462-AA28-69DD18A652D9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_93216tc-fx2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B1CC5F78-E88B-4B82-9E3E-C73D3A49DE26",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_93240yc-fx2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "91231DC6-2773-4238-8C14-A346F213B5E5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9332c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2DF88547-BAF4-47B0-9F60-80A30297FCEB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9332pq:-:*:*:*:*:*:*:*",
"matchCriteriaId": "113772B6-E9D2-4094-9468-3F4E1A87D07D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_93360yc-fx2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C45A38D6-BED6-4FEF-AD87-A1E813695DE0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9336c-fx2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F1FC2B1F-232E-4754-8076-CC82F3648730",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9336pq_aci_spine:-:*:*:*:*:*:*:*",
"matchCriteriaId": "785FD17C-F32E-4042-9DDE-A89B3AAE0334",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9348gc-fxp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "17C7E3DB-8E1A-47AD-B1C5-61747DC0CFB9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9364c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "63842B25-8C32-4988-BBBD-61E9CB09B4F3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9372px:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4364ADB9-8162-451D-806A-B98924E6B2CF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9372px-e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B53BCB42-ED61-4FCF-8068-CB467631C63C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9372tx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "49E0371B-FDE2-473C-AA59-47E1269D050F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9372tx-e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "489D11EC-5A18-4F32-BC7C-AC1FCEC27222",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9396px:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1BC5293E-F2B4-46DC-85DA-167EA323FCFD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9396tx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EA022E77-6557-4A33-9A3A-D028E2DB669A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9504:-:*:*:*:*:*:*:*",
"matchCriteriaId": "768BE390-5ED5-48A7-9E80-C4DE8BA979B1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9508:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DDC2F709-AFBE-48EA-A3A2-DA1134534FB6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:nexus_9516:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7E02DC82-0D26-436F-BA64-73C958932B0A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:ucs_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C8BA5E06-2264-4292-93E5-D32A2D81600E",
"versionEndExcluding": "3.2\\(3m\\)",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:ucs_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5C79BC0D-B86C-452B-B6CA-F93E938B707F",
"versionEndExcluding": "4.0\\(4g\\)",
"versionStartIncluding": "4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ucs_6248up:-:*:*:*:*:*:*:*",
"matchCriteriaId": "49112D3F-DFAD-4E71-992B-9E0640FA388C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ucs_6296up:-:*:*:*:*:*:*:*",
"matchCriteriaId": "38A1D8F2-A4A6-4BAC-8326-9F9DE9572FA2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ucs_6300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C6BCF41B-A617-4563-8D14-E906411354FB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ucs_6324:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B82093C6-B36D-4E4E-AD7F-8C107646B8D9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ucs_64108:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BC04D48B-8B2F-45E1-A445-A87E92E790B8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ucs_6454:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4FD096B7-6F8E-4E48-9EC4-9A10AA7D9AA0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Cisco Discovery Protocol implementation for Cisco FXOS Software, Cisco IOS XR Software, and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to a missing check when the affected software processes Cisco Discovery Protocol messages. An attacker could exploit this vulnerability by sending a malicious Cisco Discovery Protocol packet to an affected device. A successful exploit could allow the attacker to exhaust system memory, causing the device to reload. Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent)."
},
{
"lang": "es",
"value": "Una vulnerabilidad en la implementaci\u00f3n de Cisco Discovery Protocol para Cisco FXOS Software, Cisco IOS XR Software y Cisco NX-OS Software, podr\u00eda permitir a un atacante adyacente no autenticado causar una recarga de un dispositivo afectado, resultando en una condici\u00f3n de denegaci\u00f3n de servicio (DoS). La vulnerabilidad es debido a una falta de comprobaci\u00f3n cuando el software afectado procesa los mensajes de Cisco Discovery Protocol. Un atacante podr\u00eda explotar esta vulnerabilidad mediante el env\u00edo de un paquete malicioso de Cisco Discovery Protocol hacia un dispositivo afectado. Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir al atacante agotar la memoria del sistema, causando que el dispositivo se recargue. Cisco Discovery Protocol es un protocolo de Capa 2. Para explotar esta vulnerabilidad, un atacante debe encontrarse en el mismo dominio de difusi\u00f3n que el dispositivo afectado (Capa 2 adyacente)."
}
],
"id": "CVE-2020-3120",
"lastModified": "2024-11-21T05:30:22.057",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 6.5,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 4.0,
"source": "psirt@cisco.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-02-05T18:15:11.063",
"references": [
{
"source": "psirt@cisco.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/156203/Cisco-Discovery-Protocol-CDP-Remote-Device-Takeover.html"
},
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200205-fxnxos-iosxr-cdp-dos"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/156203/Cisco-Discovery-Protocol-CDP-Remote-Device-Takeover.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200205-fxnxos-iosxr-cdp-dos"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-190"
}
],
"source": "psirt@cisco.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-190"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-03-13 17:15
Modified
2025-08-05 14:41
Severity ?
Summary
A vulnerability in the access control list (ACL) processing on Pseudowire interfaces in the ingress direction of Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass a configured ACL.
This vulnerability is due to improper assignment of lookup keys to internal interface contexts. An attacker could exploit this vulnerability by attempting to send traffic through an affected device. A successful exploit could allow the attacker to access resources behind the affected device that were supposed to be protected by a configured ACL.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E1ED2B72-A65C-47E4-87B3-D83F29428396",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:7.11:*:*:*:*:*:*:*",
"matchCriteriaId": "FC973609-4C39-4B38-A5E3-94C841F89E02",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:8011-4g24y4h-i:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1C422517-1BC8-4BCE-97E8-A2C165C7BB64",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8101-32fh:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E055F58F-F9FB-4B27-841E-61ECAB5F42B8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8101-32fh-o:-:*:*:*:*:*:*:*",
"matchCriteriaId": "437EBDAF-0633-409C-9EA4-DAD099D553B6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8101-32h-o:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8153C555-9AF4-4793-8F27-B01F1B3D76B9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8102-28fh-dpu-o:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F0229018-3C4A-4174-B50F-F352FB1CCF9A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8102-64h:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A3C3DDAC-7D0F-4D1D-9632-F001F2EB5D34",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8102-64h-o:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2B14EC7C-4916-49C8-B919-E0149A4C44BF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8111-32eh-o:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9E0443E9-9309-4503-9D21-ED5359F87E71",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8122-64eh-o:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9911F911-E322-4B0F-B31A-8FDA80D7AE5B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8122-64ehf-o:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5FA5968D-7167-4D7D-A055-6F3C8023B496",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8201:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3D8E7FFF-82A8-4ECB-BA0C-CBF0C2FDA3A3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8201-24h8fh:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7A554611-6B1B-482E-AF77-CD032EA7A978",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8201-32fh:-:*:*:*:*:*:*:*",
"matchCriteriaId": "528BE0D3-E5ED-4836-B0D8-0C8508C5BDD7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8201-32fh-o:-:*:*:*:*:*:*:*",
"matchCriteriaId": "321767C3-BEBB-4A70-A4BF-4EED7E6669D9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8202:-:*:*:*:*:*:*:*",
"matchCriteriaId": "87DC4C2F-01C5-4D89-8D79-E5D28EDAD0F2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8202-32fh-m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "17EF50F5-0A9F-4649-BEBB-1F181E27C5B7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8212-48fh-m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "59AB5F5A-2346-4F4B-A6ED-1884C5BE9353",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8404:-:*:*:*:*:*:*:*",
"matchCriteriaId": "540DCD6A-722D-4173-8046-885FEFA23A14",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8501-sys-mt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "18A5A74F-458A-4D51-B487-949E637E58AD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8608:-:*:*:*:*:*:*:*",
"matchCriteriaId": "58B8D161-2D5E-4BD8-9518-B2FAB73ADEEE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8700:-:*:*:*:*:*:*:*",
"matchCriteriaId": "115B1C4A-A508-4F22-8E15-545AB4301017",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8711-32fh-m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D4DF4211-FC4B-4A4A-9154-D64F0B84EEA3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8712-mod-m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3432E52B-6914-4DF2-8D7C-C19A435BF542",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8804:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6655851F-58D9-49D9-A56E-8440A7F7BB45",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8808:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F5E2AE67-DED3-4414-A194-386ADB2C8DC7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8812:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3920133A-684D-4A9F-B65A-FF4EAE5052E5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8818:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9ED06361-5A68-4656-AEA5-240C290594CD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540-12z20g-sys-a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D5494B4B-0BB4-48AE-8B0D-04DE649F9313",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540-12z20g-sys-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B3A0C835-6C98-4AB6-89FF-C27117BB6B12",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540-24q2c2dd-sys:-:*:*:*:*:*:*:*",
"matchCriteriaId": "24550EBB-6FEE-4916-B58A-5FD8E45E962B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540-24q8l2dd-sys:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AAD71DBE-AE18-49FA-826E-52D87A73F496",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540-24z8q2c-sys:-:*:*:*:*:*:*:*",
"matchCriteriaId": "395F25CD-FDF5-48D7-A048-A6B4F4779EC9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540-28z4c-sys-a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2E926BBC-F5C5-4D02-8A62-F1A5DE3C54DA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540-28z4c-sys-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EFB1323A-C472-4EA1-A969-1D1C10AB0CE8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540-6z14s-sys-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A64FB4E3-4393-4A89-B6FB-E990D33427C5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540-6z18g-sys-a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E2E585D1-F2E7-4CBE-ACA2-6552ACDF492A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540-6z18g-sys-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "44BB03A0-9152-444B-B5CD-70F4CBD53D03",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540-acc-sys:-:*:*:*:*:*:*:*",
"matchCriteriaId": "124CE49C-1C2B-40A5-8F59-7A223766E12F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540-fh-agg:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3D7DFE35-76BA-4BAE-9C4B-0625DAE573B0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540-fh-csr-sys:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1645EAA7-0847-4418-BA9B-FA8E36B59626",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540x-12z16g-sys-a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A83F3D33-0674-4F74-AEA9-BC824D8536F5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540x-12z16g-sys-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "784A450D-8DCA-43E5-8044-A9F2363FB006",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540x-16z4g8q2c-a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "92E88ED4-C2AF-407C-A395-3D7806D68758",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540x-16z4g8q2c-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2DA11E43-F821-45F6-A2DB-E1EBC8BDE68B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540x-16z8q2c-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A93F10D9-CF79-4DF2-964C-D423D1C1D993",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540x-4z14g2q-a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A52A23CF-2D33-46CD-9784-D54826F63C71",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540x-4z14g2q-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BB9BD2FE-BADB-489F-B832-2EF53F8679E6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540x-6z18g-sys-a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "42610AAA-9830-44C3-8D1D-2433FCA0541B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540x-6z18g-sys-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "31CE816F-858C-421A-99D1-FCD4BB5FAD47",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540x-8z16g-sys-a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2C4A522F-560C-438D-AB68-BF0175C06F78",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540x-8z16g-sys-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A405E23C-24BC-42C8-99DB-D8E5EFD98261",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540x-acc-sys:-:*:*:*:*:*:*:*",
"matchCriteriaId": "871D84C5-71EE-4B82-A48C-A1CC68DA332A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5501:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0A972EFE-4F7E-4BFC-8631-66A2D16B74A3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5501-se:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1B254955-C485-45D7-A19B-E78CE1D997AD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5502:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7F72AEF0-EE70-40F8-B52B-1390820B87BB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5502-se:-:*:*:*:*:*:*:*",
"matchCriteriaId": "50C7B71A-2559-4E90-BAAA-C6FAAFE35FC3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5504:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6AC4E089-296D-4C19-BF21-DDF2501DD77C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5508:-:*:*:*:*:*:*:*",
"matchCriteriaId": "43D21B01-A754-474F-8E46-14D733AB307E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_5516:-:*:*:*:*:*:*:*",
"matchCriteriaId": "17D6424C-972F-459C-B8F7-04FFD9F541BC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_55a1-24h:-:*:*:*:*:*:*:*",
"matchCriteriaId": "281FC7F6-C3E2-405F-83C4-A0AD7ECAF213",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_55a1-24q6h-s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DA339C23-841E-44A0-A6F5-B12B904A000E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_55a1-24q6h-ss:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C57DBC4F-102C-490D-B69D-7E21CF0C7F60",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_55a1-36h:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7440BF48-60A5-4BF2-8D75-63E3AF3ACCC9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_55a1-36h-se:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4A64CD22-3E53-4848-B526-DAAAB427626A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_55a1-48q6h:-:*:*:*:*:*:*:*",
"matchCriteriaId": "98157A1D-224F-4BF0-9AA9-07CB1807AD12",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_55a2-mod-hd-s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A94BAC7E-F0F9-4E20-9DBE-C1E13585BE7A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_55a2-mod-s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B0874ECF-6237-44EE-BFA6-E639AAD43F68",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_55a2-mod-se-s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B1DD4339-512E-4422-93F4-CEF836FF1EDD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_560-4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BB01E968-E838-4D3C-B603-BF7E4E0F8A2C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_560-7:-:*:*:*:*:*:*:*",
"matchCriteriaId": "08864A59-0840-4407-8D30-9CE34BAF05E7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_57b1-5dse-sys:-:*:*:*:*:*:*:*",
"matchCriteriaId": "13EEDD1C-25BC-4AFA-AF60-66DE36927528",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_57b1-6d24-sys:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5CD3B06B-864E-4A35-B0C3-1654390022D2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_57c1-48q6-sys:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AD1B4F37-5AAA-4F40-8865-226289CB5CEB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_57c3-mod-sys:-:*:*:*:*:*:*:*",
"matchCriteriaId": "355F78C3-C07F-48C3-9B6E-55714EAA7331",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_57d2-18dd-sys:-:*:*:*:*:*:*:*",
"matchCriteriaId": "976AC38F-5873-41ED-82B6-31C22FCC6BEE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the access control list (ACL) processing on Pseudowire interfaces in the ingress direction of Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass a configured ACL.\r\n\r This vulnerability is due to improper assignment of lookup keys to internal interface contexts. An attacker could exploit this vulnerability by attempting to send traffic through an affected device. A successful exploit could allow the attacker to access resources behind the affected device that were supposed to be protected by a configured ACL."
},
{
"lang": "es",
"value": "Una vulnerabilidad en el procesamiento de la lista de control de acceso (ACL) en interfaces Pseudowire en la direcci\u00f3n de ingreso del software Cisco IOS XR podr\u00eda permitir que un atacante remoto no autenticado omita una ACL configurada. Esta vulnerabilidad se debe a una asignaci\u00f3n incorrecta de claves de b\u00fasqueda a contextos de interfaz interna. Un atacante podr\u00eda aprovechar esta vulnerabilidad intentando enviar tr\u00e1fico a trav\u00e9s de un dispositivo afectado. Un exploit exitoso podr\u00eda permitir al atacante acceder a recursos detr\u00e1s del dispositivo afectado que se supon\u00eda estaban protegidos por una ACL configurada."
}
],
"id": "CVE-2024-20322",
"lastModified": "2025-08-05T14:41:53.510",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "psirt@cisco.com",
"type": "Secondary"
}
]
},
"published": "2024-03-13T17:15:48.407",
"references": [
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-acl-bypass-RZU5NL3e"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-acl-bypass-RZU5NL3e"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "psirt@cisco.com",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-07-10 16:15
Modified
2025-08-04 17:44
Severity ?
Summary
A vulnerability in the boot process of Cisco IOS XR Software could allow an authenticated, local attacker with high privileges to bypass the Cisco Secure Boot functionality and load unverified software on an affected device. To exploit this successfully, the attacker must have root-system privileges on the affected device.
This vulnerability is due to an error in the software build process. An attacker could exploit this vulnerability by manipulating the system’s configuration options to bypass some of the integrity checks that are performed during the booting process. A successful exploit could allow the attacker to control the boot configuration, which could enable them to bypass of the requirement to run Cisco signed images or alter the security properties of the running system.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ios_xr:24.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D64E1C4D-46B0-4A18-B8EE-BEA732CBF1F8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:8011-4g24y4h-i:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1C422517-1BC8-4BCE-97E8-A2C165C7BB64",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8101-32fh:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E055F58F-F9FB-4B27-841E-61ECAB5F42B8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8101-32fh-o:-:*:*:*:*:*:*:*",
"matchCriteriaId": "437EBDAF-0633-409C-9EA4-DAD099D553B6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8101-32h-o:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8153C555-9AF4-4793-8F27-B01F1B3D76B9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8102-28fh-dpu-o:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F0229018-3C4A-4174-B50F-F352FB1CCF9A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8102-64h:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A3C3DDAC-7D0F-4D1D-9632-F001F2EB5D34",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8102-64h-o:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2B14EC7C-4916-49C8-B919-E0149A4C44BF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8111-32eh-o:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9E0443E9-9309-4503-9D21-ED5359F87E71",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8122-64eh-o:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9911F911-E322-4B0F-B31A-8FDA80D7AE5B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8122-64ehf-o:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5FA5968D-7167-4D7D-A055-6F3C8023B496",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8201:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3D8E7FFF-82A8-4ECB-BA0C-CBF0C2FDA3A3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8201-24h8fh:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7A554611-6B1B-482E-AF77-CD032EA7A978",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8201-32fh:-:*:*:*:*:*:*:*",
"matchCriteriaId": "528BE0D3-E5ED-4836-B0D8-0C8508C5BDD7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8201-32fh-o:-:*:*:*:*:*:*:*",
"matchCriteriaId": "321767C3-BEBB-4A70-A4BF-4EED7E6669D9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8202:-:*:*:*:*:*:*:*",
"matchCriteriaId": "87DC4C2F-01C5-4D89-8D79-E5D28EDAD0F2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8202-32fh-m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "17EF50F5-0A9F-4649-BEBB-1F181E27C5B7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8212-48fh-m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "59AB5F5A-2346-4F4B-A6ED-1884C5BE9353",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8404:-:*:*:*:*:*:*:*",
"matchCriteriaId": "540DCD6A-722D-4173-8046-885FEFA23A14",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8501-sys-mt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "18A5A74F-458A-4D51-B487-949E637E58AD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8608:-:*:*:*:*:*:*:*",
"matchCriteriaId": "58B8D161-2D5E-4BD8-9518-B2FAB73ADEEE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8700:-:*:*:*:*:*:*:*",
"matchCriteriaId": "115B1C4A-A508-4F22-8E15-545AB4301017",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8711-32fh-m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D4DF4211-FC4B-4A4A-9154-D64F0B84EEA3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8712-mod-m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3432E52B-6914-4DF2-8D7C-C19A435BF542",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8804:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6655851F-58D9-49D9-A56E-8440A7F7BB45",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8808:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F5E2AE67-DED3-4414-A194-386ADB2C8DC7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8812:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3920133A-684D-4A9F-B65A-FF4EAE5052E5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8818:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9ED06361-5A68-4656-AEA5-240C290594CD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_1010:-:*:*:*:*:*:*:*",
"matchCriteriaId": "97D1123D-39F9-4D22-99CE-F28CA57FE191",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_1014:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F2E3F337-0CF5-456E-B313-DC3ED4BF9D9B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540-12z20g-sys-a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D5494B4B-0BB4-48AE-8B0D-04DE649F9313",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540-12z20g-sys-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B3A0C835-6C98-4AB6-89FF-C27117BB6B12",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540-24q2c2dd-sys:-:*:*:*:*:*:*:*",
"matchCriteriaId": "24550EBB-6FEE-4916-B58A-5FD8E45E962B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540-24q8l2dd-sys:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AAD71DBE-AE18-49FA-826E-52D87A73F496",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540-24z8q2c-sys:-:*:*:*:*:*:*:*",
"matchCriteriaId": "395F25CD-FDF5-48D7-A048-A6B4F4779EC9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540-28z4c-sys-a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2E926BBC-F5C5-4D02-8A62-F1A5DE3C54DA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540-28z4c-sys-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EFB1323A-C472-4EA1-A969-1D1C10AB0CE8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540-6z14s-sys-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A64FB4E3-4393-4A89-B6FB-E990D33427C5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540-6z18g-sys-a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E2E585D1-F2E7-4CBE-ACA2-6552ACDF492A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540-6z18g-sys-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "44BB03A0-9152-444B-B5CD-70F4CBD53D03",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540-acc-sys:-:*:*:*:*:*:*:*",
"matchCriteriaId": "124CE49C-1C2B-40A5-8F59-7A223766E12F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540-fh-agg:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3D7DFE35-76BA-4BAE-9C4B-0625DAE573B0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540-fh-csr-sys:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1645EAA7-0847-4418-BA9B-FA8E36B59626",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540x-12z16g-sys-a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A83F3D33-0674-4F74-AEA9-BC824D8536F5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540x-12z16g-sys-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "784A450D-8DCA-43E5-8044-A9F2363FB006",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540x-16z4g8q2c-a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "92E88ED4-C2AF-407C-A395-3D7806D68758",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540x-16z4g8q2c-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2DA11E43-F821-45F6-A2DB-E1EBC8BDE68B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540x-16z8q2c-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A93F10D9-CF79-4DF2-964C-D423D1C1D993",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540x-4z14g2q-a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A52A23CF-2D33-46CD-9784-D54826F63C71",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540x-4z14g2q-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BB9BD2FE-BADB-489F-B832-2EF53F8679E6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540x-6z18g-sys-a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "42610AAA-9830-44C3-8D1D-2433FCA0541B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540x-6z18g-sys-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "31CE816F-858C-421A-99D1-FCD4BB5FAD47",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540x-8z16g-sys-a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2C4A522F-560C-438D-AB68-BF0175C06F78",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540x-8z16g-sys-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A405E23C-24BC-42C8-99DB-D8E5EFD98261",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540x-acc-sys:-:*:*:*:*:*:*:*",
"matchCriteriaId": "871D84C5-71EE-4B82-A48C-A1CC68DA332A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_57b1-5dse-sys:-:*:*:*:*:*:*:*",
"matchCriteriaId": "13EEDD1C-25BC-4AFA-AF60-66DE36927528",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_57b1-6d24-sys:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5CD3B06B-864E-4A35-B0C3-1654390022D2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_57c1-48q6-sys:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AD1B4F37-5AAA-4F40-8865-226289CB5CEB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_57d2-18dd-sys:-:*:*:*:*:*:*:*",
"matchCriteriaId": "976AC38F-5873-41ED-82B6-31C22FCC6BEE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the boot process of Cisco IOS XR Software could allow an authenticated, local attacker with high privileges to bypass the Cisco Secure Boot functionality and load unverified software on an affected device. To exploit this successfully, the attacker must have root-system privileges on the affected device.\r\n\r This vulnerability is due to an error in the software build process. An attacker could exploit this vulnerability by manipulating the system\u0026rsquo;s configuration options to bypass some of the integrity checks that are performed during the booting process. A successful exploit could allow the attacker to control the boot configuration, which could enable them to bypass of the requirement to run Cisco signed images or alter the security properties of the running system."
},
{
"lang": "es",
"value": "Una vulnerabilidad en el proceso de arranque del software Cisco IOS XR podr\u00eda permitir que un atacante local autenticado con altos privilegios omita la funcionalidad de arranque seguro de Cisco y cargue software no verificado en un dispositivo afectado. Para aprovechar esto con \u00e9xito, el atacante debe tener privilegios de system root en el dispositivo afectado. Esta vulnerabilidad se debe a un error en el proceso de compilaci\u00f3n del software. Un atacante podr\u00eda aprovechar esta vulnerabilidad manipulando las opciones de configuraci\u00f3n del sistema para omitir algunas de las comprobaciones de integridad que se realizan durante el proceso de arranque. Un exploit exitoso podr\u00eda permitir al atacante controlar la configuraci\u00f3n de arranque, lo que podr\u00eda permitirle eludir el requisito de ejecutar im\u00e1genes firmadas de Cisco o alterar las propiedades de seguridad del sistema en ejecuci\u00f3n."
}
],
"id": "CVE-2024-20456",
"lastModified": "2025-08-04T17:44:16.417",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9,
"source": "psirt@cisco.com",
"type": "Secondary"
}
]
},
"published": "2024-07-10T16:15:03.703",
"references": [
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xr-secure-boot-quD5g8Ap"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xr-secure-boot-quD5g8Ap"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-732"
}
],
"source": "psirt@cisco.com",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-03-12 16:15
Modified
2025-08-06 17:04
Severity ?
Summary
A vulnerability in the boot process of Cisco IOS XR Software could allow an authenticated, local attacker to bypass Cisco IOS XR image signature verification and load unverified software on an affected device. To exploit this vulnerability, the attacker must have root-system privileges on the affected device.
This vulnerability is due to incomplete validation of files in the boot verification process. An attacker could exploit this vulnerability by manipulating the system configuration options to bypass some of the integrity checks that are performed during the boot process. A successful exploit could allow the attacker to control the boot configuration, which could enable them to bypass the requirement to run Cisco-signed images or alter the security properties of the running system.
Note: Because exploitation of this vulnerability could result in the attacker bypassing Cisco image verification, Cisco has raised the Security Impact Rating (SIR) of this advisory from Medium to High.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8EC4CBFD-BFB8-4D89-B5F7-3CBD156778A7",
"versionEndExcluding": "7.11.21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DCAF5A0C-D731-4BE1-AAD8-88ADDB8A65DE",
"versionEndExcluding": "24.2.2",
"versionStartIncluding": "24.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5C9D6AD9-652C-491A-9B61-04691D82BBBE",
"versionEndExcluding": "24.3.2",
"versionStartIncluding": "24.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:24.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1FCE9AC2-F70A-4B54-8B1C-8F28E4FB32D3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:8011-4g24y4h-i:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1C422517-1BC8-4BCE-97E8-A2C165C7BB64",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8101-32fh:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E055F58F-F9FB-4B27-841E-61ECAB5F42B8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8101-32fh-o:-:*:*:*:*:*:*:*",
"matchCriteriaId": "437EBDAF-0633-409C-9EA4-DAD099D553B6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8101-32h-o:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8153C555-9AF4-4793-8F27-B01F1B3D76B9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8102-28fh-dpu-o:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F0229018-3C4A-4174-B50F-F352FB1CCF9A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8102-64h:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A3C3DDAC-7D0F-4D1D-9632-F001F2EB5D34",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8102-64h-o:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2B14EC7C-4916-49C8-B919-E0149A4C44BF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8111-32eh-o:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9E0443E9-9309-4503-9D21-ED5359F87E71",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8122-64eh-o:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9911F911-E322-4B0F-B31A-8FDA80D7AE5B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8122-64ehf-o:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5FA5968D-7167-4D7D-A055-6F3C8023B496",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8201:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3D8E7FFF-82A8-4ECB-BA0C-CBF0C2FDA3A3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8201-24h8fh:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7A554611-6B1B-482E-AF77-CD032EA7A978",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8201-32fh:-:*:*:*:*:*:*:*",
"matchCriteriaId": "528BE0D3-E5ED-4836-B0D8-0C8508C5BDD7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8201-32fh-o:-:*:*:*:*:*:*:*",
"matchCriteriaId": "321767C3-BEBB-4A70-A4BF-4EED7E6669D9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8202:-:*:*:*:*:*:*:*",
"matchCriteriaId": "87DC4C2F-01C5-4D89-8D79-E5D28EDAD0F2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8202-32fh-m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "17EF50F5-0A9F-4649-BEBB-1F181E27C5B7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8212-48fh-m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "59AB5F5A-2346-4F4B-A6ED-1884C5BE9353",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8404:-:*:*:*:*:*:*:*",
"matchCriteriaId": "540DCD6A-722D-4173-8046-885FEFA23A14",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8501-sys-mt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "18A5A74F-458A-4D51-B487-949E637E58AD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8608:-:*:*:*:*:*:*:*",
"matchCriteriaId": "58B8D161-2D5E-4BD8-9518-B2FAB73ADEEE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8700:-:*:*:*:*:*:*:*",
"matchCriteriaId": "115B1C4A-A508-4F22-8E15-545AB4301017",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8711-32fh-m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D4DF4211-FC4B-4A4A-9154-D64F0B84EEA3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8712-mod-m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3432E52B-6914-4DF2-8D7C-C19A435BF542",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8804:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6655851F-58D9-49D9-A56E-8440A7F7BB45",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8808:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F5E2AE67-DED3-4414-A194-386ADB2C8DC7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8812:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3920133A-684D-4A9F-B65A-FF4EAE5052E5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8818:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9ED06361-5A68-4656-AEA5-240C290594CD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_1010:-:*:*:*:*:*:*:*",
"matchCriteriaId": "97D1123D-39F9-4D22-99CE-F28CA57FE191",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_1014:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F2E3F337-0CF5-456E-B313-DC3ED4BF9D9B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540-12z20g-sys-a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D5494B4B-0BB4-48AE-8B0D-04DE649F9313",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540-12z20g-sys-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B3A0C835-6C98-4AB6-89FF-C27117BB6B12",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540-24q2c2dd-sys:-:*:*:*:*:*:*:*",
"matchCriteriaId": "24550EBB-6FEE-4916-B58A-5FD8E45E962B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540-24q8l2dd-sys:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AAD71DBE-AE18-49FA-826E-52D87A73F496",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540-24z8q2c-sys:-:*:*:*:*:*:*:*",
"matchCriteriaId": "395F25CD-FDF5-48D7-A048-A6B4F4779EC9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540-28z4c-sys-a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2E926BBC-F5C5-4D02-8A62-F1A5DE3C54DA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540-28z4c-sys-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EFB1323A-C472-4EA1-A969-1D1C10AB0CE8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540-6z14s-sys-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A64FB4E3-4393-4A89-B6FB-E990D33427C5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540-6z18g-sys-a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E2E585D1-F2E7-4CBE-ACA2-6552ACDF492A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540-6z18g-sys-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "44BB03A0-9152-444B-B5CD-70F4CBD53D03",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540-acc-sys:-:*:*:*:*:*:*:*",
"matchCriteriaId": "124CE49C-1C2B-40A5-8F59-7A223766E12F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540-fh-agg:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3D7DFE35-76BA-4BAE-9C4B-0625DAE573B0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540-fh-csr-sys:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1645EAA7-0847-4418-BA9B-FA8E36B59626",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540x-12z16g-sys-a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A83F3D33-0674-4F74-AEA9-BC824D8536F5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540x-12z16g-sys-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "784A450D-8DCA-43E5-8044-A9F2363FB006",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540x-16z4g8q2c-a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "92E88ED4-C2AF-407C-A395-3D7806D68758",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540x-16z4g8q2c-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2DA11E43-F821-45F6-A2DB-E1EBC8BDE68B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540x-16z8q2c-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A93F10D9-CF79-4DF2-964C-D423D1C1D993",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540x-4z14g2q-a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A52A23CF-2D33-46CD-9784-D54826F63C71",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540x-4z14g2q-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BB9BD2FE-BADB-489F-B832-2EF53F8679E6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540x-6z18g-sys-a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "42610AAA-9830-44C3-8D1D-2433FCA0541B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540x-6z18g-sys-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "31CE816F-858C-421A-99D1-FCD4BB5FAD47",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540x-8z16g-sys-a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2C4A522F-560C-438D-AB68-BF0175C06F78",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540x-8z16g-sys-d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A405E23C-24BC-42C8-99DB-D8E5EFD98261",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_540x-acc-sys:-:*:*:*:*:*:*:*",
"matchCriteriaId": "871D84C5-71EE-4B82-A48C-A1CC68DA332A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_57b1-5dse-sys:-:*:*:*:*:*:*:*",
"matchCriteriaId": "13EEDD1C-25BC-4AFA-AF60-66DE36927528",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_57b1-6d24-sys:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5CD3B06B-864E-4A35-B0C3-1654390022D2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_57c1-48q6-sys:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AD1B4F37-5AAA-4F40-8865-226289CB5CEB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_57c3-mod-sys:-:*:*:*:*:*:*:*",
"matchCriteriaId": "355F78C3-C07F-48C3-9B6E-55714EAA7331",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ncs_57d2-18dd-sys:-:*:*:*:*:*:*:*",
"matchCriteriaId": "976AC38F-5873-41ED-82B6-31C22FCC6BEE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the boot process of Cisco IOS XR Software could allow an authenticated, local attacker to bypass Cisco IOS XR image signature verification and load unverified software on an affected device. To exploit this vulnerability, the attacker must have root-system privileges on the affected device.\r\n\r\nThis vulnerability is due to incomplete validation of files in the boot verification process. An attacker could exploit this vulnerability by manipulating the system configuration options to bypass some of the integrity checks that are performed during the boot process. A successful exploit could allow the attacker to control the boot configuration, which could enable them to bypass the requirement to run Cisco-signed images or alter the security properties of the running system.\r\nNote: Because exploitation of this vulnerability could result in the attacker bypassing Cisco image verification, Cisco has raised the Security Impact Rating (SIR) of this advisory from Medium to High."
},
{
"lang": "es",
"value": "Una vulnerabilidad en el proceso de arranque del software Cisco IOS XR podr\u00eda permitir que un atacante local autenticado omita la verificaci\u00f3n de la firma de la imagen de Cisco IOS XR e instale software no verificado en un dispositivo afectado. Para explotar esta vulnerabilidad, el atacante debe tener privilegios de administrador en el dispositivo afectado. Esta vulnerabilidad se debe a una validaci\u00f3n incompleta de los archivos durante el proceso de verificaci\u00f3n de arranque. Un atacante podr\u00eda explotarla manipulando las opciones de configuraci\u00f3n del sistema para omitir algunas de las comprobaciones de integridad que se realizan durante el proceso de arranque. Una explotaci\u00f3n exitosa podr\u00eda permitir al atacante controlar la configuraci\u00f3n de arranque, lo que podr\u00eda permitirle omitir el requisito de ejecutar im\u00e1genes firmadas por Cisco o alterar las propiedades de seguridad del sistema en ejecuci\u00f3n. Nota: Dado que la explotaci\u00f3n de esta vulnerabilidad podr\u00eda provocar que el atacante omita la verificaci\u00f3n de la imagen de Cisco, Cisco ha elevado la calificaci\u00f3n de impacto de seguridad (SIR) de este aviso de media a alta."
}
],
"id": "CVE-2025-20177",
"lastModified": "2025-08-06T17:04:34.603",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9,
"source": "psirt@cisco.com",
"type": "Primary"
}
]
},
"published": "2025-03-12T16:15:22.347",
"references": [
{
"source": "psirt@cisco.com",
"tags": [
"Product"
],
"url": "https://blog.apnic.net/2024/09/02/crafting-endless-as-paths-in-bgp/"
},
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-xr-verii-bypass-HhPwQRvx"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-274"
}
],
"source": "psirt@cisco.com",
"type": "Primary"
}
]
}