2022-10-27 19:00:52 +00:00
{
2023-09-13 17:00:33 +00:00
"data_version" : "4.0" ,
2022-10-27 19:00:52 +00:00
"data_type" : "CVE" ,
"data_format" : "MITRE" ,
"CVE_data_meta" : {
"ID" : "CVE-2023-20236" ,
2023-09-13 17:00:33 +00:00
"ASSIGNER" : "psirt@cisco.com" ,
"STATE" : "PUBLIC"
2022-10-27 19:00:52 +00:00
} ,
"description" : {
"description_data" : [
{
"lang" : "eng" ,
2023-09-13 17:00:33 +00:00
"value" : "A vulnerability in the iPXE boot function of Cisco IOS XR software could allow an authenticated, local attacker to install an unverified software image on an affected device.\r\n\r This vulnerability is due to insufficient image verification. An attacker could exploit this vulnerability by manipulating the boot parameters for image verification during the iPXE boot process on an affected device. A successful exploit could allow the attacker to boot an unverified software image on the affected device."
}
]
} ,
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng" ,
2024-01-25 17:05:36 +00:00
"value" : "Improper Verification of Cryptographic Signature" ,
"cweId" : "CWE-347"
2023-09-13 17:00:33 +00:00
}
]
}
]
} ,
"affects" : {
"vendor" : {
"vendor_data" : [
{
"vendor_name" : "Cisco" ,
"product" : {
"product_data" : [
{
"product_name" : "Cisco IOS XR Software" ,
"version" : {
"version_data" : [
{
"version_affected" : "=" ,
"version_value" : "5.2.0"
} ,
{
"version_affected" : "=" ,
"version_value" : "5.2.1"
} ,
{
"version_affected" : "=" ,
"version_value" : "5.2.2"
} ,
{
"version_affected" : "=" ,
"version_value" : "5.2.4"
} ,
{
"version_affected" : "=" ,
"version_value" : "5.2.3"
} ,
{
"version_affected" : "=" ,
"version_value" : "5.2.5"
} ,
{
"version_affected" : "=" ,
"version_value" : "5.2.47"
} ,
{
"version_affected" : "=" ,
"version_value" : "5.3.0"
} ,
{
"version_affected" : "=" ,
"version_value" : "5.3.1"
} ,
{
"version_affected" : "=" ,
"version_value" : "5.3.2"
} ,
{
"version_affected" : "=" ,
"version_value" : "5.3.3"
} ,
{
"version_affected" : "=" ,
"version_value" : "5.3.4"
} ,
{
"version_affected" : "=" ,
"version_value" : "6.0.0"
} ,
{
"version_affected" : "=" ,
"version_value" : "6.0.1"
} ,
{
"version_affected" : "=" ,
"version_value" : "6.0.2"
} ,
{
"version_affected" : "=" ,
"version_value" : "6.1.1"
} ,
{
"version_affected" : "=" ,
"version_value" : "6.1.2"
} ,
{
"version_affected" : "=" ,
"version_value" : "6.1.3"
} ,
{
"version_affected" : "=" ,
"version_value" : "6.1.4"
} ,
{
"version_affected" : "=" ,
"version_value" : "6.1.12"
} ,
{
"version_affected" : "=" ,
"version_value" : "6.1.22"
} ,
{
"version_affected" : "=" ,
"version_value" : "6.1.32"
} ,
{
"version_affected" : "=" ,
"version_value" : "6.1.36"
} ,
{
"version_affected" : "=" ,
"version_value" : "6.1.42"
} ,
{
"version_affected" : "=" ,
"version_value" : "6.2.1"
} ,
{
"version_affected" : "=" ,
"version_value" : "6.2.2"
} ,
{
"version_affected" : "=" ,
"version_value" : "6.2.3"
} ,
{
"version_affected" : "=" ,
"version_value" : "6.2.25"
} ,
{
"version_affected" : "=" ,
"version_value" : "6.2.11"
} ,
{
"version_affected" : "=" ,
"version_value" : "6.3.2"
} ,
{
"version_affected" : "=" ,
"version_value" : "6.3.3"
} ,
{
"version_affected" : "=" ,
"version_value" : "6.3.15"
} ,
{
"version_affected" : "=" ,
"version_value" : "6.4.1"
} ,
{
"version_affected" : "=" ,
"version_value" : "6.4.2"
} ,
{
"version_affected" : "=" ,
"version_value" : "6.4.3"
} ,
{
"version_affected" : "=" ,
"version_value" : "6.5.1"
} ,
{
"version_affected" : "=" ,
"version_value" : "6.5.2"
} ,
{
"version_affected" : "=" ,
"version_value" : "6.5.3"
} ,
{
"version_affected" : "=" ,
"version_value" : "6.5.25"
} ,
{
"version_affected" : "=" ,
"version_value" : "6.5.26"
} ,
{
"version_affected" : "=" ,
"version_value" : "6.5.28"
} ,
{
"version_affected" : "=" ,
"version_value" : "6.5.29"
} ,
{
"version_affected" : "=" ,
"version_value" : "6.5.32"
} ,
{
"version_affected" : "=" ,
"version_value" : "6.5.33"
} ,
{
"version_affected" : "=" ,
"version_value" : "6.6.2"
} ,
{
"version_affected" : "=" ,
"version_value" : "6.6.3"
} ,
{
"version_affected" : "=" ,
"version_value" : "6.6.25"
} ,
{
"version_affected" : "=" ,
"version_value" : "6.6.4"
} ,
{
"version_affected" : "=" ,
"version_value" : "7.0.1"
} ,
{
"version_affected" : "=" ,
"version_value" : "7.0.2"
} ,
{
"version_affected" : "=" ,
"version_value" : "7.0.12"
} ,
{
"version_affected" : "=" ,
"version_value" : "7.0.14"
} ,
{
"version_affected" : "=" ,
"version_value" : "7.1.1"
} ,
{
"version_affected" : "=" ,
"version_value" : "7.1.15"
} ,
{
"version_affected" : "=" ,
"version_value" : "7.1.2"
} ,
{
"version_affected" : "=" ,
"version_value" : "7.1.3"
} ,
{
"version_affected" : "=" ,
"version_value" : "6.7.1"
} ,
{
"version_affected" : "=" ,
"version_value" : "6.7.2"
} ,
{
"version_affected" : "=" ,
"version_value" : "6.7.3"
} ,
{
"version_affected" : "=" ,
"version_value" : "6.7.4"
} ,
{
"version_affected" : "=" ,
"version_value" : "7.2.0"
} ,
{
"version_affected" : "=" ,
"version_value" : "7.2.1"
} ,
{
"version_affected" : "=" ,
"version_value" : "7.2.2"
} ,
{
"version_affected" : "=" ,
"version_value" : "7.3.1"
} ,
{
"version_affected" : "=" ,
"version_value" : "7.3.15"
} ,
{
"version_affected" : "=" ,
"version_value" : "7.3.2"
} ,
{
"version_affected" : "=" ,
"version_value" : "7.3.3"
} ,
{
"version_affected" : "=" ,
"version_value" : "7.3.5"
} ,
{
"version_affected" : "=" ,
"version_value" : "7.4.1"
} ,
{
"version_affected" : "=" ,
"version_value" : "7.4.2"
} ,
{
"version_affected" : "=" ,
"version_value" : "6.8.1"
} ,
{
"version_affected" : "=" ,
"version_value" : "6.8.2"
} ,
{
"version_affected" : "=" ,
"version_value" : "7.5.1"
} ,
{
"version_affected" : "=" ,
"version_value" : "7.5.3"
} ,
{
"version_affected" : "=" ,
"version_value" : "7.5.2"
} ,
{
"version_affected" : "=" ,
"version_value" : "7.5.4"
} ,
{
"version_affected" : "=" ,
"version_value" : "7.6.1"
} ,
{
"version_affected" : "=" ,
"version_value" : "7.6.2"
} ,
{
"version_affected" : "=" ,
"version_value" : "7.7.1"
} ,
{
"version_affected" : "=" ,
"version_value" : "7.7.2"
} ,
{
"version_affected" : "=" ,
"version_value" : "7.7.21"
} ,
{
"version_affected" : "=" ,
"version_value" : "6.9.1"
} ,
{
"version_affected" : "=" ,
"version_value" : "6.9.2"
} ,
{
"version_affected" : "=" ,
"version_value" : "7.8.1"
} ,
{
"version_affected" : "=" ,
"version_value" : "7.8.2"
} ,
{
"version_affected" : "=" ,
"version_value" : "7.9.1"
} ,
{
"version_affected" : "=" ,
"version_value" : "7.9.2"
}
]
}
}
]
}
}
]
}
} ,
"references" : {
"reference_data" : [
{
"url" : "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-ipxe-sigbypass-pymfyqgB" ,
"refsource" : "MISC" ,
"name" : "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-ipxe-sigbypass-pymfyqgB"
}
]
} ,
"source" : {
"advisory" : "cisco-sa-iosxr-ipxe-sigbypass-pymfyqgB" ,
"discovery" : "INTERNAL" ,
"defects" : [
"CSCvz63925" ,
"CSCvz63918" ,
"CSCwe12502" ,
2024-04-01 20:43:59 +00:00
"CSCvz63929" ,
"CSCwi31568" ,
"CSCwh78724" ,
"CSCwi26526" ,
"CSCwh70601" ,
2024-08-07 20:00:37 +00:00
"CSCwh78727" ,
"CSCwj83430" ,
"CSCwj88475"
2023-09-13 17:00:33 +00:00
]
} ,
"exploit" : [
{
"lang" : "en" ,
"value" : "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
] ,
"impact" : {
"cvss" : [
{
"version" : "3.1" ,
"vectorString" : "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" ,
"baseScore" : 6.7 ,
"baseSeverity" : "MEDIUM" ,
"attackVector" : "LOCAL" ,
"attackComplexity" : "LOW" ,
"privilegesRequired" : "HIGH" ,
"userInteraction" : "NONE" ,
"scope" : "UNCHANGED" ,
"confidentialityImpact" : "HIGH" ,
"integrityImpact" : "HIGH" ,
"availabilityImpact" : "HIGH"
2022-10-27 19:00:52 +00:00
}
]
}
}
