CVE-2020-3455

Cisco FXOS Software for Firepower 4100/9300 Series Appliances Secure Boot Bypass Vulnerability

Severity Score

7.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track*

*SSVC

Descriptions

A vulnerability in the secure boot process of Cisco FXOS Software could allow an authenticated, local attacker to bypass the secure boot mechanisms. The vulnerability is due to insufficient protections of the secure boot process. An attacker could exploit this vulnerability by injecting code into a specific file that is then referenced during the device boot process. A successful exploit could allow the attacker to break the chain of trust and inject code into the boot process of the device which would be executed at each boot and maintain persistence across reboots.

Una vulnerabilidad en el proceso de arranque seguro de Cisco FXOS Software, podría permitir a un atacante local autenticado omitir los mecanismos de arranque seguro. La vulnerabilidad es debido a unas protecciones insuficientes del proceso de arranque seguro. Un atacante podría explotar esta vulnerabilidad al inyectar código en un archivo específico al que luego se hace referencia durante el proceso de arranque del dispositivo. Una explotación con éxito podría permitir a un atacante romper la cadena de confianza e inyectar código en el proceso de arranque del dispositivo que podría ser ejecutado en cada arranque y mantendría la persistencia entre los reinicios

*Credits: N/A

CVSS Scores

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Local

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:Track*

Exploitation

None

Automatable

Tech. Impact

Total

* Organization's Worst-case Scenario

Timeline

2019-12-12 CVE Reserved
2020-10-21 CVE Published
2023-03-08 EPSS Updated
2024-11-13 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-693: Protection Mechanism Failure

CAPEC

References (1)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fxos-sbbp-XTuPkYTn	2020-10-28

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Cisco Search vendor "Cisco"	Firepower Extensible Operating System Search vendor "Cisco" for product "Firepower Extensible Operating System"	< 2.4.1.268 Search vendor "Cisco" for product "Firepower Extensible Operating System" and version " < 2.4.1.268"	-	Affected	in	Cisco Search vendor "Cisco"	Firepower 4110 Search vendor "Cisco" for product "Firepower 4110"	-	-	Safe
Cisco Search vendor "Cisco"	Firepower Extensible Operating System Search vendor "Cisco" for product "Firepower Extensible Operating System"	< 2.4.1.268 Search vendor "Cisco" for product "Firepower Extensible Operating System" and version " < 2.4.1.268"	-	Affected	in	Cisco Search vendor "Cisco"	Firepower 4112 Search vendor "Cisco" for product "Firepower 4112"	-	-	Safe
Cisco Search vendor "Cisco"	Firepower Extensible Operating System Search vendor "Cisco" for product "Firepower Extensible Operating System"	< 2.4.1.268 Search vendor "Cisco" for product "Firepower Extensible Operating System" and version " < 2.4.1.268"	-	Affected	in	Cisco Search vendor "Cisco"	Firepower 4115 Search vendor "Cisco" for product "Firepower 4115"	-	-	Safe
Cisco Search vendor "Cisco"	Firepower Extensible Operating System Search vendor "Cisco" for product "Firepower Extensible Operating System"	< 2.4.1.268 Search vendor "Cisco" for product "Firepower Extensible Operating System" and version " < 2.4.1.268"	-	Affected	in	Cisco Search vendor "Cisco"	Firepower 4120 Search vendor "Cisco" for product "Firepower 4120"	-	-	Safe
Cisco Search vendor "Cisco"	Firepower Extensible Operating System Search vendor "Cisco" for product "Firepower Extensible Operating System"	< 2.4.1.268 Search vendor "Cisco" for product "Firepower Extensible Operating System" and version " < 2.4.1.268"	-	Affected	in	Cisco Search vendor "Cisco"	Firepower 4125 Search vendor "Cisco" for product "Firepower 4125"	-	-	Safe
Cisco Search vendor "Cisco"	Firepower Extensible Operating System Search vendor "Cisco" for product "Firepower Extensible Operating System"	< 2.4.1.268 Search vendor "Cisco" for product "Firepower Extensible Operating System" and version " < 2.4.1.268"	-	Affected	in	Cisco Search vendor "Cisco"	Firepower 4140 Search vendor "Cisco" for product "Firepower 4140"	-	-	Safe
Cisco Search vendor "Cisco"	Firepower Extensible Operating System Search vendor "Cisco" for product "Firepower Extensible Operating System"	< 2.4.1.268 Search vendor "Cisco" for product "Firepower Extensible Operating System" and version " < 2.4.1.268"	-	Affected	in	Cisco Search vendor "Cisco"	Firepower 4145 Search vendor "Cisco" for product "Firepower 4145"	-	-	Safe
Cisco Search vendor "Cisco"	Firepower Extensible Operating System Search vendor "Cisco" for product "Firepower Extensible Operating System"	< 2.4.1.268 Search vendor "Cisco" for product "Firepower Extensible Operating System" and version " < 2.4.1.268"	-	Affected	in	Cisco Search vendor "Cisco"	Firepower 4150 Search vendor "Cisco" for product "Firepower 4150"	-	-	Safe
Cisco Search vendor "Cisco"	Firepower Extensible Operating System Search vendor "Cisco" for product "Firepower Extensible Operating System"	< 2.4.1.268 Search vendor "Cisco" for product "Firepower Extensible Operating System" and version " < 2.4.1.268"	-	Affected	in	Cisco Search vendor "Cisco"	Firepower 9300 Sm-24 Search vendor "Cisco" for product "Firepower 9300 Sm-24"	-	-	Safe
Cisco Search vendor "Cisco"	Firepower Extensible Operating System Search vendor "Cisco" for product "Firepower Extensible Operating System"	< 2.4.1.268 Search vendor "Cisco" for product "Firepower Extensible Operating System" and version " < 2.4.1.268"	-	Affected	in	Cisco Search vendor "Cisco"	Firepower 9300 Sm-36 Search vendor "Cisco" for product "Firepower 9300 Sm-36"	-	-	Safe
Cisco Search vendor "Cisco"	Firepower Extensible Operating System Search vendor "Cisco" for product "Firepower Extensible Operating System"	< 2.4.1.268 Search vendor "Cisco" for product "Firepower Extensible Operating System" and version " < 2.4.1.268"	-	Affected	in	Cisco Search vendor "Cisco"	Firepower 9300 Sm-40 Search vendor "Cisco" for product "Firepower 9300 Sm-40"	-	-	Safe
Cisco Search vendor "Cisco"	Firepower Extensible Operating System Search vendor "Cisco" for product "Firepower Extensible Operating System"	< 2.4.1.268 Search vendor "Cisco" for product "Firepower Extensible Operating System" and version " < 2.4.1.268"	-	Affected	in	Cisco Search vendor "Cisco"	Firepower 9300 Sm-44 Search vendor "Cisco" for product "Firepower 9300 Sm-44"	-	-	Safe
Cisco Search vendor "Cisco"	Firepower Extensible Operating System Search vendor "Cisco" for product "Firepower Extensible Operating System"	< 2.4.1.268 Search vendor "Cisco" for product "Firepower Extensible Operating System" and version " < 2.4.1.268"	-	Affected	in	Cisco Search vendor "Cisco"	Firepower 9300 Sm-44 X 3 Search vendor "Cisco" for product "Firepower 9300 Sm-44 X 3"	-	-	Safe
Cisco Search vendor "Cisco"	Firepower Extensible Operating System Search vendor "Cisco" for product "Firepower Extensible Operating System"	< 2.4.1.268 Search vendor "Cisco" for product "Firepower Extensible Operating System" and version " < 2.4.1.268"	-	Affected	in	Cisco Search vendor "Cisco"	Firepower 9300 Sm-48 Search vendor "Cisco" for product "Firepower 9300 Sm-48"	-	-	Safe
Cisco Search vendor "Cisco"	Firepower Extensible Operating System Search vendor "Cisco" for product "Firepower Extensible Operating System"	< 2.4.1.268 Search vendor "Cisco" for product "Firepower Extensible Operating System" and version " < 2.4.1.268"	-	Affected	in	Cisco Search vendor "Cisco"	Firepower 9300 Sm-56 Search vendor "Cisco" for product "Firepower 9300 Sm-56"	-	-	Safe
Cisco Search vendor "Cisco"	Firepower Extensible Operating System Search vendor "Cisco" for product "Firepower Extensible Operating System"	< 2.4.1.268 Search vendor "Cisco" for product "Firepower Extensible Operating System" and version " < 2.4.1.268"	-	Affected	in	Cisco Search vendor "Cisco"	Firepower 9300 Sm-56 X 3 Search vendor "Cisco" for product "Firepower 9300 Sm-56 X 3"	-	-	Safe
Cisco Search vendor "Cisco"	Firepower Extensible Operating System Search vendor "Cisco" for product "Firepower Extensible Operating System"	>= 2.6 < 2.6.1.214 Search vendor "Cisco" for product "Firepower Extensible Operating System" and version " >= 2.6 < 2.6.1.214"	-	Affected	in	Cisco Search vendor "Cisco"	Firepower 4110 Search vendor "Cisco" for product "Firepower 4110"	-	-	Safe
Cisco Search vendor "Cisco"	Firepower Extensible Operating System Search vendor "Cisco" for product "Firepower Extensible Operating System"	>= 2.6 < 2.6.1.214 Search vendor "Cisco" for product "Firepower Extensible Operating System" and version " >= 2.6 < 2.6.1.214"	-	Affected	in	Cisco Search vendor "Cisco"	Firepower 4112 Search vendor "Cisco" for product "Firepower 4112"	-	-	Safe
Cisco Search vendor "Cisco"	Firepower Extensible Operating System Search vendor "Cisco" for product "Firepower Extensible Operating System"	>= 2.6 < 2.6.1.214 Search vendor "Cisco" for product "Firepower Extensible Operating System" and version " >= 2.6 < 2.6.1.214"	-	Affected	in	Cisco Search vendor "Cisco"	Firepower 4115 Search vendor "Cisco" for product "Firepower 4115"	-	-	Safe
Cisco Search vendor "Cisco"	Firepower Extensible Operating System Search vendor "Cisco" for product "Firepower Extensible Operating System"	>= 2.6 < 2.6.1.214 Search vendor "Cisco" for product "Firepower Extensible Operating System" and version " >= 2.6 < 2.6.1.214"	-	Affected	in	Cisco Search vendor "Cisco"	Firepower 4120 Search vendor "Cisco" for product "Firepower 4120"	-	-	Safe
Cisco Search vendor "Cisco"	Firepower Extensible Operating System Search vendor "Cisco" for product "Firepower Extensible Operating System"	>= 2.6 < 2.6.1.214 Search vendor "Cisco" for product "Firepower Extensible Operating System" and version " >= 2.6 < 2.6.1.214"	-	Affected	in	Cisco Search vendor "Cisco"	Firepower 4125 Search vendor "Cisco" for product "Firepower 4125"	-	-	Safe
Cisco Search vendor "Cisco"	Firepower Extensible Operating System Search vendor "Cisco" for product "Firepower Extensible Operating System"	>= 2.6 < 2.6.1.214 Search vendor "Cisco" for product "Firepower Extensible Operating System" and version " >= 2.6 < 2.6.1.214"	-	Affected	in	Cisco Search vendor "Cisco"	Firepower 4140 Search vendor "Cisco" for product "Firepower 4140"	-	-	Safe
Cisco Search vendor "Cisco"	Firepower Extensible Operating System Search vendor "Cisco" for product "Firepower Extensible Operating System"	>= 2.6 < 2.6.1.214 Search vendor "Cisco" for product "Firepower Extensible Operating System" and version " >= 2.6 < 2.6.1.214"	-	Affected	in	Cisco Search vendor "Cisco"	Firepower 4145 Search vendor "Cisco" for product "Firepower 4145"	-	-	Safe
Cisco Search vendor "Cisco"	Firepower Extensible Operating System Search vendor "Cisco" for product "Firepower Extensible Operating System"	>= 2.6 < 2.6.1.214 Search vendor "Cisco" for product "Firepower Extensible Operating System" and version " >= 2.6 < 2.6.1.214"	-	Affected	in	Cisco Search vendor "Cisco"	Firepower 4150 Search vendor "Cisco" for product "Firepower 4150"	-	-	Safe
Cisco Search vendor "Cisco"	Firepower Extensible Operating System Search vendor "Cisco" for product "Firepower Extensible Operating System"	>= 2.6 < 2.6.1.214 Search vendor "Cisco" for product "Firepower Extensible Operating System" and version " >= 2.6 < 2.6.1.214"	-	Affected	in	Cisco Search vendor "Cisco"	Firepower 9300 Sm-24 Search vendor "Cisco" for product "Firepower 9300 Sm-24"	-	-	Safe
Cisco Search vendor "Cisco"	Firepower Extensible Operating System Search vendor "Cisco" for product "Firepower Extensible Operating System"	>= 2.6 < 2.6.1.214 Search vendor "Cisco" for product "Firepower Extensible Operating System" and version " >= 2.6 < 2.6.1.214"	-	Affected	in	Cisco Search vendor "Cisco"	Firepower 9300 Sm-36 Search vendor "Cisco" for product "Firepower 9300 Sm-36"	-	-	Safe
Cisco Search vendor "Cisco"	Firepower Extensible Operating System Search vendor "Cisco" for product "Firepower Extensible Operating System"	>= 2.6 < 2.6.1.214 Search vendor "Cisco" for product "Firepower Extensible Operating System" and version " >= 2.6 < 2.6.1.214"	-	Affected	in	Cisco Search vendor "Cisco"	Firepower 9300 Sm-40 Search vendor "Cisco" for product "Firepower 9300 Sm-40"	-	-	Safe
Cisco Search vendor "Cisco"	Firepower Extensible Operating System Search vendor "Cisco" for product "Firepower Extensible Operating System"	>= 2.6 < 2.6.1.214 Search vendor "Cisco" for product "Firepower Extensible Operating System" and version " >= 2.6 < 2.6.1.214"	-	Affected	in	Cisco Search vendor "Cisco"	Firepower 9300 Sm-44 Search vendor "Cisco" for product "Firepower 9300 Sm-44"	-	-	Safe
Cisco Search vendor "Cisco"	Firepower Extensible Operating System Search vendor "Cisco" for product "Firepower Extensible Operating System"	>= 2.6 < 2.6.1.214 Search vendor "Cisco" for product "Firepower Extensible Operating System" and version " >= 2.6 < 2.6.1.214"	-	Affected	in	Cisco Search vendor "Cisco"	Firepower 9300 Sm-44 X 3 Search vendor "Cisco" for product "Firepower 9300 Sm-44 X 3"	-	-	Safe
Cisco Search vendor "Cisco"	Firepower Extensible Operating System Search vendor "Cisco" for product "Firepower Extensible Operating System"	>= 2.6 < 2.6.1.214 Search vendor "Cisco" for product "Firepower Extensible Operating System" and version " >= 2.6 < 2.6.1.214"	-	Affected	in	Cisco Search vendor "Cisco"	Firepower 9300 Sm-48 Search vendor "Cisco" for product "Firepower 9300 Sm-48"	-	-	Safe
Cisco Search vendor "Cisco"	Firepower Extensible Operating System Search vendor "Cisco" for product "Firepower Extensible Operating System"	>= 2.6 < 2.6.1.214 Search vendor "Cisco" for product "Firepower Extensible Operating System" and version " >= 2.6 < 2.6.1.214"	-	Affected	in	Cisco Search vendor "Cisco"	Firepower 9300 Sm-56 Search vendor "Cisco" for product "Firepower 9300 Sm-56"	-	-	Safe
Cisco Search vendor "Cisco"	Firepower Extensible Operating System Search vendor "Cisco" for product "Firepower Extensible Operating System"	>= 2.6 < 2.6.1.214 Search vendor "Cisco" for product "Firepower Extensible Operating System" and version " >= 2.6 < 2.6.1.214"	-	Affected	in	Cisco Search vendor "Cisco"	Firepower 9300 Sm-56 X 3 Search vendor "Cisco" for product "Firepower 9300 Sm-56 X 3"	-	-	Safe
Cisco Search vendor "Cisco"	Firepower Extensible Operating System Search vendor "Cisco" for product "Firepower Extensible Operating System"	>= 2.7 < 2.7.1.131 Search vendor "Cisco" for product "Firepower Extensible Operating System" and version " >= 2.7 < 2.7.1.131"	-	Affected	in	Cisco Search vendor "Cisco"	Firepower 4110 Search vendor "Cisco" for product "Firepower 4110"	-	-	Safe
Cisco Search vendor "Cisco"	Firepower Extensible Operating System Search vendor "Cisco" for product "Firepower Extensible Operating System"	>= 2.7 < 2.7.1.131 Search vendor "Cisco" for product "Firepower Extensible Operating System" and version " >= 2.7 < 2.7.1.131"	-	Affected	in	Cisco Search vendor "Cisco"	Firepower 4112 Search vendor "Cisco" for product "Firepower 4112"	-	-	Safe
Cisco Search vendor "Cisco"	Firepower Extensible Operating System Search vendor "Cisco" for product "Firepower Extensible Operating System"	>= 2.7 < 2.7.1.131 Search vendor "Cisco" for product "Firepower Extensible Operating System" and version " >= 2.7 < 2.7.1.131"	-	Affected	in	Cisco Search vendor "Cisco"	Firepower 4115 Search vendor "Cisco" for product "Firepower 4115"	-	-	Safe
Cisco Search vendor "Cisco"	Firepower Extensible Operating System Search vendor "Cisco" for product "Firepower Extensible Operating System"	>= 2.7 < 2.7.1.131 Search vendor "Cisco" for product "Firepower Extensible Operating System" and version " >= 2.7 < 2.7.1.131"	-	Affected	in	Cisco Search vendor "Cisco"	Firepower 4120 Search vendor "Cisco" for product "Firepower 4120"	-	-	Safe
Cisco Search vendor "Cisco"	Firepower Extensible Operating System Search vendor "Cisco" for product "Firepower Extensible Operating System"	>= 2.7 < 2.7.1.131 Search vendor "Cisco" for product "Firepower Extensible Operating System" and version " >= 2.7 < 2.7.1.131"	-	Affected	in	Cisco Search vendor "Cisco"	Firepower 4125 Search vendor "Cisco" for product "Firepower 4125"	-	-	Safe
Cisco Search vendor "Cisco"	Firepower Extensible Operating System Search vendor "Cisco" for product "Firepower Extensible Operating System"	>= 2.7 < 2.7.1.131 Search vendor "Cisco" for product "Firepower Extensible Operating System" and version " >= 2.7 < 2.7.1.131"	-	Affected	in	Cisco Search vendor "Cisco"	Firepower 4140 Search vendor "Cisco" for product "Firepower 4140"	-	-	Safe
Cisco Search vendor "Cisco"	Firepower Extensible Operating System Search vendor "Cisco" for product "Firepower Extensible Operating System"	>= 2.7 < 2.7.1.131 Search vendor "Cisco" for product "Firepower Extensible Operating System" and version " >= 2.7 < 2.7.1.131"	-	Affected	in	Cisco Search vendor "Cisco"	Firepower 4145 Search vendor "Cisco" for product "Firepower 4145"	-	-	Safe
Cisco Search vendor "Cisco"	Firepower Extensible Operating System Search vendor "Cisco" for product "Firepower Extensible Operating System"	>= 2.7 < 2.7.1.131 Search vendor "Cisco" for product "Firepower Extensible Operating System" and version " >= 2.7 < 2.7.1.131"	-	Affected	in	Cisco Search vendor "Cisco"	Firepower 4150 Search vendor "Cisco" for product "Firepower 4150"	-	-	Safe
Cisco Search vendor "Cisco"	Firepower Extensible Operating System Search vendor "Cisco" for product "Firepower Extensible Operating System"	>= 2.7 < 2.7.1.131 Search vendor "Cisco" for product "Firepower Extensible Operating System" and version " >= 2.7 < 2.7.1.131"	-	Affected	in	Cisco Search vendor "Cisco"	Firepower 9300 Sm-24 Search vendor "Cisco" for product "Firepower 9300 Sm-24"	-	-	Safe
Cisco Search vendor "Cisco"	Firepower Extensible Operating System Search vendor "Cisco" for product "Firepower Extensible Operating System"	>= 2.7 < 2.7.1.131 Search vendor "Cisco" for product "Firepower Extensible Operating System" and version " >= 2.7 < 2.7.1.131"	-	Affected	in	Cisco Search vendor "Cisco"	Firepower 9300 Sm-36 Search vendor "Cisco" for product "Firepower 9300 Sm-36"	-	-	Safe
Cisco Search vendor "Cisco"	Firepower Extensible Operating System Search vendor "Cisco" for product "Firepower Extensible Operating System"	>= 2.7 < 2.7.1.131 Search vendor "Cisco" for product "Firepower Extensible Operating System" and version " >= 2.7 < 2.7.1.131"	-	Affected	in	Cisco Search vendor "Cisco"	Firepower 9300 Sm-40 Search vendor "Cisco" for product "Firepower 9300 Sm-40"	-	-	Safe
Cisco Search vendor "Cisco"	Firepower Extensible Operating System Search vendor "Cisco" for product "Firepower Extensible Operating System"	>= 2.7 < 2.7.1.131 Search vendor "Cisco" for product "Firepower Extensible Operating System" and version " >= 2.7 < 2.7.1.131"	-	Affected	in	Cisco Search vendor "Cisco"	Firepower 9300 Sm-44 Search vendor "Cisco" for product "Firepower 9300 Sm-44"	-	-	Safe
Cisco Search vendor "Cisco"	Firepower Extensible Operating System Search vendor "Cisco" for product "Firepower Extensible Operating System"	>= 2.7 < 2.7.1.131 Search vendor "Cisco" for product "Firepower Extensible Operating System" and version " >= 2.7 < 2.7.1.131"	-	Affected	in	Cisco Search vendor "Cisco"	Firepower 9300 Sm-44 X 3 Search vendor "Cisco" for product "Firepower 9300 Sm-44 X 3"	-	-	Safe
Cisco Search vendor "Cisco"	Firepower Extensible Operating System Search vendor "Cisco" for product "Firepower Extensible Operating System"	>= 2.7 < 2.7.1.131 Search vendor "Cisco" for product "Firepower Extensible Operating System" and version " >= 2.7 < 2.7.1.131"	-	Affected	in	Cisco Search vendor "Cisco"	Firepower 9300 Sm-48 Search vendor "Cisco" for product "Firepower 9300 Sm-48"	-	-	Safe
Cisco Search vendor "Cisco"	Firepower Extensible Operating System Search vendor "Cisco" for product "Firepower Extensible Operating System"	>= 2.7 < 2.7.1.131 Search vendor "Cisco" for product "Firepower Extensible Operating System" and version " >= 2.7 < 2.7.1.131"	-	Affected	in	Cisco Search vendor "Cisco"	Firepower 9300 Sm-56 Search vendor "Cisco" for product "Firepower 9300 Sm-56"	-	-	Safe
Cisco Search vendor "Cisco"	Firepower Extensible Operating System Search vendor "Cisco" for product "Firepower Extensible Operating System"	>= 2.7 < 2.7.1.131 Search vendor "Cisco" for product "Firepower Extensible Operating System" and version " >= 2.7 < 2.7.1.131"	-	Affected	in	Cisco Search vendor "Cisco"	Firepower 9300 Sm-56 X 3 Search vendor "Cisco" for product "Firepower 9300 Sm-56 X 3"	-	-	Safe