CVE-2023-20236
Severity Score
7.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Track*
*SSVC
Descriptions
A vulnerability in the iPXE boot function of Cisco IOS XR software could allow an authenticated, local attacker to install an unverified software image on an affected device.
This vulnerability is due to insufficient image verification. An attacker could exploit this vulnerability by manipulating the boot parameters for image verification during the iPXE boot process on an affected device. A successful exploit could allow the attacker to boot an unverified software image on the affected device.
Una vulnerabilidad en la función de arranque iPXE del software Cisco IOS XR podría permitir que un atacante local autenticado instale una imagen de software no verificada en un dispositivo afectado. Esta vulnerabilidad se debe a una verificación de imagen insuficiente. Un atacante podría aprovechar esta vulnerabilidad manipulando los parámetros de arranque para la verificación de imágenes durante el proceso de arranque iPXE en un dispositivo afectado. Una explotación exitosa podría permitir al atacante iniciar una imagen de software no verificada en el dispositivo afectado.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Track*
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2022-10-27 CVE Reserved
- 2023-09-13 CVE Published
- 2023-09-14 EPSS Updated
- 2024-10-23 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-345: Insufficient Verification of Data Authenticity
- CWE-347: Improper Verification of Cryptographic Signature
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Cisco Search vendor "Cisco" | Ios Xr Search vendor "Cisco" for product "Ios Xr" | < 7.10.1 Search vendor "Cisco" for product "Ios Xr" and version " < 7.10.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | 8201 Search vendor "Cisco" for product "8201" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xr Search vendor "Cisco" for product "Ios Xr" | < 7.10.1 Search vendor "Cisco" for product "Ios Xr" and version " < 7.10.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | 8202 Search vendor "Cisco" for product "8202" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xr Search vendor "Cisco" for product "Ios Xr" | < 7.10.1 Search vendor "Cisco" for product "Ios Xr" and version " < 7.10.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | 8208 Search vendor "Cisco" for product "8208" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xr Search vendor "Cisco" for product "Ios Xr" | < 7.10.1 Search vendor "Cisco" for product "Ios Xr" and version " < 7.10.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | 8212 Search vendor "Cisco" for product "8212" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xr Search vendor "Cisco" for product "Ios Xr" | < 7.10.1 Search vendor "Cisco" for product "Ios Xr" and version " < 7.10.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | 8218 Search vendor "Cisco" for product "8218" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xr Search vendor "Cisco" for product "Ios Xr" | < 7.10.1 Search vendor "Cisco" for product "Ios Xr" and version " < 7.10.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | 8804 Search vendor "Cisco" for product "8804" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xr Search vendor "Cisco" for product "Ios Xr" | < 7.10.1 Search vendor "Cisco" for product "Ios Xr" and version " < 7.10.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | 8808 Search vendor "Cisco" for product "8808" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xr Search vendor "Cisco" for product "Ios Xr" | < 7.10.1 Search vendor "Cisco" for product "Ios Xr" and version " < 7.10.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | 8812 Search vendor "Cisco" for product "8812" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xr Search vendor "Cisco" for product "Ios Xr" | < 7.10.1 Search vendor "Cisco" for product "Ios Xr" and version " < 7.10.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | 8818 Search vendor "Cisco" for product "8818" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xr Search vendor "Cisco" for product "Ios Xr" | < 7.10.1 Search vendor "Cisco" for product "Ios Xr" and version " < 7.10.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | 8831 Search vendor "Cisco" for product "8831" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xr Search vendor "Cisco" for product "Ios Xr" | < 7.10.1 Search vendor "Cisco" for product "Ios Xr" and version " < 7.10.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | Asr 9000 Search vendor "Cisco" for product "Asr 9000" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xr Search vendor "Cisco" for product "Ios Xr" | < 7.10.1 Search vendor "Cisco" for product "Ios Xr" and version " < 7.10.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | Asr 9000v Search vendor "Cisco" for product "Asr 9000v" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xr Search vendor "Cisco" for product "Ios Xr" | < 7.10.1 Search vendor "Cisco" for product "Ios Xr" and version " < 7.10.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | Asr 9001 Search vendor "Cisco" for product "Asr 9001" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xr Search vendor "Cisco" for product "Ios Xr" | < 7.10.1 Search vendor "Cisco" for product "Ios Xr" and version " < 7.10.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | Asr 9006 Search vendor "Cisco" for product "Asr 9006" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xr Search vendor "Cisco" for product "Ios Xr" | < 7.10.1 Search vendor "Cisco" for product "Ios Xr" and version " < 7.10.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | Asr 9010 Search vendor "Cisco" for product "Asr 9010" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xr Search vendor "Cisco" for product "Ios Xr" | < 7.10.1 Search vendor "Cisco" for product "Ios Xr" and version " < 7.10.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | Asr 9901 Search vendor "Cisco" for product "Asr 9901" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xr Search vendor "Cisco" for product "Ios Xr" | < 7.10.1 Search vendor "Cisco" for product "Ios Xr" and version " < 7.10.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | Asr 9902 Search vendor "Cisco" for product "Asr 9902" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xr Search vendor "Cisco" for product "Ios Xr" | < 7.10.1 Search vendor "Cisco" for product "Ios Xr" and version " < 7.10.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | Asr 9903 Search vendor "Cisco" for product "Asr 9903" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xr Search vendor "Cisco" for product "Ios Xr" | < 7.10.1 Search vendor "Cisco" for product "Ios Xr" and version " < 7.10.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | Asr 9904 Search vendor "Cisco" for product "Asr 9904" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xr Search vendor "Cisco" for product "Ios Xr" | < 7.10.1 Search vendor "Cisco" for product "Ios Xr" and version " < 7.10.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | Asr 9906 Search vendor "Cisco" for product "Asr 9906" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xr Search vendor "Cisco" for product "Ios Xr" | < 7.10.1 Search vendor "Cisco" for product "Ios Xr" and version " < 7.10.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | Asr 9910 Search vendor "Cisco" for product "Asr 9910" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xr Search vendor "Cisco" for product "Ios Xr" | < 7.10.1 Search vendor "Cisco" for product "Ios Xr" and version " < 7.10.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | Asr 9912 Search vendor "Cisco" for product "Asr 9912" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xr Search vendor "Cisco" for product "Ios Xr" | < 7.10.1 Search vendor "Cisco" for product "Ios Xr" and version " < 7.10.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | Asr 9920 Search vendor "Cisco" for product "Asr 9920" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xr Search vendor "Cisco" for product "Ios Xr" | < 7.10.1 Search vendor "Cisco" for product "Ios Xr" and version " < 7.10.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | Asr 9922 Search vendor "Cisco" for product "Asr 9922" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xr Search vendor "Cisco" for product "Ios Xr" | < 7.10.1 Search vendor "Cisco" for product "Ios Xr" and version " < 7.10.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ncs 1001 Search vendor "Cisco" for product "Ncs 1001" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xr Search vendor "Cisco" for product "Ios Xr" | < 7.10.1 Search vendor "Cisco" for product "Ios Xr" and version " < 7.10.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ncs 1002 Search vendor "Cisco" for product "Ncs 1002" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xr Search vendor "Cisco" for product "Ios Xr" | < 7.10.1 Search vendor "Cisco" for product "Ios Xr" and version " < 7.10.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ncs 1004 Search vendor "Cisco" for product "Ncs 1004" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xr Search vendor "Cisco" for product "Ios Xr" | < 7.10.1 Search vendor "Cisco" for product "Ios Xr" and version " < 7.10.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ncs 4009 Search vendor "Cisco" for product "Ncs 4009" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xr Search vendor "Cisco" for product "Ios Xr" | < 7.10.1 Search vendor "Cisco" for product "Ios Xr" and version " < 7.10.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ncs 4016 Search vendor "Cisco" for product "Ncs 4016" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xr Search vendor "Cisco" for product "Ios Xr" | < 7.10.1 Search vendor "Cisco" for product "Ios Xr" and version " < 7.10.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ncs 4201 Search vendor "Cisco" for product "Ncs 4201" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xr Search vendor "Cisco" for product "Ios Xr" | < 7.10.1 Search vendor "Cisco" for product "Ios Xr" and version " < 7.10.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ncs 4202 Search vendor "Cisco" for product "Ncs 4202" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xr Search vendor "Cisco" for product "Ios Xr" | < 7.10.1 Search vendor "Cisco" for product "Ios Xr" and version " < 7.10.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ncs 4206 Search vendor "Cisco" for product "Ncs 4206" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xr Search vendor "Cisco" for product "Ios Xr" | < 7.10.1 Search vendor "Cisco" for product "Ios Xr" and version " < 7.10.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ncs 4216 Search vendor "Cisco" for product "Ncs 4216" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xr Search vendor "Cisco" for product "Ios Xr" | < 7.10.1 Search vendor "Cisco" for product "Ios Xr" and version " < 7.10.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ncs 5001 Search vendor "Cisco" for product "Ncs 5001" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xr Search vendor "Cisco" for product "Ios Xr" | < 7.10.1 Search vendor "Cisco" for product "Ios Xr" and version " < 7.10.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ncs 5002 Search vendor "Cisco" for product "Ncs 5002" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xr Search vendor "Cisco" for product "Ios Xr" | < 7.10.1 Search vendor "Cisco" for product "Ios Xr" and version " < 7.10.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ncs 5011 Search vendor "Cisco" for product "Ncs 5011" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xr Search vendor "Cisco" for product "Ios Xr" | < 7.10.1 Search vendor "Cisco" for product "Ios Xr" and version " < 7.10.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ncs 540 Search vendor "Cisco" for product "Ncs 540" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xr Search vendor "Cisco" for product "Ios Xr" | < 7.10.1 Search vendor "Cisco" for product "Ios Xr" and version " < 7.10.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ncs 5500 Search vendor "Cisco" for product "Ncs 5500" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xr Search vendor "Cisco" for product "Ios Xr" | < 7.10.1 Search vendor "Cisco" for product "Ios Xr" and version " < 7.10.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ncs 5501 Search vendor "Cisco" for product "Ncs 5501" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xr Search vendor "Cisco" for product "Ios Xr" | < 7.10.1 Search vendor "Cisco" for product "Ios Xr" and version " < 7.10.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ncs 5501 Search vendor "Cisco" for product "Ncs 5501" | se Search vendor "Cisco" for product "Ncs 5501" and version "se" | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xr Search vendor "Cisco" for product "Ios Xr" | < 7.10.1 Search vendor "Cisco" for product "Ios Xr" and version " < 7.10.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ncs 5502 Search vendor "Cisco" for product "Ncs 5502" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xr Search vendor "Cisco" for product "Ios Xr" | < 7.10.1 Search vendor "Cisco" for product "Ios Xr" and version " < 7.10.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ncs 5502 Search vendor "Cisco" for product "Ncs 5502" | se Search vendor "Cisco" for product "Ncs 5502" and version "se" | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xr Search vendor "Cisco" for product "Ios Xr" | < 7.10.1 Search vendor "Cisco" for product "Ios Xr" and version " < 7.10.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ncs 5504 Search vendor "Cisco" for product "Ncs 5504" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xr Search vendor "Cisco" for product "Ios Xr" | < 7.10.1 Search vendor "Cisco" for product "Ios Xr" and version " < 7.10.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ncs 5508 Search vendor "Cisco" for product "Ncs 5508" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xr Search vendor "Cisco" for product "Ios Xr" | < 7.10.1 Search vendor "Cisco" for product "Ios Xr" and version " < 7.10.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ncs 5516 Search vendor "Cisco" for product "Ncs 5516" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xr Search vendor "Cisco" for product "Ios Xr" | < 7.10.1 Search vendor "Cisco" for product "Ios Xr" and version " < 7.10.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ncs 560 Search vendor "Cisco" for product "Ncs 560" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xr Search vendor "Cisco" for product "Ios Xr" | < 7.10.1 Search vendor "Cisco" for product "Ios Xr" and version " < 7.10.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ncs 560-4 Search vendor "Cisco" for product "Ncs 560-4" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xr Search vendor "Cisco" for product "Ios Xr" | < 7.10.1 Search vendor "Cisco" for product "Ios Xr" and version " < 7.10.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ncs 560-7 Search vendor "Cisco" for product "Ncs 560-7" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xr Search vendor "Cisco" for product "Ios Xr" | < 7.10.1 Search vendor "Cisco" for product "Ios Xr" and version " < 7.10.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ncs 57b1-5dse-sys Search vendor "Cisco" for product "Ncs 57b1-5dse-sys" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xr Search vendor "Cisco" for product "Ios Xr" | < 7.10.1 Search vendor "Cisco" for product "Ios Xr" and version " < 7.10.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ncs 57b1-6d24-sys Search vendor "Cisco" for product "Ncs 57b1-6d24-sys" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xr Search vendor "Cisco" for product "Ios Xr" | < 7.10.1 Search vendor "Cisco" for product "Ios Xr" and version " < 7.10.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ncs 57c1-48q6-sys Search vendor "Cisco" for product "Ncs 57c1-48q6-sys" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xr Search vendor "Cisco" for product "Ios Xr" | < 7.10.1 Search vendor "Cisco" for product "Ios Xr" and version " < 7.10.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ncs 57c3-mod-sys Search vendor "Cisco" for product "Ncs 57c3-mod-sys" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xr Search vendor "Cisco" for product "Ios Xr" | < 7.10.1 Search vendor "Cisco" for product "Ios Xr" and version " < 7.10.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ncs 57c3-mods-sys Search vendor "Cisco" for product "Ncs 57c3-mods-sys" | - | - |
Safe
|