CVE-2024-20456

Severity Score

6.7

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track*

*SSVC

Descriptions

A vulnerability in the boot process of Cisco IOS XR Software could allow an authenticated, local attacker with high privileges to bypass the Cisco Secure Boot functionality and load unverified software on an affected device. To exploit this successfully, the attacker must have root-system privileges on the affected device.
This vulnerability is due to an error in the software build process. An attacker could exploit this vulnerability by manipulating the system’s configuration options to bypass some of the integrity checks that are performed during the booting process. A successful exploit could allow the attacker to control the boot configuration, which could enable them to bypass of the requirement to run Cisco signed images or alter the security properties of the running system.

Una vulnerabilidad en el proceso de arranque del software Cisco IOS XR podría permitir que un atacante local autenticado con altos privilegios omita la funcionalidad de arranque seguro de Cisco y cargue software no verificado en un dispositivo afectado. Para aprovechar esto con éxito, el atacante debe tener privilegios de system root en el dispositivo afectado. Esta vulnerabilidad se debe a un error en el proceso de compilación del software. Un atacante podría aprovechar esta vulnerabilidad manipulando las opciones de configuración del sistema para omitir algunas de las comprobaciones de integridad que se realizan durante el proceso de arranque. Un exploit exitoso podría permitir al atacante controlar la configuración de arranque, lo que podría permitirle eludir el requisito de ejecutar imágenes firmadas de Cisco o alterar las propiedades de seguridad del sistema en ejecución.

*Credits: N/A

CVSS Scores

Ciscov3.1 6.7

Attack Vector

Local

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:Track*

Exploitation

None

Automatable

Tech. Impact

Total

* Organization's Worst-case Scenario

Timeline

2023-11-08 CVE Reserved
2024-07-10 CVE Published
2024-07-11 EPSS Updated
2024-08-01 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-732: Incorrect Permission Assignment for Critical Resource

CAPEC

References (1)

URL	Tag	Source
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xr-secure-boot-quD5g8Ap

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Cisco Search vendor "Cisco"		Cisco IOS XR Software Search vendor "Cisco" for product "Cisco IOS XR Software"				24.2.1 Search vendor "Cisco" for product "Cisco IOS XR Software" and version "24.2.1"		en		Affected