A vulnerability in the iPXE boot function of Cisco IOS XR software could allow an authenticated, local attacker to install an unverified software image on an affected device. This vulnerability is due to insufficient image verification. An attacker could exploit this vulnerability by manipulating the boot parameters for image verification during the iPXE boot process on an affected device. A successful exploit could allow the attacker to boot an unverified software image on the affected device.
History

Wed, 23 Oct 2024 19:15:00 +0000

Type Values Removed Values Added
First Time appeared Cisco ios Xr Software
CPEs cpe:2.3:o:cisco:ios_xr_software:*:*:*:*:*:*:*:*
Vendors & Products Cisco ios Xr Software
Metrics ssvc

{'options': {'Automatable': 'No', 'Exploitation': 'None', 'Technical Impact': 'Total'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: cisco

Published: 2023-09-13T16:39:19.418Z

Updated: 2024-10-23T19:10:48.388Z

Reserved: 2022-10-27T18:47:50.370Z

Link: CVE-2023-20236

cve-icon Vulnrichment

Updated: 2024-08-02T09:05:35.905Z

cve-icon NVD

Status : Modified

Published: 2023-09-13T17:15:09.607

Modified: 2024-11-21T07:40:57.700

Link: CVE-2023-20236

cve-icon Redhat

No data.