4.6

CVE-2023-20064

A vulnerability in the GRand Unified Bootloader (GRUB) for Cisco IOS XR Software could allow an unauthenticated attacker with physical access to the device to view sensitive files on the console using the GRUB bootloader command line. This vulnerability is due to the inclusion of unnecessary commands within the GRUB environment that allow sensitive files to be viewed. An attacker could exploit this vulnerability by being connected to the console port of the Cisco IOS XR device when the device is power-cycled. A successful exploit could allow the attacker to view sensitive files that could be used to conduct additional attacks against the device.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
CiscoIos Xr Version < 7.9.1
   CiscoAsr 9000v-v2 Version- HwPlatformx64
   CiscoAsr 9001 Version- HwPlatformx64
   CiscoAsr 9006 Version- HwPlatformx64
   CiscoAsr 9010 Version- HwPlatformx64
   CiscoAsr 9901 Version- HwPlatformx64
   CiscoAsr 9902 Version- HwPlatformx64
   CiscoAsr 9903 Version- HwPlatformx64
   CiscoAsr 9904 Version- HwPlatformx64
   CiscoAsr 9906 Version- HwPlatformx64
   CiscoAsr 9910 Version- HwPlatformx64
   CiscoAsr 9912 Version- HwPlatformx64
   CiscoAsr 9922 Version- HwPlatformx64
   CiscoIos Xrv 9000 Version-
   CiscoNcs 1001 Version-
   CiscoNcs 1002 Version-
   CiscoNcs 1004 Version-
CiscoIos Xr Version < 7.6.1
   CiscoNc57-18dd-se Version-
   CiscoNc57-24dd Version-
   CiscoNc57-36h-se Version-
   CiscoNc57-36h6d-s Version-
   CiscoNcs 540 Version-
   CiscoNcs 540 Fronthaul Version-
   CiscoNcs 5501 Version-
   CiscoNcs 5501-se Version-
   CiscoNcs 5502 Version-
   CiscoNcs 5502-se Version-
   CiscoNcs 5508 Version-
   CiscoNcs 5516 Version-
   CiscoNcs 560-4 Version-
   CiscoNcs 560-7 Version-
   CiscoNcs 57b1-5dse-sys Version-
   CiscoNcs 57b1-6d24-sys Version-
   CiscoNcs 57c1-48q6-sys Version-
   CiscoNcs 57c3-mod-sys Version-
   CiscoNcs 57c3-mods-sys Version-
CiscoIos Xr Version < 7.7.1
   CiscoNcs 5001 Version-
   CiscoNcs 5002 Version-
   CiscoNcs 5011 Version-
CiscoIos Xr
   CiscoNcs 6000 Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.11% 0.302
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.6 0.9 3.6
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
psirt@cisco.com 4.6 0.9 3.6
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE-862 Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.