4.6
CVE-2023-20064
- EPSS 0.11%
- Published 09.03.2023 22:15:52
- Last modified 21.11.2024 07:40:28
- Source psirt@cisco.com
- Teams watchlist Login
- Open Login
A vulnerability in the GRand Unified Bootloader (GRUB) for Cisco IOS XR Software could allow an unauthenticated attacker with physical access to the device to view sensitive files on the console using the GRUB bootloader command line. This vulnerability is due to the inclusion of unnecessary commands within the GRUB environment that allow sensitive files to be viewed. An attacker could exploit this vulnerability by being connected to the console port of the Cisco IOS XR device when the device is power-cycled. A successful exploit could allow the attacker to view sensitive files that could be used to conduct additional attacks against the device.
Data is provided by the National Vulnerability Database (NVD)
Cisco ≫ Ios Xr Version < 7.9.1
Cisco ≫ Asr 9000v-v2 Version- HwPlatformx64
Cisco ≫ Asr 9001 Version- HwPlatformx64
Cisco ≫ Asr 9006 Version- HwPlatformx64
Cisco ≫ Asr 9010 Version- HwPlatformx64
Cisco ≫ Asr 9901 Version- HwPlatformx64
Cisco ≫ Asr 9902 Version- HwPlatformx64
Cisco ≫ Asr 9903 Version- HwPlatformx64
Cisco ≫ Asr 9904 Version- HwPlatformx64
Cisco ≫ Asr 9906 Version- HwPlatformx64
Cisco ≫ Asr 9910 Version- HwPlatformx64
Cisco ≫ Asr 9912 Version- HwPlatformx64
Cisco ≫ Asr 9922 Version- HwPlatformx64
Cisco ≫ Ios Xrv 9000 Version-
Cisco ≫ Ncs 1001 Version-
Cisco ≫ Ncs 1002 Version-
Cisco ≫ Ncs 1004 Version-
Cisco ≫ Asr 9001 Version- HwPlatformx64
Cisco ≫ Asr 9006 Version- HwPlatformx64
Cisco ≫ Asr 9010 Version- HwPlatformx64
Cisco ≫ Asr 9901 Version- HwPlatformx64
Cisco ≫ Asr 9902 Version- HwPlatformx64
Cisco ≫ Asr 9903 Version- HwPlatformx64
Cisco ≫ Asr 9904 Version- HwPlatformx64
Cisco ≫ Asr 9906 Version- HwPlatformx64
Cisco ≫ Asr 9910 Version- HwPlatformx64
Cisco ≫ Asr 9912 Version- HwPlatformx64
Cisco ≫ Asr 9922 Version- HwPlatformx64
Cisco ≫ Ios Xrv 9000 Version-
Cisco ≫ Ncs 1001 Version-
Cisco ≫ Ncs 1002 Version-
Cisco ≫ Ncs 1004 Version-
Cisco ≫ Ios Xr Version < 7.6.1
Cisco ≫ Nc57-18dd-se Version-
Cisco ≫ Nc57-24dd Version-
Cisco ≫ Nc57-36h-se Version-
Cisco ≫ Nc57-36h6d-s Version-
Cisco ≫ Ncs 540 Version-
Cisco ≫ Ncs 540 Fronthaul Version-
Cisco ≫ Ncs 5501 Version-
Cisco ≫ Ncs 5501-se Version-
Cisco ≫ Ncs 5502 Version-
Cisco ≫ Ncs 5502-se Version-
Cisco ≫ Ncs 5508 Version-
Cisco ≫ Ncs 5516 Version-
Cisco ≫ Ncs 560-4 Version-
Cisco ≫ Ncs 560-7 Version-
Cisco ≫ Ncs 57b1-5dse-sys Version-
Cisco ≫ Ncs 57b1-6d24-sys Version-
Cisco ≫ Ncs 57c1-48q6-sys Version-
Cisco ≫ Ncs 57c3-mod-sys Version-
Cisco ≫ Ncs 57c3-mods-sys Version-
Cisco ≫ Nc57-24dd Version-
Cisco ≫ Nc57-36h-se Version-
Cisco ≫ Nc57-36h6d-s Version-
Cisco ≫ Ncs 540 Version-
Cisco ≫ Ncs 540 Fronthaul Version-
Cisco ≫ Ncs 5501 Version-
Cisco ≫ Ncs 5501-se Version-
Cisco ≫ Ncs 5502 Version-
Cisco ≫ Ncs 5502-se Version-
Cisco ≫ Ncs 5508 Version-
Cisco ≫ Ncs 5516 Version-
Cisco ≫ Ncs 560-4 Version-
Cisco ≫ Ncs 560-7 Version-
Cisco ≫ Ncs 57b1-5dse-sys Version-
Cisco ≫ Ncs 57b1-6d24-sys Version-
Cisco ≫ Ncs 57c1-48q6-sys Version-
Cisco ≫ Ncs 57c3-mod-sys Version-
Cisco ≫ Ncs 57c3-mods-sys Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.11% | 0.302 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 4.6 | 0.9 | 3.6 |
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
| psirt@cisco.com | 4.6 | 0.9 | 3.6 |
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
CWE-862 Missing Authorization
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.