5.9
CVE-2024-20265
- EPSS 0.02%
- Published 27.03.2024 17:15:51
- Last modified 21.11.2024 08:52:09
- Source psirt@cisco.com
- Teams watchlist Login
- Open Login
A vulnerability in the boot process of Cisco Access Point (AP) Software could allow an unauthenticated, physical attacker to bypass the Cisco Secure Boot functionality and load a software image that has been tampered with on an affected device. This vulnerability exists because unnecessary commands are available during boot time at the physical console. An attacker could exploit this vulnerability by interrupting the boot process and executing specific commands to bypass the Cisco Secure Boot validation checks and load an image that has been tampered with. This image would have been previously downloaded onto the targeted device. A successful exploit could allow the attacker to load the image once. The Cisco Secure Boot functionality is not permanently compromised.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
This information is available to logged-in users. Login
Daten sind bereitgestellt durch das CVE Programm von Authorized Data Publishers (ADP) (Unstrukturiert)
Vendorcisco
≫
Product
aironet_access_point_software
Default Statusunknown
Version <=
8.10.185.0
Version
8.2.100.0
Status
affected
Vendorcisco
≫
Product
business_wireless_access_point_software
Default Statusunknown
Version <=
10.8.1.0
Version
10.0.1.0
Status
affected
Vendorcisco
≫
Product
aironet_access_point_software
Default Statusunknown
Version <=
17.11.1
Version
16.10.1
Status
affected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.02% | 0.021 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| psirt@cisco.com | 5.9 | 0.7 | 5.2 |
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
|
CWE-501 Trust Boundary Violation
The product mixes trusted and untrusted data in the same data structure or structured message.