5.9

CVE-2024-20265

A vulnerability in the boot process of Cisco Access Point (AP) Software could allow an unauthenticated, physical attacker to bypass the Cisco Secure Boot functionality and load a software image that has been tampered with on an affected device.

 This vulnerability exists because unnecessary commands are available during boot time at the physical console. An attacker could exploit this vulnerability by interrupting the boot process and executing specific commands to bypass the Cisco Secure Boot validation checks and load an image that has been tampered with. This image would have been previously downloaded onto the targeted device. A successful exploit could allow the attacker to load the image once. The Cisco Secure Boot functionality is not permanently compromised.

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung.
Daten sind bereitgestellt durch das CVE Programm von Authorized Data Publishers (ADP) (Unstrukturiert)
Herstellercisco
Produkt aironet_access_point_software
Default Statusunknown
Version <= 8.10.185.0
Version 8.2.100.0
Status affected
Herstellercisco
Produkt business_wireless_access_point_software
Default Statusunknown
Version <= 10.8.1.0
Version 10.0.1.0
Status affected
Herstellercisco
Produkt aironet_access_point_software
Default Statusunknown
Version <= 17.11.1
Version 16.10.1
Status affected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.02% 0.021
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
psirt@cisco.com 5.9 0.7 5.2
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
CWE-501 Trust Boundary Violation

The product mixes trusted and untrusted data in the same data structure or structured message.