CVE-2024-20456

MEDIUM EPSS 8.9%

Published Jul 10, 20241y ago · Modified Jun 17, 20261w ago

6.7 CVSS 3.1

Medium

Published Jul 10, 2024 1y ago

Last Modified Jun 17, 2026 1w ago

Description

A vulnerability in the boot process of Cisco IOS XR Software could allow an authenticated, local attacker with high privileges to bypass the Cisco Secure Boot functionality and load unverified software on an affected device. To exploit this successfully, the attacker must have root-system privileges on the affected device. This vulnerability is due to an error in the software build process. An attacker could exploit this vulnerability by manipulating the system’s configuration options to bypass some of the integrity checks that are performed during the booting process. A successful exploit could allow the attacker to control the boot configuration, which could enable them to bypass of the requirement to run Cisco signed images or alter the security properties of the running system.

CVSS Details

Base Score

6.7

Exploitability

0.8

Impact

5.9

Vector string

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Attack Vector Local

Attack Complexity Low

Privileges Required High

User Interaction None

Scope Unchanged

Confidentiality High

Integrity High

Availability High

Threat Intelligence

EPSS Exploit Probability

8.9% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

Weaknesses 1

CWE-732

Affected Products 59

Vendor	Product	Version	Range
cisco	ios_xr	24.2.1	any
cisco	8011-4g24y4h-i	*	any
cisco	8101-32fh	*	any
cisco	8101-32fh-o	*	any
cisco	8101-32h-o	*	any
cisco	8102-28fh-dpu-o	*	any
cisco	8102-64h	*	any
cisco	8102-64h-o	*	any
cisco	8111-32eh-o	*	any
cisco	8122-64eh-o	*	any
cisco	8122-64ehf-o	*	any
cisco	8201	*	any
cisco	8201-24h8fh	*	any
cisco	8201-32fh	*	any
cisco	8201-32fh-o	*	any
cisco	8202	*	any
cisco	8202-32fh-m	*	any
cisco	8212-48fh-m	*	any
cisco	8404	*	any
cisco	8501-sys-mt	*	any
cisco	8608	*	any
cisco	8700	*	any
cisco	8711-32fh-m	*	any
cisco	8712-mod-m	*	any
cisco	8804	*	any
cisco	8808	*	any
cisco	8812	*	any
cisco	8818	*	any
cisco	ncs_1010	*	any
cisco	ncs_1014	*	any
cisco	ncs_540-12z20g-sys-a	*	any
cisco	ncs_540-12z20g-sys-d	*	any
cisco	ncs_540-24q2c2dd-sys	*	any
cisco	ncs_540-24q8l2dd-sys	*	any
cisco	ncs_540-24z8q2c-sys	*	any
cisco	ncs_540-28z4c-sys-a	*	any
cisco	ncs_540-28z4c-sys-d	*	any
cisco	ncs_540-6z14s-sys-d	*	any
cisco	ncs_540-6z18g-sys-a	*	any
cisco	ncs_540-6z18g-sys-d	*	any
cisco	ncs_540-acc-sys	*	any
cisco	ncs_540-fh-agg	*	any
cisco	ncs_540-fh-csr-sys	*	any
cisco	ncs_540x-12z16g-sys-a	*	any
cisco	ncs_540x-12z16g-sys-d	*	any
cisco	ncs_540x-16z4g8q2c-a	*	any
cisco	ncs_540x-16z4g8q2c-d	*	any
cisco	ncs_540x-16z8q2c-d	*	any
cisco	ncs_540x-4z14g2q-a	*	any
cisco	ncs_540x-4z14g2q-d	*	any
cisco	ncs_540x-6z18g-sys-a	*	any
cisco	ncs_540x-6z18g-sys-d	*	any
cisco	ncs_540x-8z16g-sys-a	*	any
cisco	ncs_540x-8z16g-sys-d	*	any
cisco	ncs_540x-acc-sys	*	any
cisco	ncs_57b1-5dse-sys	*	any
cisco	ncs_57b1-6d24-sys	*	any
cisco	ncs_57c1-48q6-sys	*	any
cisco	ncs_57d2-18dd-sys	*	any

References 1

sec.cloudapps.cisco.com https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xr-secure-boot-quD5g8Ap

Vendor Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.