CVE-2020-3209Improper Verification of Cryptographic Signature in Cisco IOS XE Software 3.2.0sg

CWE-347Improper Verification of Cryptographic Signature6 documents6 sources
Severity
6.8MEDIUMNVD
EPSS
0.0%
top 86.36%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco IOS XE Software 3.2.0sgCisco IOS XE
Timeline
PublishedJun 3
Latest updateOct 27

Description

A vulnerability in software image verification in Cisco IOS XE Software could allow an unauthenticated, physical attacker to install and boot a malicious software image or execute unsigned binaries on an affected device. The vulnerability is due to an improper check on the area of code that manages the verification of the digital signatures of system image files during the initial boot process. An attacker could exploit this vulnerability by loading unsigned software on an affected device. A suc

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 0.9 | Impact: 5.9

Affected Packages2 packages

NVDcisco/ios_xe314 versions+313

Patches

Patch: tools.cisco.comPatch: tools.cisco.com

🔴Vulnerability Details

2
GHSA
GHSA-5m9q-364f-fv6c: A vulnerability in software image verification in Cisco IOS XE Software could allow an unauthenticated, physical attacker to install and boot a malici2022-05-24
CVEList
Cisco IOS XE Software Digital Signature Verification Bypass Vulnerability2020-06-03

📋Vendor Advisories

2
CISA ICS
Rockwell Automation Stratix Devices Containing Cisco IOS2022-10-27
Cisco
Cisco IOS XE Software Digital Signature Verification Bypass Vulnerability2020-06-03

💬Community

1
Bugzilla
CVE-2020-14319 amq-on: CSRF (in graphQL requests)2020-07-07
CVE-2020-3209 — Cisco vulnerability | cvebase