CVE-2020-3284 — Improper Access Control in Cisco A99-rp2-se Firmware

CWE-284 — Improper Access Control4 documents4 sources

Severity

9.8CRITICALNVD

EPSS

4.6%

top 10.77%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco A99-rp2-se Firmware Cisco A99-rp2-tr Firmware Cisco A99-rp3-se Firmware +42 more

Timeline

PublishedNov 6

Latest updateMay 24

Description

A vulnerability in the enhanced Preboot eXecution Environment (PXE) boot loader for Cisco IOS XR 64-bit Software could allow an unauthenticated, remote attacker to execute unsigned code during the PXE boot process on an affected device. The PXE boot loader is part of the BIOS and runs over the management interface of hardware platforms that are running Cisco IOS XR Software only. The vulnerability exists because internal commands that are issued when the PXE network boot process is loading a sof…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages45 packages

▶CVEListV5cisco/cisco_ios_xr_softwaren/a

▶NVDcisco/ios_xr7.0.0 — 7.0.2+5

▶NVDcisco/nc55-rp_firmware< 9.30

▶NVDcisco/ncs1001_firmware< 14.60

▶NVDcisco/ncs1002_firmware< 14.60

🔴Vulnerability Details

GHSA

GHSA-5xjq-f58j-4hph: A vulnerability in the enhanced Preboot eXecution Environment (PXE) boot loader for Cisco IOS XR 64-bit Software could allow an unauthenticated, remot↗2022-05-24

▶

CVEList

Cisco IOS XR Software Enhanced Preboot eXecution Environment Unsigned Code Execution Vulnerability↗2020-11-06

▶

📋Vendor Advisories

Cisco

Cisco IOS XR Software Enhanced Preboot eXecution Environment Unsigned Code Execution Vulnerability↗2020-11-04

▶