CVE-2020-3455

CWE-6934 documents4 sources

Severity

7.8HIGH

EPSS

0.1%

top 80.64%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Firepower Extensible Operating System Cisco Cisco Firepower Extensible Operating System (fxos)

Timeline

PublishedOct 21

Latest updateMay 24

Description

A vulnerability in the secure boot process of Cisco FXOS Software could allow an authenticated, local attacker to bypass the secure boot mechanisms. The vulnerability is due to insufficient protections of the secure boot process. An attacker could exploit this vulnerability by injecting code into a specific file that is then referenced during the device boot process. A successful exploit could allow the attacker to break the chain of trust and inject code into the boot process of the device whic…

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5cisco/cisco_firepower_extensible_operating_system_(fxos)n/a

▶NVDcisco/firepower_extensible_operating_system2.6 — 2.6.1.214+2

Patches

Patch: tools.cisco.com ↗Patch: tools.cisco.com ↗

🔴Vulnerability Details

GHSA

GHSA-4c77-wcw2-9gh7: A vulnerability in the secure boot process of Cisco FXOS Software could allow an authenticated, local attacker to bypass the secure boot mechanisms↗2022-05-24

▶

CVEList

Cisco FXOS Software for Firepower 4100/9300 Series Appliances Secure Boot Bypass Vulnerability↗2020-10-21

▶

📋Vendor Advisories

Cisco

Cisco FXOS Software for Firepower 4100/9300 Series Appliances Secure Boot Bypass Vulnerability↗2020-10-21

▶