CVE-2024-20456

A vulnerability in the boot process of Cisco IOS XR Software could allow an authenticated, local attacker with high privileges to bypass the Cisco Secure Boot functionality and load unverified software on an affected device. To exploit this successfully, the attacker must have root-system privileges on the affected device. This vulnerability is due to an error in the software build process. An attacker could exploit this vulnerability by manipulating the system’s configuration options to bypass some of the integrity checks that are performed during the booting process. A successful exploit could allow the attacker to control the boot configuration, which could enable them to bypass of the requirement to run Cisco signed images or alter the security properties of the running system.

CVSS v3 6.7 MEDIUM

6.7^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 0.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xr-secure-boot-quD5g8Ap

Configurations

No configuration.

History

No history.

Information

Published : 2024-07-10 16:15

Updated : 2024-07-11 13:05

NVD link : CVE-2024-20456

Mitre link : CVE-2024-20456

CVE.ORG link : CVE-2024-20456

JSON object : View

Products Affected

No product.

CWE

CWE-732

Incorrect Permission Assignment for Critical Resource

{"id": "CVE-2024-20456", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "ykramarz@cisco.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.7, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 0.8}]}, "published": "2024-07-10T16:15:03.703", "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xr-secure-boot-quD5g8Ap", "source": "ykramarz@cisco.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "ykramarz@cisco.com", "description": [{"lang": "en", "value": "CWE-732"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the boot process of Cisco IOS XR Software could allow an authenticated, local attacker with high privileges to bypass the Cisco Secure Boot functionality and load unverified software on an affected device. To exploit this successfully, the attacker must have root-system privileges on the affected device.\r\n\r This vulnerability is due to an error in the software build process. An attacker could exploit this vulnerability by manipulating the system’s configuration options to bypass some of the integrity checks that are performed during the booting process. A successful exploit could allow the attacker to control the boot configuration, which could enable them to bypass of the requirement to run Cisco signed images or alter the security properties of the running system."}, {"lang": "es", "value": "Una vulnerabilidad en el proceso de arranque del software Cisco IOS XR podr\u00eda permitir que un atacante local autenticado con altos privilegios omita la funcionalidad de arranque seguro de Cisco y cargue software no verificado en un dispositivo afectado. Para aprovechar esto con \u00e9xito, el atacante debe tener privilegios de system root en el dispositivo afectado. Esta vulnerabilidad se debe a un error en el proceso de compilaci\u00f3n del software. Un atacante podr\u00eda aprovechar esta vulnerabilidad manipulando las opciones de configuraci\u00f3n del sistema para omitir algunas de las comprobaciones de integridad que se realizan durante el proceso de arranque. Un exploit exitoso podr\u00eda permitir al atacante controlar la configuraci\u00f3n de arranque, lo que podr\u00eda permitirle eludir el requisito de ejecutar im\u00e1genes firmadas de Cisco o alterar las propiedades de seguridad del sistema en ejecuci\u00f3n."}], "lastModified": "2024-07-11T13:05:54.930", "sourceIdentifier": "ykramarz@cisco.com"}