CVE-2020-3284
9.8
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 3.9 / Impact: 5.9
Source: NVD
Description
A vulnerability in the enhanced Preboot eXecution Environment (PXE) boot loader for Cisco IOS XR 64-bit Software could allow an unauthenticated, remote attacker to execute unsigned code during the PXE boot process on an affected device. The PXE boot loader is part of the BIOS and runs over the management interface of hardware platforms that are running Cisco IOS XR Software only. The vulnerability exists because internal commands that are issued when the PXE network boot process is loading a software image are not properly verified. An attacker could exploit this vulnerability by compromising the PXE boot server and replacing a valid software image with a malicious one. Alternatively, the attacker could impersonate the PXE boot server and send a PXE boot reply with a malicious file. A successful exploit could allow the attacker to execute unsigned code on the affected device. Note: To fix this vulnerability, both the Cisco IOS XR Software and the BIOS must be upgraded. The BIOS code is included in Cisco IOS XR Software but might require additional installation steps. For further information, see the Fixed Software section of this advisory.
Affected (49)
Products: Cisco: A9k Rsp880 Se Firmware, A9k Rsp880 Tr Firmware, A99 Rp2 Se Firmware, A99 Rp2 Tr Firmware, A99 Rsp Se Firmware, A99 Rsp Tr Firmware, A9k Rsp880 Lt Se Firmware, A9k Rsp880 Lt Tr Firmware, Asr 9901 Rp Firmware, A99 Rp3 Se Firmware, A99 Rp3 Tr Firmware, A9k Rsp5 Se Firmware, A9k Rsp5 Tr Firmware, Ncs1001 Firmware, Ncs1002 Firmware, Ncs1004 Firmware, N540 12z20g Sys A/d Firmware, N540 24z8q2c M Firmware, N540 28z4c Sys A/d Firmware, N540 Acc Sys Firmware, N540x 16z4g8q2c A/d Firmware, N540x 12z16g Sys A/d Firmware, Ios Xr, N560 4 Sys Firmware, N560 7 Sys Firmware, Ncs5001 Firmware, Ncs5002 Firmware, Ncs5011 Firmware, Nc55 Rp Firmware, Nc55 Rp E Firmware, Ncs 5501 Firmware, Ncs 5501 Se Firmware, Ncs 5502 Firmware, Ncs 5502 Se Firmware, Ncs 55a2 Mod S Firmware, Ncs 55a2 Mod Hd S Firmware, Ncs 55a2 Mod Hx S Firmware, Ncs 55a2 Mod Se S Firmware, Ncs 55a2 Mod Se H S Firmware, Ncs 55a1 36h Se S Firmware, Ncs 55a1 36h S Firmware, Ncs 55a1 24h Firmware, Ncs55 A1 48q6h Firmware, Ncs 55a1 24q6h S Firmware
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Before 10.65 |
| Running on/with | Platform Versions |
|---|---|
Cisco A9k Rsp880 Se | All versions |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| Before 10.65 |
| Running on/with | Platform Versions |
|---|---|
Cisco A9k Rsp880 Tr | All versions |
Configuration C
| Vulnerable Software | Affected Versions |
|---|---|
| Before 14.35 |
| Running on/with | Platform Versions |
|---|---|
Cisco A99 Rp2 Se | All versions |
Configuration D
| Vulnerable Software | Affected Versions |
|---|---|
| Before 14.35 |
| Running on/with | Platform Versions |
|---|---|
Cisco A99 Rp2 Tr | All versions |
Configuration E
| Vulnerable Software | Affected Versions |
|---|---|
| Before 16.14 |
| Running on/with | Platform Versions |
|---|---|
Cisco A99 Rsp Se | All versions |
Configuration F
| Vulnerable Software | Affected Versions |
|---|---|
| Before 16.14 |
| Running on/with | Platform Versions |
|---|---|
Cisco A99 Rsp Tr | All versions |
Configuration G
| Vulnerable Software | Affected Versions |
|---|---|
| Before 17.34 |
| Running on/with | Platform Versions |
|---|---|
Cisco A9k Rsp880 Lt Se | All versions |
Configuration H
| Vulnerable Software | Affected Versions |
|---|---|
| Before 17.34 |
| Running on/with | Platform Versions |
|---|---|
Cisco A9k Rsp880 Lt Tr | All versions |
Configuration I
| Vulnerable Software | Affected Versions |
|---|---|
| Before 22.20 |
| Running on/with | Platform Versions |
|---|---|
Cisco Asr 9901 Rp | All versions |
Configuration J
| Vulnerable Software | Affected Versions |
|---|---|
| Before 30.23 |
| Running on/with | Platform Versions |
|---|---|
Cisco A99 Rp3 Se | All versions |
Configuration K
| Vulnerable Software | Affected Versions |
|---|---|
| Before 30.23 |
| Running on/with | Platform Versions |
|---|---|
Cisco A99 Rp3 Tr | All versions |
Configuration L
| Vulnerable Software | Affected Versions |
|---|---|
| Before 31.20 |
| Running on/with | Platform Versions |
|---|---|
Cisco A9k Rsp5 Se | All versions |
Configuration M
| Vulnerable Software | Affected Versions |
|---|---|
| Before 31.20 |
| Running on/with | Platform Versions |
|---|---|
Cisco A9k Rsp5 Tr | All versions |
Configuration N
| Vulnerable Software | Affected Versions |
|---|---|
| Before 14.60 |
| Running on/with | Platform Versions |
|---|---|
Cisco Ncs1001 | All versions |
Configuration O
| Vulnerable Software | Affected Versions |
|---|---|
| Before 14.60 |
| Running on/with | Platform Versions |
|---|---|
Cisco Ncs1002 | All versions |
Configuration P
| Vulnerable Software | Affected Versions |
|---|---|
| Before 14.60 |
| Running on/with | Platform Versions |
|---|---|
Cisco Ncs1004 | All versions |
Configuration Q
| Vulnerable Software | Affected Versions |
|---|---|
| Before 1.15 |
| Running on/with | Platform Versions |
|---|---|
Cisco N540 12z20g Sys A/d | All versions |
Configuration R
| Vulnerable Software | Affected Versions |
|---|---|
| Before 1.15 |
| Running on/with | Platform Versions |
|---|---|
Cisco N540 24z8q2c M | All versions |
Configuration S
| Vulnerable Software | Affected Versions |
|---|---|
| Before 1.15 |
| Running on/with | Platform Versions |
|---|---|
Cisco N540 28z4c Sys A/d | All versions |
Configuration T
| Vulnerable Software | Affected Versions |
|---|---|
| Before 1.15 |
| Running on/with | Platform Versions |
|---|---|
Cisco N540 Acc Sys | All versions |
Configuration U
| Vulnerable Software | Affected Versions |
|---|---|
| Before 1.15 |
| Running on/with | Platform Versions |
|---|---|
Cisco N540x 16z4g8q2c A/d | All versions |
Configuration V
| Vulnerable Software | Affected Versions |
|---|---|
| Before 1.15 | |
| Before 6.5.2 |
| Running on/with | Platform Versions |
|---|---|
Cisco N540x 12z16g Sys A/d | All versions |
Configuration Y
| Vulnerable Software | Affected Versions |
|---|---|
| Before 0.14 |
| Running on/with | Platform Versions |
|---|---|
Cisco N560 4 Sys | All versions |
Configuration Z
| Vulnerable Software | Affected Versions |
|---|---|
| Before 0.14 |
| Running on/with | Platform Versions |
|---|---|
Cisco N560 7 Sys | All versions |
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Before 1.13 |
| Running on/with | Platform Versions |
|---|---|
Cisco Ncs5001 | All versions |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| Before 1.13 |
| Running on/with | Platform Versions |
|---|---|
Cisco Ncs5002 | All versions |
Configuration C
| Vulnerable Software | Affected Versions |
|---|---|
| Before 1.14 | |
| Before 7.2.1 |
| Running on/with | Platform Versions |
|---|---|
Cisco Ncs5011 | All versions |
Configuration D
| Vulnerable Software | Affected Versions |
|---|---|
| Before 9.30 |
| Running on/with | Platform Versions |
|---|---|
Cisco Nc55 Rp | All versions |
Configuration E
| Vulnerable Software | Affected Versions |
|---|---|
| Before 1.21 |
| Running on/with | Platform Versions |
|---|---|
Cisco Nc55 Rp E | All versions |
Configuration F
| Vulnerable Software | Affected Versions |
|---|---|
| Before 6.6.25 | |
| Before 1.21 |
| Running on/with | Platform Versions |
|---|---|
Cisco Ncs 5501 | All versions |
Configuration G
| Vulnerable Software | Affected Versions |
|---|---|
| Before 1.21 |
| Running on/with | Platform Versions |
|---|---|
Cisco Ncs 5501 Se | All versions |
Configuration H
| Vulnerable Software | Affected Versions |
|---|---|
| Before 1.21 |
| Running on/with | Platform Versions |
|---|---|
Cisco Ncs 5502 | All versions |
Configuration I
| Vulnerable Software | Affected Versions |
|---|---|
| Before 1.21 |
| Running on/with | Platform Versions |
|---|---|
Cisco Ncs 5502 Se | All versions |
Configuration J
| Vulnerable Software | Affected Versions |
|---|---|
| Before 1.12 |
| Running on/with | Platform Versions |
|---|---|
Cisco Ncs 55a2 Mod S | All versions |
Configuration K
| Vulnerable Software | Affected Versions |
|---|---|
| Before 1.12 |
| Running on/with | Platform Versions |
|---|---|
Cisco Ncs 55a2 Mod Hd S | All versions |
Configuration L
| Vulnerable Software | Affected Versions |
|---|---|
| Before 1.12 |
| Running on/with | Platform Versions |
|---|---|
Cisco Ncs 55a2 Mod Hx S | All versions |
Configuration M
| Vulnerable Software | Affected Versions |
|---|---|
| Before 6.6.25 | |
| Before 1.12 |
| Running on/with | Platform Versions |
|---|---|
Cisco Ncs 55a2 Mod Se S | All versions |
Configuration N
| Vulnerable Software | Affected Versions |
|---|---|
| Before 1.12 |
| Running on/with | Platform Versions |
|---|---|
Cisco Ncs 55a2 Mod Se H S | All versions |
Configuration O
| Vulnerable Software | Affected Versions |
|---|---|
| Before 1.12 |
| Running on/with | Platform Versions |
|---|---|
Cisco Ncs 55a1 36h Se S | All versions |
Configuration P
| Vulnerable Software | Affected Versions |
|---|---|
| Before 1.12 |
| Running on/with | Platform Versions |
|---|---|
Cisco Ncs 55a1 36h S | All versions |
Configuration Q
| Vulnerable Software | Affected Versions |
|---|---|
| Before 1.12 |
| Running on/with | Platform Versions |
|---|---|
Cisco Ncs 55a1 24h | All versions |
Configuration R
| Vulnerable Software | Affected Versions |
|---|---|
| Before 1.12 |
| Running on/with | Platform Versions |
|---|---|
Cisco Ncs55 A1 48q6h | All versions |
Configuration S
| Vulnerable Software | Affected Versions |
|---|---|
| Before 6.6.25 | |
| Before 6.6.25 |
| Running on/with | Platform Versions |
|---|---|
Cisco Ncs 55a1 24q6h S | All versions |
References (2)
Source: psirt@cisco.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Timeline
No history available yet.