CVE-2023-20082

Published: Mar 23, 2023Modified: Nov 21, 2024

6.8

Vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 0.9 / Impact: 5.9

Source: NVD

Description

A vulnerability in Cisco IOS XE Software for Cisco Catalyst 9300 Series Switches could allow an authenticated, local attacker with level-15 privileges or an unauthenticated attacker with physical access to the device to execute persistent code at boot time and break the chain of trust. This vulnerability is due to errors that occur when retrieving the public release key that is used for image signature verification. An attacker could exploit this vulnerability by modifying specific variables in the Serial Peripheral Interface (SPI) flash memory of an affected device. A successful exploit could allow the attacker to execute persistent code on the underlying operating system. Note: In Cisco IOS XE Software releases 16.11.1 and later, the complexity of an attack using this vulnerability is high. However, an attacker with level-15 privileges could easily downgrade the Cisco IOS XE Software on a device to a release that would lower the attack complexity.

Affected (3)

Products: Cisco: Ios Xe

Cisco

1 product

Ios Xe

Configuration A

3 vulnerable · 43 platform

Vulnerable Software	Affected Versions
Cisco Ios Xe	Before 17.3.7
Cisco Ios Xe	From 17.4 to 17.6.5
Cisco Ios Xe	Version 17.7

Running on/with	Platform Versions
Cisco Catalyst 9300	All versions
Cisco Catalyst 9300 24p A	All versions
Cisco Catalyst 9300 24p E	All versions
Cisco Catalyst 9300 24s A	All versions
Cisco Catalyst 9300 24s E	All versions
Cisco Catalyst 9300 24t A	All versions
Cisco Catalyst 9300 24t E	All versions
Cisco Catalyst 9300 24u A	All versions
Cisco Catalyst 9300 24u E	All versions
Cisco Catalyst 9300 24ux A	All versions
Cisco Catalyst 9300 24ux E	All versions
Cisco Catalyst 9300 48p A	All versions
Cisco Catalyst 9300 48p E	All versions
Cisco Catalyst 9300 48s A	All versions
Cisco Catalyst 9300 48s E	All versions
Cisco Catalyst 9300 48t A	All versions
Cisco Catalyst 9300 48t E	All versions
Cisco Catalyst 9300 48u A	All versions
Cisco Catalyst 9300 48u E	All versions
Cisco Catalyst 9300 48un A	All versions
Cisco Catalyst 9300 48un E	All versions
Cisco Catalyst 9300 48uxm A	All versions
Cisco Catalyst 9300 48uxm E	All versions
Cisco Catalyst 9300l	All versions
Cisco Catalyst 9300l 24p 4g A	All versions
Cisco Catalyst 9300l 24p 4g E	All versions
Cisco Catalyst 9300l 24p 4x A	All versions
Cisco Catalyst 9300l 24p 4x E	All versions
Cisco Catalyst 9300l 24t 4g A	All versions
Cisco Catalyst 9300l 24t 4g E	All versions
Cisco Catalyst 9300l 24t 4x A	All versions
Cisco Catalyst 9300l 24t 4x E	All versions
Cisco Catalyst 9300l 48p 4g A	All versions
Cisco Catalyst 9300l 48p 4g E	All versions
Cisco Catalyst 9300l 48p 4x A	All versions
Cisco Catalyst 9300l 48p 4x E	All versions
Cisco Catalyst 9300l 48t 4g A	All versions
Cisco Catalyst 9300l 48t 4g E	All versions
Cisco Catalyst 9300l 48t 4x A	All versions
Cisco Catalyst 9300l 48t 4x E	All versions
Cisco Catalyst 9300l Stack	All versions
Cisco Catalyst 9300lm	All versions
Cisco Catalyst 9300x	All versions

Related CWEs

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

References (2)

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-c9300-spi-ace-yejYgnNQ

Source: psirt@cisco.com

Vendor Advisory

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-c9300-spi-ace-yejYgnNQ

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.