Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-20456

A vulnerability in the boot process of Cisco IOS XR Software could allow an authenticated, local attacker with high privileges to bypass the Cisco Secure Boot functionality and load unverified software on an affected device. To exploit this successfully, the attacker must have root-system privileges on the affected device. This vulnerability is due to an error in the software build process. An attacker could exploit this vulnerability by manipulating the system’s configuration options to bypass some of the integrity checks that are performed during the booting process. A successful exploit could allow the attacker to control the boot configuration, which could enable them to bypass of the requirement to run Cisco signed images or alter the security properties of the running system.

Published

2024-07-10T16:15:03.703

Last Modified

2025-08-04T17:44:16.417

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 6.7 (MEDIUM)

Weaknesses

Type: Secondary
CWE-732

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	cisco	ios_xr	24.2.1	Yes
Hardware	cisco	8011-4g24y4h-i	-	No
Hardware	cisco	8101-32fh	-	No
Hardware	cisco	8101-32fh-o	-	No
Hardware	cisco	8101-32h-o	-	No
Hardware	cisco	8102-28fh-dpu-o	-	No
Hardware	cisco	8102-64h	-	No
Hardware	cisco	8102-64h-o	-	No
Hardware	cisco	8111-32eh-o	-	No
Hardware	cisco	8122-64eh-o	-	No
Hardware	cisco	8122-64ehf-o	-	No
Hardware	cisco	8201	-	No
Hardware	cisco	8201-24h8fh	-	No
Hardware	cisco	8201-32fh	-	No
Hardware	cisco	8201-32fh-o	-	No
Hardware	cisco	8202	-	No
Hardware	cisco	8202-32fh-m	-	No
Hardware	cisco	8212-48fh-m	-	No
Hardware	cisco	8404	-	No
Hardware	cisco	8501-sys-mt	-	No
Hardware	cisco	8608	-	No
Hardware	cisco	8700	-	No
Hardware	cisco	8711-32fh-m	-	No
Hardware	cisco	8712-mod-m	-	No
Hardware	cisco	8804	-	No
Hardware	cisco	8808	-	No
Hardware	cisco	8812	-	No
Hardware	cisco	8818	-	No
Hardware	cisco	ncs_1010	-	No
Hardware	cisco	ncs_1014	-	No
Hardware	cisco	ncs_540-12z20g-sys-a	-	No
Hardware	cisco	ncs_540-12z20g-sys-d	-	No
Hardware	cisco	ncs_540-24q2c2dd-sys	-	No
Hardware	cisco	ncs_540-24q8l2dd-sys	-	No
Hardware	cisco	ncs_540-24z8q2c-sys	-	No
Hardware	cisco	ncs_540-28z4c-sys-a	-	No
Hardware	cisco	ncs_540-28z4c-sys-d	-	No
Hardware	cisco	ncs_540-6z14s-sys-d	-	No
Hardware	cisco	ncs_540-6z18g-sys-a	-	No
Hardware	cisco	ncs_540-6z18g-sys-d	-	No
Hardware	cisco	ncs_540-acc-sys	-	No
Hardware	cisco	ncs_540-fh-agg	-	No
Hardware	cisco	ncs_540-fh-csr-sys	-	No
Hardware	cisco	ncs_540x-12z16g-sys-a	-	No
Hardware	cisco	ncs_540x-12z16g-sys-d	-	No
Hardware	cisco	ncs_540x-16z4g8q2c-a	-	No
Hardware	cisco	ncs_540x-16z4g8q2c-d	-	No
Hardware	cisco	ncs_540x-16z8q2c-d	-	No
Hardware	cisco	ncs_540x-4z14g2q-a	-	No
Hardware	cisco	ncs_540x-4z14g2q-d	-	No
Hardware	cisco	ncs_540x-6z18g-sys-a	-	No
Hardware	cisco	ncs_540x-6z18g-sys-d	-	No
Hardware	cisco	ncs_540x-8z16g-sys-a	-	No
Hardware	cisco	ncs_540x-8z16g-sys-d	-	No
Hardware	cisco	ncs_540x-acc-sys	-	No
Hardware	cisco	ncs_57b1-5dse-sys	-	No
Hardware	cisco	ncs_57b1-6d24-sys	-	No
Hardware	cisco	ncs_57c1-48q6-sys	-	No
Hardware	cisco	ncs_57d2-18dd-sys	-	No

References

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xr-secure-boot-quD5g8Ap Vendor Advisory ([email protected])
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xr-secure-boot-quD5g8Ap Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)