Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-3284

A vulnerability in the enhanced Preboot eXecution Environment (PXE) boot loader for Cisco IOS XR 64-bit Software could allow an unauthenticated, remote attacker to execute unsigned code during the PXE boot process on an affected device. The PXE boot loader is part of the BIOS and runs over the management interface of hardware platforms that are running Cisco IOS XR Software only. The vulnerability exists because internal commands that are issued when the PXE network boot process is loading a software image are not properly verified. An attacker could exploit this vulnerability by compromising the PXE boot server and replacing a valid software image with a malicious one. Alternatively, the attacker could impersonate the PXE boot server and send a PXE boot reply with a malicious file. A successful exploit could allow the attacker to execute unsigned code on the affected device. Note: To fix this vulnerability, both the Cisco IOS XR Software and the BIOS must be upgraded. The BIOS code is included in Cisco IOS XR Software but might require additional installation steps. For further information, see the Fixed Software section of this advisory.

Security Impact Summary

This vulnerability carries a CRITICAL severity rating with a CVSS v3.1 score of 9.8, indicating it can be exploited remotely over the network with relatively low complexity without requiring user interaction and does not require pre-existing privileges . The vulnerability impacts confidentiality (data exposure), integrity (unauthorized modifications), and availability (service disruption) for affected systems. Impacting 87 products from cisco, from cisco, from cisco and 84 others, organizations running these solutions should prioritize assessment and patching.

Historical Context

Reported in 2020, this vulnerability emerged during an era marked by increased sophistication in supply chain attacks, cloud infrastructure vulnerabilities, and software-as-a-service (SaaS) security challenges. Security practices during this period emphasized zero-trust architectures, container security, and API protection.

Published

2020-11-06T19:15:14.267

Last Modified

2024-11-21T05:30:43.397

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 9.8 (CRITICAL)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

8.6

Impact Score

10.0

Weaknesses

Type: Secondary
CWE-284
Type: Primary
NVD-CWE-noinfo

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	cisco	a9k-rsp880-se_firmware	< 10.65	Yes
Operating System	cisco	ios_xr	< 6.5.2	Yes
Hardware	cisco	a9k-rsp880-se	-	No
Operating System	cisco	a9k-rsp880-tr_firmware	< 10.65	Yes
Operating System	cisco	ios_xr	< 6.5.2	Yes
Hardware	cisco	a9k-rsp880-tr	-	No
Operating System	cisco	a99-rp2-se_firmware	< 14.35	Yes
Operating System	cisco	ios_xr	< 6.5.2	Yes
Hardware	cisco	a99-rp2-se	-	No
Operating System	cisco	a99-rp2-tr_firmware	< 14.35	Yes
Operating System	cisco	ios_xr	< 6.5.2	Yes
Hardware	cisco	a99-rp2-tr	-	No
Operating System	cisco	a99-rsp-se_firmware	< 16.14	Yes
Operating System	cisco	ios_xr	< 6.5.2	Yes
Hardware	cisco	a99-rsp-se	-	No
Operating System	cisco	a99-rsp-tr_firmware	< 16.14	Yes
Operating System	cisco	ios_xr	< 6.5.2	Yes
Hardware	cisco	a99-rsp-tr	-	No
Operating System	cisco	a9k-rsp880-lt-se_firmware	< 17.34	Yes
Operating System	cisco	ios_xr	< 6.5.2	Yes
Hardware	cisco	a9k-rsp880-lt-se	-	No
Operating System	cisco	a9k-rsp880-lt-tr_firmware	< 17.34	Yes
Operating System	cisco	ios_xr	< 6.5.2	Yes
Hardware	cisco	a9k-rsp880-lt-tr	-	No
Operating System	cisco	asr-9901-rp_firmware	< 22.20	Yes
Operating System	cisco	ios_xr	< 6.5.2	Yes
Hardware	cisco	asr-9901-rp	-	No
Operating System	cisco	a99-rp3-se_firmware	< 30.23	Yes
Operating System	cisco	ios_xr	< 6.5.2	Yes
Hardware	cisco	a99-rp3-se	-	No
Operating System	cisco	a99-rp3-tr_firmware	< 30.23	Yes
Operating System	cisco	ios_xr	< 6.5.2	Yes
Hardware	cisco	a99-rp3-tr	-	No
Operating System	cisco	a9k-rsp5-se_firmware	< 31.20	Yes
Operating System	cisco	ios_xr	< 6.5.2	Yes
Hardware	cisco	a9k-rsp5-se	-	No
Operating System	cisco	a9k-rsp5-tr_firmware	< 31.20	Yes
Operating System	cisco	ios_xr	< 6.5.2	Yes
Hardware	cisco	a9k-rsp5-tr	-	No
Operating System	cisco	ncs1001_firmware	< 14.60	Yes
Operating System	cisco	ios_xr	< 6.5.2	Yes
Hardware	cisco	ncs1001	-	No
Operating System	cisco	ncs1002_firmware	< 14.60	Yes
Operating System	cisco	ios_xr	< 6.5.2	Yes
Hardware	cisco	ncs1002	-	No
Operating System	cisco	ncs1004_firmware	< 14.60	Yes
Operating System	cisco	ios_xr	< 6.5.2	Yes
Hardware	cisco	ncs1004	-	No
Operating System	cisco	n540-12z20g-sys-a\/d_firmware	< 1.15	Yes
Operating System	cisco	ios_xr	< 7.2.1	Yes
Hardware	cisco	n540-12z20g-sys-a\/d	-	No
Operating System	cisco	n540-24z8q2c-m_firmware	< 1.15	Yes
Operating System	cisco	ios_xr	< 6.5.2	Yes
Hardware	cisco	n540-24z8q2c-m	-	No
Operating System	cisco	n540-28z4c-sys-a\/d_firmware	< 1.15	Yes
Operating System	cisco	ios_xr	< 6.5.2	Yes
Hardware	cisco	n540-28z4c-sys-a\/d	-	No
Operating System	cisco	n540-acc-sys_firmware	< 1.15	Yes
Operating System	cisco	ios_xr	< 6.5.2	Yes
Hardware	cisco	n540-acc-sys	-	No
Operating System	cisco	n540x-16z4g8q2c-a\/d_firmware	< 1.15	Yes
Operating System	cisco	ios_xr	< 6.5.2	Yes
Hardware	cisco	n540x-16z4g8q2c-a\/d	-	No
Operating System	cisco	n540x-12z16g-sys-a\/d_firmware	< 1.15	Yes
Operating System	cisco	ios_xr	< 6.5.2	Yes
Hardware	cisco	n540x-12z16g-sys-a\/d	-	No
Operating System	cisco	n560-4-sys_firmware	< 0.14	Yes
Operating System	cisco	ios_xr	< 7.0.2	Yes
Hardware	cisco	n560-4-sys	-	No
Operating System	cisco	n560-7-sys_firmware	< 0.14	Yes
Operating System	cisco	ios_xr	< 7.0.2	Yes
Hardware	cisco	n560-7-sys	-	No
Operating System	cisco	n560-4-sys_firmware	< 0.14	Yes
Operating System	cisco	ios_xr	< 6.6.25	Yes
Hardware	cisco	n560-4-sys	-	No
Operating System	cisco	n560-7-sys_firmware	< 0.14	Yes
Operating System	cisco	ios_xr	< 6.6.25	Yes
Hardware	cisco	n560-7-sys	-	No
Operating System	cisco	ncs5001_firmware	< 1.13	Yes
Operating System	cisco	ios_xr	< 7.2.1	Yes
Hardware	cisco	ncs5001	-	No
Operating System	cisco	ncs5002_firmware	< 1.13	Yes
Operating System	cisco	ios_xr	< 7.2.1	Yes
Hardware	cisco	ncs5002	-	No
Operating System	cisco	ncs5011_firmware	< 1.14	Yes
Operating System	cisco	ios_xr	< 7.2.1	Yes
Hardware	cisco	ncs5011	-	No
Operating System	cisco	nc55-rp_firmware	< 9.30	Yes
Operating System	cisco	ios_xr	< 6.6.25	Yes
Hardware	cisco	nc55-rp	-	No
Operating System	cisco	nc55-rp-e_firmware	< 1.21	Yes
Operating System	cisco	ios_xr	< 6.6.25	Yes
Hardware	cisco	nc55-rp-e	-	No
Operating System	cisco	ncs-5501_firmware	< 6.6.25	Yes
Operating System	cisco	ios_xr	< 1.21	Yes
Hardware	cisco	ncs-5501	-	No
Operating System	cisco	ncs-5501-se_firmware	< 1.21	Yes
Operating System	cisco	ios_xr	< 6.6.25	Yes
Hardware	cisco	ncs-5501-se	-	No
Operating System	cisco	ncs-5502_firmware	< 1.21	Yes
Operating System	cisco	ios_xr	< 6.6.25	Yes
Hardware	cisco	ncs-5502	-	No
Operating System	cisco	ncs-5502-se_firmware	< 1.21	Yes
Operating System	cisco	ios_xr	< 6.6.25	Yes
Hardware	cisco	ncs-5502-se	-	No
Operating System	cisco	ncs-55a2-mod-s_firmware	< 1.12	Yes
Operating System	cisco	ios_xr	< 6.6.25	Yes
Hardware	cisco	ncs-55a2-mod-s	-	No
Operating System	cisco	ncs-55a2-mod-hd-s_firmware	< 1.12	Yes
Operating System	cisco	ios_xr	< 6.6.25	Yes
Hardware	cisco	ncs-55a2-mod-hd-s	-	No
Operating System	cisco	ncs-55a2-mod-hx-s_firmware	< 1.12	Yes
Operating System	cisco	ios_xr	< 6.6.25	Yes
Hardware	cisco	ncs-55a2-mod-hx-s	-	No
Operating System	cisco	ncs-55a2-mod-se-s_firmware	< 6.6.25	Yes
Operating System	cisco	ios_xr	< 1.12	Yes
Hardware	cisco	ncs-55a2-mod-se-s	-	No
Operating System	cisco	ncs-55a2-mod-se-h-s_firmware	< 1.12	Yes
Operating System	cisco	ios_xr	< 6.6.25	Yes
Hardware	cisco	ncs-55a2-mod-se-h-s	-	No
Operating System	cisco	ncs-55a1-36h-se-s_firmware	< 1.12	Yes
Operating System	cisco	ios_xr	< 6.6.25	Yes
Hardware	cisco	ncs-55a1-36h-se-s	-	No
Operating System	cisco	ncs-55a1-36h-s_firmware	< 1.12	Yes
Operating System	cisco	ios_xr	< 6.6.25	Yes
Hardware	cisco	ncs-55a1-36h-s	-	No
Operating System	cisco	ncs-55a1-24h_firmware	< 1.12	Yes
Operating System	cisco	ios_xr	< 6.6.25	Yes
Hardware	cisco	ncs-55a1-24h	-	No
Operating System	cisco	ncs55-a1-48q6h_firmware	< 1.12	Yes
Operating System	cisco	ios_xr	< 6.6.25	Yes
Hardware	cisco	ncs55-a1-48q6h	-	No
Operating System	cisco	ncs-55a1-24q6h-s_firmware	< 6.6.25	Yes
Operating System	cisco	ios_xr	< 6.6.25	Yes
Hardware	cisco	ncs-55a1-24q6h-s	-	No

References

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-pxe-unsign-code-exec-qAa78fD2 Vendor Advisory ([email protected])
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-pxe-unsign-code-exec-qAa78fD2 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)

How SecUtils Interprets This CVE

SecUtils normalizes and enriches National Vulnerability Database (NVD) records by standardizing vendor and product identifiers, aggregating vulnerability metadata from both NVD and MITRE sources, and providing structured context for security teams. For cisco's affected products, we extract Common Platform Enumeration (CPE) data, Common Weakness Enumeration (CWE) classifications, CVSS severity metrics, and reference data to enable rapid vulnerability prioritization and asset correlation. This record contains no exploit code, proof-of-concept instructions, or attack methodologies—only defensive intelligence necessary for patch management, risk assessment, and security operations.