Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-20064

A vulnerability in the GRand Unified Bootloader (GRUB) for Cisco IOS XR Software could allow an unauthenticated attacker with physical access to the device to view sensitive files on the console using the GRUB bootloader command line. This vulnerability is due to the inclusion of unnecessary commands within the GRUB environment that allow sensitive files to be viewed. An attacker could exploit this vulnerability by being connected to the console port of the Cisco IOS XR device when the device is power-cycled. A successful exploit could allow the attacker to view sensitive files that could be used to conduct additional attacks against the device.

Published

2023-03-09T22:15:52.277

Last Modified

2024-11-21T07:40:28.087

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 4.6 (MEDIUM)

Weaknesses

Type: Secondary
CWE-862
Type: Primary
CWE-862

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	cisco	ios_xr	< 7.9.1	Yes
Hardware	cisco	asr_9000v-v2	-	No
Hardware	cisco	asr_9001	-	No
Hardware	cisco	asr_9006	-	No
Hardware	cisco	asr_9010	-	No
Hardware	cisco	asr_9901	-	No
Hardware	cisco	asr_9902	-	No
Hardware	cisco	asr_9903	-	No
Hardware	cisco	asr_9904	-	No
Hardware	cisco	asr_9906	-	No
Hardware	cisco	asr_9910	-	No
Hardware	cisco	asr_9912	-	No
Hardware	cisco	asr_9922	-	No
Hardware	cisco	ios_xrv_9000	-	No
Hardware	cisco	ncs_1001	-	No
Hardware	cisco	ncs_1002	-	No
Hardware	cisco	ncs_1004	-	No
Operating System	cisco	ios_xr	< 7.6.1	Yes
Hardware	cisco	nc57-18dd-se	-	No
Hardware	cisco	nc57-24dd	-	No
Hardware	cisco	nc57-36h-se	-	No
Hardware	cisco	nc57-36h6d-s	-	No
Hardware	cisco	ncs_540	-	No
Hardware	cisco	ncs_540_fronthaul	-	No
Hardware	cisco	ncs_5501	-	No
Hardware	cisco	ncs_5501-se	-	No
Hardware	cisco	ncs_5502	-	No
Hardware	cisco	ncs_5502-se	-	No
Hardware	cisco	ncs_5508	-	No
Hardware	cisco	ncs_5516	-	No
Hardware	cisco	ncs_560-4	-	No
Hardware	cisco	ncs_560-7	-	No
Hardware	cisco	ncs_57b1-5dse-sys	-	No
Hardware	cisco	ncs_57b1-6d24-sys	-	No
Hardware	cisco	ncs_57c1-48q6-sys	-	No
Hardware	cisco	ncs_57c3-mod-sys	-	No
Hardware	cisco	ncs_57c3-mods-sys	-	No
Operating System	cisco	ios_xr	< 7.7.1	Yes
Hardware	cisco	ncs_5001	-	No
Hardware	cisco	ncs_5002	-	No
Hardware	cisco	ncs_5011	-	No
Operating System	cisco	ios_xr	*	Yes
Hardware	cisco	ncs_6000	-	No

References

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-load-infodisc-9rdOr5Fq Vendor Advisory ([email protected])
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-load-infodisc-9rdOr5Fq Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)