Main Vulnerability Database SB2020060370

SB2020060370 - Improper Verification of Cryptographic Signature in Cisco IOS XE

Published: June 3, 2020 Updated: November 1, 2022

Security Bulletin ID SB2020060370

CSH Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Physical access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 vulnerability.

1) Improper Verification of Cryptographic Signature (CVE-ID: CVE-2020-3209)

CWE-ID: CWE-347 - Improper Verification of Cryptographic Signature

CVSSv4: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a local attacker to compromise the target system.

The vulnerability exists due to due to an improper check on the area of code that manages the verification of the digital signatures of system image files during the initial boot process. An attacker with physical access can install and boot a malicious software image or execute unsigned binaries on the target device.

Remediation

Install update from vendor's website.

References

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-digsig-bypass-FYQ3bmVq

Vulnerable Software

Cisco IOS XE: before 15.2(04)E10, 16.3(8.50), 16.3.9, 16.3.10, 16.3.11, 16.6(6.21), 16.6.7, 16.6.7a, 16.6.8, 16.6.9, 16.6.10, 16.9(3.54), 16.9.3a, 16.9.4, 16.9.5, 16.9.6, 16.9.7, 16.9.8, 16.9.8a, 16.10(1.191), 16.10.1g, 16.10.3, 16.11(0.143), 16.11(1.34), 16.11.1, 16.11.1a, 16.11.1b, 16.11.1c, 16.11.1s, 16.11.2, 16.12(0.25), 16.12(0.134), 16.12.1, 16.12.1b, 16.12.1c, 16.12.1d, 16.12.1e, 16.12.1s, 16.12.1t, 16.12.1w, 16.12.1x, 16.12.1y, 16.12.1z, 16.12.1z1, 16.12.1z2, 16.12.1a, 16.12.2, 16.12.2t, 16.12.2a, 16.12.2s, 16.12.3, 16.12.3a, 16.12.3s, 16.12.4, 16.12.4a, 16.12.5, 16.12.5 b, 16.12.5a, 16.12.6, 16.12.6a, 16.12.7, 16.12.8, 17.1(0.27), 17.1.1, 17.1.1a, 17.1.1t, 17.1.1s, 17.1.2, 17.1.3, 17.2.1, 17.2.1a, 17.2.1r, 17.2.1v, 17.2.2, 17.2.3, 17.3.1, 17.3.1x, 17.3.1z, 17.3.1w, 17.3.1a, 17.3.2, 17.3.2a, 17.3.3, 17.3.4, 17.3.4c, 17.3.4a, 17.3.4 b, 17.3.5, 17.3.5a, 17.3.5b, 17.3.6, 17.4.1, 17.4.1a, 17.4.1b, 17.4.2, 17.5.1, 17.5.1a, 17.6.1, 17.6.1a, 17.6.1w, 17.6.1x, 17.6.1y, 17.6.1z, 17.6.2, 17.6.3, 17.6.3a, 17.6.4, 17.7.1, 17.7.1a, 17.7.2, 17.8.1, Gibraltar 16.11.1s, Gibraltar 16.11.1c, Gibraltar 16.11.1b, Gibraltar 16.12.1e, Gibraltar 16.12.1d, Gibraltar 16.12.1c, Gibraltar 16.12.1b, 17.8.1a, 17.9.1, Everest-16.6.7, Fuji-16.9.4, Gibraltar 16.11.1a, Gibraltar 16.11.1, Amsterdam 17.1.1, 17.9.1a, Gibraltar 16.12.1s

SB2020060370 - Improper Verification of Cryptographic Signature in Cisco IOS XE

Breakdown by Severity

Description

Remediation

References

Please verify you're human