Risk | Low |
Patch available | YES |
Number of vulnerabilities | 1 |
CVE-ID | CVE-2020-3209 |
CWE-ID | CWE-347 |
Exploitation vector | Local |
Public exploit | N/A |
Vulnerable software Subscribe |
Cisco IOS XE Operating systems & Components / Operating system |
Vendor |
Security Bulletin
This security bulletin contains one low risk vulnerability.
EUVDB-ID: #VU68872
Risk: Low
CVSSv3.1: 5.9 [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-3209
CWE-ID:
CWE-347 - Improper Verification of Cryptographic Signature
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to compromise the target system.
The vulnerability exists due to due to an improper check on the area of code that manages the verification of the digital signatures of system image files during the initial boot process. An attacker with physical access can install and boot a malicious software image or execute unsigned binaries on the target device.
MitigationInstall updates from vendor's website.
Vulnerable software versionsCisco IOS XE: before Gibraltar 16.12.1s
External linksQ & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.