#VU124563 Buffer underflow in Cisco IOS XE - CVE-2026-20104
Published: March 25, 2026
Vulnerability identifier: #VU124563
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2026-20104
CWE-ID: CWE-124
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Cisco IOS XE
Cisco IOS XE
Software vendor:
Cisco Systems, Inc
Cisco Systems, Inc
Description
The vulnerability allows an attacker with physical access to execute arbitrary code at boot time and break the chain of trust.
The vulnerability exists due to insufficient validation of software at boot time in the bootloader when manipulating loaded binaries. An attacker with physical access can modify the device's binaries to bypass integrity checks during boot and execute unsigned code, breaking the chain of trust.
Successful exploitation allows execution of arbitrary code that bypasses the requirement to run Cisco-signed images.
Remediation
Install security update from vendor's website.