Main Vulnerability Database Vulnerabilities #VU68872

#VU68872 Improper Verification of Cryptographic Signature in Cisco IOS XE - CVE-2020-3209

Published: November 1, 2022

Vulnerability identifier: #VU68872

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2020-3209

CWE-ID: CWE-347

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
Cisco IOS XE

Software vendor:
Cisco Systems, Inc

Description

The vulnerability allows a local attacker to compromise the target system.

The vulnerability exists due to due to an improper check on the area of code that manages the verification of the digital signatures of system image files during the initial boot process. An attacker with physical access can install and boot a malicious software image or execute unsigned binaries on the target device.

Remediation

Install updates from vendor's website.

External links

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-digsig-bypass-FYQ3bmVq

#VU68872 Improper Verification of Cryptographic Signature in Cisco IOS XE - CVE-2020-3209

Description

Remediation

External links

Please verify you're human