#VU80775 Time-of-check Time-of-use (TOCTOU) Race Condition in Cisco Systems, Inc products - CVE-2023-20135
Published: September 14, 2023
Vulnerability identifier: #VU80775
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2023-20135
CWE-ID: CWE-367
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Cisco IOS XR
Cisco 8000 Series Routers
Cisco Network Convergence System 540 Series Routers
Network Convergence System 5700 Series
Cisco IOS XR
Cisco 8000 Series Routers
Cisco Network Convergence System 540 Series Routers
Network Convergence System 5700 Series
Software vendor:
Cisco Systems, Inc
Cisco Systems, Inc
Description
The vulnerability allows a local user to execute arbitrary code on the system.
The vulnerability exists due to a time-of-check, time-of-use (TOCTOU) race condition when an install query regarding an ISO image is performed during an install operation that uses an ISO image. A local administrator can execute arbitrary code on target system.
Remediation
Install updates from vendor's website.