A vulnerability in the processing of boot options of specific Cisco IOS XE Software switches could allow an authenticated, local attacker with root shell access to the underlying operating system (OS) to conduct a command injection attack during device boot. This vulnerability is due to insufficient input validation checks while processing boot options. An attacker could exploit this vulnerability by modifying device boot options to execute attacker-provided code. A successful exploit may allow an attacker to bypass the Secure Boot process and execute malicious code on an affected device with root-level privileges.
Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).
| Vendor | Product | Default status | Versions | ||||||
|---|---|---|---|---|---|---|---|---|---|
| Cisco | Cisco IOS XE Software 16.9.2 | affected |
|
Configuration 1 [-]
| AND |
|
No data.
No data.
Project Subscriptions
| Vendors | Products |
|---|---|
|
Cisco
Subscribe
|
Catalyst 3650-12x48uq
Subscribe
Catalyst 3650-12x48ur
Subscribe
Catalyst 3650-12x48uz
Subscribe
Catalyst 3650-24pd
Subscribe
Catalyst 3650-24pdm
Subscribe
Catalyst 3650-48fq
Subscribe
Catalyst 3650-48fqm
Subscribe
Catalyst 3650-8x24uq
Subscribe
Catalyst 3850-24xs
Subscribe
Catalyst 3850-48xs
Subscribe
Catalyst 3850-nm-2-40g
Subscribe
Catalyst 3850-nm-8-10g
Subscribe
Catalyst C9200-24p
Subscribe
Catalyst C9200-24t
Subscribe
Catalyst C9200-48p
Subscribe
Catalyst C9200-48t
Subscribe
Catalyst C9200l-24p-4g
Subscribe
Catalyst C9200l-24p-4x
Subscribe
Catalyst C9200l-24pxg-2y
Subscribe
Catalyst C9200l-24pxg-4x
Subscribe
Catalyst C9200l-24t-4g
Subscribe
Catalyst C9200l-24t-4x
Subscribe
Catalyst C9200l-48p-4g
Subscribe
Catalyst C9200l-48p-4x
Subscribe
Catalyst C9200l-48pxg-2y
Subscribe
Catalyst C9200l-48pxg-4x
Subscribe
Catalyst C9200l-48t-4g
Subscribe
Catalyst C9200l-48t-4x
Subscribe
Catalyst C9300-24p
Subscribe
Catalyst C9300-24s
Subscribe
Catalyst C9300-24t
Subscribe
Catalyst C9300-24u
Subscribe
Catalyst C9300-24ux
Subscribe
Catalyst C9300-48p
Subscribe
Catalyst C9300-48s
Subscribe
Catalyst C9300-48t
Subscribe
Catalyst C9300-48u
Subscribe
Catalyst C9300-48un
Subscribe
Catalyst C9300-48uxm
Subscribe
Catalyst C9300l-24p-4g
Subscribe
Catalyst C9300l-24p-4x
Subscribe
Catalyst C9300l-24t-4g
Subscribe
Catalyst C9300l-24t-4x
Subscribe
Catalyst C9300l-48p-4g
Subscribe
Catalyst C9300l-48p-4x
Subscribe
Catalyst C9300l-48t-4g
Subscribe
Catalyst C9300l-48t-4x
Subscribe
Catalyst C9500-12q
Subscribe
Catalyst C9500-16x
Subscribe
Catalyst C9500-24q
Subscribe
Catalyst C9500-24y4c
Subscribe
Catalyst C9500-32c
Subscribe
Catalyst C9500-32qc
Subscribe
Catalyst C9500-40x
Subscribe
Catalyst C9500-48y4c
Subscribe
Ios Xe
Subscribe
|
Advisories
| Source | ID | Title |
|---|---|---|
 EUVD |
EUVD-2020-24478 | A vulnerability in the processing of boot options of specific Cisco IOS XE Software switches could allow an authenticated, local attacker with root shell access to the underlying operating system (OS) to conduct a command injection attack during device boot. This vulnerability is due to insufficient input validation checks while processing boot options. An attacker could exploit this vulnerability by modifying device boot options to execute attacker-provided code. A successful exploit may allow an attacker to bypass the Secure Boot process and execute malicious code on an affected device with root-level privileges. |
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
Fri, 15 Nov 2024 18:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Projects
Sign in to view the affected projects.
MITRE
Status: PUBLISHED
Assigner: cisco
Published:
Updated: 2024-11-15T17:18:45.307Z
Reserved: 2019-12-12T00:00:00
Link: CVE-2020-3207
Vulnrichment
Updated: 2024-08-04T07:24:00.749Z
NVD
Status : Modified
Published: 2020-06-03T18:15:18.747
Modified: 2024-11-21T05:30:33.603
Link: CVE-2020-3207
Redhat
No data.
OpenCVE Enrichment
No data.