CVE-2020-3455
Summary
| CVE | CVE-2020-3455 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2020-10-21 19:15:00 UTC |
| Updated | 2020-10-28 20:52:00 UTC |
| Description | A vulnerability in the secure boot process of Cisco FXOS Software could allow an authenticated, local attacker to bypass the secure boot mechanisms. The vulnerability is due to insufficient protections of the secure boot process. An attacker could exploit this vulnerability by injecting code into a specific file that is then referenced during the device boot process. A successful exploit could allow the attacker to break the chain of trust and inject code into the boot process of the device which would be executed at each boot and maintain persistence across reboots. |
Risk And Classification
Problem Types: NVD-CWE-Other
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Hardware | Cisco | Firepower 4110 | - | All | All | All |
| Hardware | Cisco | Firepower 4110 | - | All | All | All |
| Hardware | Cisco | Firepower 4112 | - | All | All | All |
| Hardware | Cisco | Firepower 4112 | - | All | All | All |
| Hardware | Cisco | Firepower 4115 | - | All | All | All |
| Hardware | Cisco | Firepower 4115 | - | All | All | All |
| Hardware | Cisco | Firepower 4120 | - | All | All | All |
| Hardware | Cisco | Firepower 4120 | - | All | All | All |
| Hardware | Cisco | Firepower 4125 | - | All | All | All |
| Hardware | Cisco | Firepower 4125 | - | All | All | All |
| Hardware | Cisco | Firepower 4140 | - | All | All | All |
| Hardware | Cisco | Firepower 4140 | - | All | All | All |
| Hardware | Cisco | Firepower 4145 | - | All | All | All |
| Hardware | Cisco | Firepower 4145 | - | All | All | All |
| Hardware | Cisco | Firepower 4150 | - | All | All | All |
| Hardware | Cisco | Firepower 4150 | - | All | All | All |
| Hardware | Cisco | Firepower 9300 Sm-24 | - | All | All | All |
| Hardware | Cisco | Firepower 9300 Sm-24 | - | All | All | All |
| Hardware | Cisco | Firepower 9300 Sm-36 | - | All | All | All |
| Hardware | Cisco | Firepower 9300 Sm-36 | - | All | All | All |
| Hardware | Cisco | Firepower 9300 Sm-40 | - | All | All | All |
| Hardware | Cisco | Firepower 9300 Sm-40 | - | All | All | All |
| Hardware | Cisco | Firepower 9300 Sm-44 | - | All | All | All |
| Hardware | Cisco | Firepower 9300 Sm-44 | - | All | All | All |
| Hardware | Cisco | Firepower 9300 Sm-44 X 3 | - | All | All | All |
| Hardware | Cisco | Firepower 9300 Sm-44 X 3 | - | All | All | All |
| Hardware | Cisco | Firepower 9300 Sm-48 | - | All | All | All |
| Hardware | Cisco | Firepower 9300 Sm-48 | - | All | All | All |
| Hardware | Cisco | Firepower 9300 Sm-56 | - | All | All | All |
| Hardware | Cisco | Firepower 9300 Sm-56 | - | All | All | All |
| Hardware | Cisco | Firepower 9300 Sm-56 X 3 | - | All | All | All |
| Hardware | Cisco | Firepower 9300 Sm-56 X 3 | - | All | All | All |
| Operating System | Cisco | Firepower Extensible Operating System | All | All | All | All |
| Operating System | Cisco | Firepower Extensible Operating System | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Cisco FXOS Software for Firepower 4100/9300 Series Appliances Secure Boot Bypass Vulnerability | CISCO | tools.cisco.com | Patch, Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.