CVE-2023-20064
Summary
| CVE | CVE-2023-20064 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2023-03-09 22:15:00 UTC |
| Updated | 2023-11-07 04:05:00 UTC |
| Description | A vulnerability in the GRand Unified Bootloader (GRUB) for Cisco IOS XR Software could allow an unauthenticated attacker with physical access to the device to view sensitive files on the console using the GRUB bootloader command line. This vulnerability is due to the inclusion of unnecessary commands within the GRUB environment that allow sensitive files to be viewed. An attacker could exploit this vulnerability by being connected to the console port of the Cisco IOS XR device when the device is power-cycled. A successful exploit could allow the attacker to view sensitive files that could be used to conduct additional attacks against the device. |
Risk And Classification
Problem Types: CWE-862
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Hardware | Cisco | Asr 9000v-v2 | - | All | All | All |
| Hardware | Cisco | Asr 9001 | - | All | All | All |
| Hardware | Cisco | Asr 9006 | - | All | All | All |
| Hardware | Cisco | Asr 9010 | - | All | All | All |
| Hardware | Cisco | Asr 9901 | - | All | All | All |
| Hardware | Cisco | Asr 9902 | - | All | All | All |
| Hardware | Cisco | Asr 9903 | - | All | All | All |
| Hardware | Cisco | Asr 9904 | - | All | All | All |
| Hardware | Cisco | Asr 9906 | - | All | All | All |
| Hardware | Cisco | Asr 9910 | - | All | All | All |
| Hardware | Cisco | Asr 9912 | - | All | All | All |
| Hardware | Cisco | Asr 9922 | - | All | All | All |
| Operating System | Cisco | Ios Xr | All | All | All | All |
| Hardware | Cisco | Ios Xrv 9000 | - | All | All | All |
| Hardware | Cisco | Nc57-18dd-se | - | All | All | All |
| Hardware | Cisco | Nc57-24dd | - | All | All | All |
| Hardware | Cisco | Nc57-36h-se | - | All | All | All |
| Hardware | Cisco | Nc57-36h6d-s | - | All | All | All |
| Hardware | Cisco | Ncs 1001 | - | All | All | All |
| Hardware | Cisco | Ncs 1002 | - | All | All | All |
| Hardware | Cisco | Ncs 1004 | - | All | All | All |
| Hardware | Cisco | Ncs 5001 | - | All | All | All |
| Hardware | Cisco | Ncs 5002 | - | All | All | All |
| Hardware | Cisco | Ncs 5011 | - | All | All | All |
| Hardware | Cisco | Ncs 540 | - | All | All | All |
| Hardware | Cisco | Ncs 540 Fronthaul | - | All | All | All |
| Hardware | Cisco | Ncs 5501 | - | All | All | All |
| Hardware | Cisco | Ncs 5501-se | - | All | All | All |
| Hardware | Cisco | Ncs 5502 | - | All | All | All |
| Hardware | Cisco | Ncs 5502-se | - | All | All | All |
| Hardware | Cisco | Ncs 5508 | - | All | All | All |
| Hardware | Cisco | Ncs 5516 | - | All | All | All |
| Hardware | Cisco | Ncs 560-4 | - | All | All | All |
| Hardware | Cisco | Ncs 560-7 | - | All | All | All |
| Hardware | Cisco | Ncs 57b1-5dse-sys | - | All | All | All |
| Hardware | Cisco | Ncs 57b1-6d24-sys | - | All | All | All |
| Hardware | Cisco | Ncs 57c1-48q6-sys | - | All | All | All |
| Hardware | Cisco | Ncs 57c3-mod-sys | - | All | All | All |
| Hardware | Cisco | Ncs 57c3-mods-sys | - | All | All | All |
| Hardware | Cisco | Ncs 6000 | - | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Cisco IOS XR Software Bootloader Unauthenticated Information Disclosure Vulnerability | CISCO | sec.cloudapps.cisco.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 317303 Cisco Internetwork Operating System (IOS) XR Software Bootloader Unauthenticated Information Disclosure Vulnerability (cisco-sa-iosxr-load-infodisc-9rdOr5Fq)