Arbitrary Code Execution Vulnerability in Cisco IOS XR Software
CVE-2023-20135
5.7MEDIUM
Summary
A vulnerability in Cisco IOS XR Software affects the image verification process, opening the door for authenticated local attackers to exploit a race condition during ISO image installations. By manipulating an ISO image and initiating simultaneous install requests, attackers may execute arbitrary code on affected devices, potentially compromising their integrity and security.
Affected Version(s)
Cisco IOS XR Software 7.5.3
Cisco IOS XR Software 7.5.2
Cisco IOS XR Software 7.5.4
References
CVSS V3.1
Score:
5.7
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged
Timeline
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved