Arbitrary Code Execution Vulnerability in Cisco IOS XR Software
CVE-2023-20135

5.7MEDIUM

Key Information:

Vendor: Cisco
Status: Cisco iOS Xr Software
Vendor: CVE Published:; 13 September 2023

Badges

👾 Exploit Exists📰 News Worthy

Summary

A vulnerability in Cisco IOS XR Software affects the image verification process, opening the door for authenticated local attackers to exploit a race condition during ISO image installations. By manipulating an ISO image and initiating simultaneous install requests, attackers may execute arbitrary code on affected devices, potentially compromising their integrity and security.

Affected Version(s)

Cisco IOS XR Software 7.5.3

Cisco IOS XR Software 7.5.2

Cisco IOS XR Software 7.5.4

News Articles

GBHackers News

CVE-2023-20135

Cisco IOS Verification Flaw Let Attackers Execute Arbitrary Code

Cisco has been discovered with an arbitrary code execution flaw on their Cisco IOS XR Software image verification checks, which allows an authenticated, local attacker to execute arbitrary code on their underlying operating system.

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:

5.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

👾
Exploit known to exist
Oct 23, 2024
📰
First article discovered by GBHackers News
Sep 2, 2024
Vulnerability published
Sep 13, 2023
Vulnerability Reserved
Oct 27, 2022

Key Information:

Badges

Summary

Affected Version(s)

Get notified when SecurityVulnerability.io launches alerting 🔔

News Articles

Cisco IOS Verification Flaw Let Attackers Execute Arbitrary Code

References

CVSS V3.1

Timeline