Cisco IOS XR Software information disclosure | CVE-2023-20064
NAME
__________
Cisco IOS XR Software information disclosure
Platforms Affected:
Cisco ASR 9000 Series Aggregation Services Routers
Cisco IOS XRv 9000 Router
Cisco Network Convergence System (NCS) 540 Series Routers
Cisco Network Convergence System (NCS) 560 Series Routers
Cisco Network Convergence System (NCS) 5000 Series Routers
Cisco Network Convergence System (NCS) 5500 Series Routers
Cisco Network Convergence System (NCS) 6000 Series Routers
Cisco IOS XR White box
Cisco NCS 1001 Series Routers
Cisco NCS 1002 Series Routers
Cisco NCS 1004 Series Routers
Cisco NCS 5700 Series Routers
Risk Level:
4.6
Exploitability:
Unproven
Consequences:
Obtain Information
DESCRIPTION
__________
Cisco IOS XR Software could allow a physical attacker to obtain sensitive information, caused by the inclusion of unnecessary commands within the GRUB environment. By sending a specially crafted request using the GRUB bootloader command line, an attacker could exploit this vulnerability to view sensitive files on the console, and use this information to launch further attacks against the affected system.
CVSS 3.0 Information
__________
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Access Vector:
Physical
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on Patreon using the button below
To keep up to date follow us on the below channels.
