Cisco IOS XR Software information disclosure | CVE-2023-20064

NAME
__________
Cisco IOS XR Software information disclosure

Platforms Affected:
Cisco ASR 9000 Series Aggregation Services Routers
Cisco IOS XRv 9000 Router
Cisco Network Convergence System (NCS) 540 Series Routers
Cisco Network Convergence System (NCS) 560 Series Routers
Cisco Network Convergence System (NCS) 5000 Series Routers
Cisco Network Convergence System (NCS) 5500 Series Routers
Cisco Network Convergence System (NCS) 6000 Series Routers
Cisco IOS XR White box
Cisco NCS 1001 Series Routers
Cisco NCS 1002 Series Routers
Cisco NCS 1004 Series Routers
Cisco NCS 5700 Series Routers

Risk Level:
4.6

Exploitability:
Unproven

Consequences:
Obtain Information

DESCRIPTION
__________

Cisco IOS XR Software could allow a physical attacker to obtain sensitive information, caused by the inclusion of unnecessary commands within the GRUB environment. By sending a specially crafted request using the GRUB bootloader command line, an attacker could exploit this vulnerability to view sensitive files on the console, and use this information to launch further attacks against the affected system.

CVSS 3.0 Information
__________

Privileges Required:
None

User Interaction:
None

Scope:
Unchanged

Access Vector:
Physical


A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on Patreon using the button below

Digital Patreon Wordmark FieryCoralv2

To keep up to date follow us on the below channels.

join
Click Above for Telegram
discord
Click Above for Discord
reddit
Click Above for Reddit
hd linkedin
Click Above For LinkedIn