CVE-2024-20456

CVSS 3.1 Score 6.7 of 10 (medium)

Details

Published Jul 10, 2024
Updated: Jul 11, 2024
CWE ID 732

Summary

CVE-2024-20456 is a vulnerability affecting the boot process of Cisco IOS XR Software. An authenticated, local attacker with high privileges can exploit this issue to bypass the Cisco Secure Boot functionality and load unverified software on an affected device. This requires the attacker to have root-system privileges on the device. The vulnerability stems from an error in the software build process, enabling attackers to manipulate configuration options and bypass some integrity checks during the boot process. Successful exploitation allows the attacker to control the boot configuration, potentially bypassing the requirement to run Cisco signed images or altering the security properties of the running system.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • Cisco IOS

Affected Vendors

  • Cisco Systems Inc

Prioritize, Pinpoint, and Act to Prevent Vulnerability Exploits with Recorded Future

Note: This is just a basic overview providing quick insights into CVE-2024-20456 information. Gain full access to comprehensive CVE data, third party vulnerabilities, compromised credentials and more with Recorded Future
  • Gain complete coverage of your cyber, third party, and physical attack surface
  • Proactively mitigate threats before they turn into costly attacks
  • Make fast, effective, data-driven decisions