Security Bulletin
This security bulletin contains one low risk vulnerability.
EUVDB-ID: #VU73202
Risk: Low
CVSSv3.1: 4 [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-20064
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to gain access to potentially sensitive information.
The vulnerability exists due to the inclusion of unnecessary commands within the GRand Unified Bootloader (GRUB). An attacker with physical access can gain unauthorized access to sensitive information on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsCisco ASR 9000 Series Aggregation Services Routers: All versions
IOS XR White box: All versions
Cisco IOS XRv 9000 Router: All versions
Cisco Network Convergence System 540 Series Routers: All versions
NCS560: All versions
NCS 1001 Series Routers: All versions
NCS 1002 Series Routers: All versions
NCS5000: All versions
NCS 5000 Series Routers: All versions
NCS5500: All versions
NCS 5700 Series Routers: All versions
NCS 6000 Series Routers: All versions
Cisco IOS XR: before 7.9.1
External linksQ & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.