CVE-2020-3455

CVE Database · CVE-2020-3455

CVE-2020-3455

· HIGHModified

CVSS v3.1

7.8

EPSS

0.34%

Published

Oct 21, 2020

Modified

Nov 21, 2024

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A vulnerability in the secure boot process of Cisco FXOS Software could allow an authenticated, local attacker to bypass the secure boot mechanisms. The vulnerability is due to insufficient protections of the secure boot process. An attacker could exploit this vulnerability by injecting code into a specific file that is then referenced during the device boot process. A successful exploit could allow the attacker to break the chain of trust and inject code into the boot process of the device which would be executed at each boot and maintain persistence across reboots.

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-693

Affected Products (19)

cisco · firepower_extensible_operating_system (up to 2.4.1.268)vulnerable

cisco · firepower_extensible_operating_system (up to 2.6.1.214)vulnerable

cisco · firepower_extensible_operating_system (up to 2.7.1.131)vulnerable

cisco · firepower_4110

cisco · firepower_4112

cisco · firepower_4115

cisco · firepower_4120

cisco · firepower_4125

cisco · firepower_4140

cisco · firepower_4145

cisco · firepower_4150

· firepower_9300_sm-24

References (2)

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fxos-sbbp-XTuPkYTn

PatchVendor Advisory

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fxos-sbbp-XTuPkYTn

PatchVendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs