Auth bypass in Cisco Asr_9000v-v2
CVE-2023-20064
A vulnerability in the GRand Unified Bootloader (GRUB) for Cisco IOS XR Software could allow an unauthenticated attacker with physical access to the device to view sensitive files on the console using the GRUB bootloader command line. This…
Vulnerability class: Broken Access Control
EPSS: 0.003 (17.0th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 4.6 (Medium). Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N.
Affected products
Weakness classification (CWE)
References
- psirt@cisco.com (vendor-advisory, Vendor Advisory)
Frequently asked questions
- What is CVE-2023-20064?
- CVE-2023-20064 is a medium-severity vulnerability in Cisco Asr_9000v-v2, classified under Missing Authorization. CVSS score: 4.6/10. Published 2023-03-09.
- How severe is CVE-2023-20064?
- Medium severity. CVSS v3 base score is 4.6 out of 10.