Cisco iPXE Signature Bypass Vulnerability Allow Attackers To Boot Unverified Software
Cisco has identified a distinguished vulnerability in the iPXE boot characteristic of its IOS XR machine. This vulnerability stems from insufficient image verification all over the iPXE boot job, which could enable an authenticated, native attacker to set up an unverified machine image on affected devices.
An attacker could exploit this vulnerability by manipulating boot parameters, doubtlessly booting an unverified machine image on the machine.
Cisco has issued machine updates to take care of this safety flaw, but no workarounds are at the second accessible.
“This vulnerability is attributable to insufficient image verification. An attacker could exploit this vulnerability by manipulating the boot parameters for image verification all over the iPXE boot job on an affected machine.”
“A a hit exploit could enable the attacker moreover an unverified machine image on the affected machine.” Cisco mentioned.
Affected Merchandise
The vulnerability impacts several Cisco merchandise working explicit versions of IOS XR Instrument, including:
- 8000 Sequence Routers
- ASR 9000 Sequence Aggregation Services and products Routers
- Network Convergence Intention (NCS) 540, 560, 1000, 4000, 5000, 5500, and 5700 Sequence Routers
For detailed info about susceptible machine releases, consult with the Fastened Instrument share of the advisory.
Cisco has confirmed that the following merchandise are no longer plagued by this vulnerability:
- IOS Instrument
- IOS XE Instrument
- NX-OS Instrument
Instrument Updates and Suggestions
Cisco advises potentialities to recurrently consult the Cisco Security Advisories page to settle their exposure and to salvage a entire upgrade resolution.
Forward of upgrading, construct clear that devices luxuriate in ample memory and that most fresh configurations shall be supported by the original free up. Possibilities with questions could per chance also fair mute contact the Cisco Technical Aid Heart (TAC) or their upkeep suppliers.
The table under outlines the first fastened releases for affected Cisco platforms:
| Cisco Platform | First Fastened Originate |
|---|---|
| 8000 Sequence Routers | 7.10.1 |
| ASR 9000 Sequence Lightspeed-based mostly | 24.1.1 |
| ASR 9901 | 24.3.1 |
| ASR 9903 | 24.3.1 |
| NCS 560 | 24.2.1 |
| NCS 1004 | 24.1.1 |
| NCS 5500 | 7.10.1 |
| NCS 5700 | 7.10.1 |
There don’t seem to be any fixes for ASR 9000 Sequence Tomahawk-based mostly line cards, NCS 1001, and NCS 4000.
No public bulletins or experiences of malicious exploitation of this vulnerability had been made. The Cisco Product Security Incident Response Team (PSIRT) continues to show screen the quandary.
The total advisory could per chance also additionally be accessed here for additional shrimp print. This advisory is share of the September 2023 free up of the Cisco IOS XR Instrument Security Advisory Bundled Publication.
Additionally Read:
Source credit : cybersecuritynews.com
