CVE-2023-20236 MEDIUM

CVE-2023-20236

Vendor Cisco
Product Cisco IOS XR Software
Weakness CWE-347
Published September 13, 2023
Last update December 16, 2025

CVSS base score

6.7/10
Attack vector Local
Attack complexity Low
Privileges required High
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

A vulnerability in the iPXE boot function of Cisco IOS XR software could allow an authenticated, local attacker to install an unverified software image on an affected device. This vulnerability is due to insufficient image verification. An attacker could exploit this vulnerability by manipulating the boot parameters for image verification during the iPXE boot process on an affected device. A successful exploit could allow the attacker to boot an unverified software image on the affected device.

Key dates

02Disclosure timeline

September 13, 2023 CVE published
December 16, 2025 Record updated

Related vulnerabilities

04Related CVE