Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

fstec логотип

BDU:2024-02878

Опубликовано: 27 мар. 2024
Источник: fstec
CVSS3: 5.9
CVSS2: 6.2
EPSS Низкий

Описание

Уязвимость микропрограммного обеспечения точек доступа Cisco Aironet Access Points (AP) серий 1540, 1560, 1800, 2800, 3800, 4800, Catalyst 9105AX, Catalyst 9115, Catalyst 9120AX, Catalyst 9124AX, Catalyst 9130AX и Catalyst 9136 связана с нарушением доверительных границ. Эксплуатация уязвимости может позволить нарушителю обойти ограничения безопасности, обойти ограничения безопасности, выполнить произвольные команды и загрузить измененный образ программного обеспечения

Вендор

Cisco Systems Inc.

Наименование ПО

Cisco Embedded Services 6300 Series APs
Catalyst IW6300 Heavy Duty Series APs
Aironet 1540 Series APs
Aironet 1560 Series APs
Aironet 1800 Series APs
Aironet 2800 Series APs
Aironet 3800 Series APs
Aironet 4800 APs
Cisco Business 150 AP
Cisco Business 151 Mesh Extender
Cisco Business 100 Series Access Points
Cisco Business 200 Series Access Points
Catalyst 9105AX Series
Catalyst 9115 Series
Catalyst 9120AX Series
Catalyst 9124AX Series
Catalyst 9130AX Series
Catalyst 9136
Catalyst Cellular Gateways
Cisco Wide Pluggable Form Factor Wi-Fi 6 AP Module for Industrial Routers

Версия ПО

до 17.3.8 (Cisco Embedded Services 6300 Series APs)
от 17.4 до 17.6.6 (Cisco Embedded Services 6300 Series APs)
до 17.3.8 (Catalyst IW6300 Heavy Duty Series APs)
от 17.4 до 17.6.6 (Catalyst IW6300 Heavy Duty Series APs)
до 8.10.190.0 (Aironet 1540 Series APs)
до 8.10.190.0 (Aironet 1560 Series APs)
до 8.10.190.0 (Aironet 1800 Series APs)
до 8.10.190.0 (Aironet 2800 Series APs)
до 8.10.190.0 (Aironet 3800 Series APs)
до 8.10.190.0 (Aironet 4800 APs)
до 10.6.2.0 (Cisco Business 150 AP)
до 10.6.2.0 (Cisco Business 151 Mesh Extender)
до 10.9.1.0 (Cisco Business 100 Series Access Points)
до 10.9.1.0 (Cisco Business 200 Series Access Points)
от 17.7 до 17.9.4 (Cisco Embedded Services 6300 Series APs)
от 17.10 до 17.11 включительно (Cisco Embedded Services 6300 Series APs)
до 17.3.8 (Catalyst 9105AX Series)
от 17.4 до 17.6.6 (Catalyst 9105AX Series)
от 17.7 до 17.9.4 (Catalyst 9105AX Series)
от 17.10 до 17.11 включительно (Catalyst 9105AX Series)
от 17.10 до 17.11 включительно (Catalyst 9115 Series)
от 17.7 до 17.9.4 (Catalyst 9115 Series)
от 17.4 до 17.6.6 (Catalyst 9115 Series)
до 17.3.8 (Catalyst 9115 Series)
от 17.10 до 17.11 включительно (Catalyst 9120AX Series)
от 17.7 до 17.9.4 (Catalyst 9120AX Series)
от 17.4 до 17.6.6 (Catalyst 9120AX Series)
до 17.3.8 (Catalyst 9120AX Series)
от 17.10 до 17.11 включительно (Catalyst 9124AX Series)
от 17.7 до 17.9.4 (Catalyst 9124AX Series)
от 17.4 до 17.6.6 (Catalyst 9124AX Series)
до 17.3.8 (Catalyst 9124AX Series)
от 17.10 до 17.11 включительно (Catalyst 9130AX Series)
от 17.7 до 17.9.4 (Catalyst 9130AX Series)
от 17.4 до 17.6.6 (Catalyst 9130AX Series)
до 17.3.8 (Catalyst 9130AX Series)
от 17.10 до 17.11 включительно (Catalyst 9136)
от 17.7 до 17.9.4 (Catalyst 9136)
от 17.4 до 17.6.6 (Catalyst 9136)
до 17.3.8 (Catalyst 9136)
от 17.10 до 17.11 включительно (Catalyst Cellular Gateways)
от 17.7 до 17.9.4 (Catalyst Cellular Gateways)
от 17.4 до 17.6.6 (Catalyst Cellular Gateways)
до 17.3.8 (Catalyst Cellular Gateways)
от 17.7 до 17.9.4 (Catalyst IW6300 Heavy Duty Series APs)
от 17.10 до 17.11 включительно (Catalyst IW6300 Heavy Duty Series APs)
от 17.10 до 17.11 включительно (Cisco Wide Pluggable Form Factor Wi-Fi 6 AP Module for Industrial Routers)
от 17.7 до 17.9.4 (Cisco Wide Pluggable Form Factor Wi-Fi 6 AP Module for Industrial Routers)
от 17.4 до 17.6.6 (Cisco Wide Pluggable Form Factor Wi-Fi 6 AP Module for Industrial Routers)
до 17.3.8 (Cisco Wide Pluggable Form Factor Wi-Fi 6 AP Module for Industrial Routers)

Тип ПО

Сетевое программное средство
Прикладное ПО информационных систем
Микропрограммный код
Сетевое средство

Операционные системы и аппаратные платформы

-

Уровень опасности уязвимости

Средний уровень опасности (базовая оценка CVSS 2.0 составляет 6,2)
Средний уровень опасности (базовая оценка CVSS 3.0 составляет 5,9)

Возможные меры по устранению уязвимости

Использование рекомендаций:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ap-secureboot-bypass-zT5vJkSD

Статус уязвимости

Подтверждена производителем

Наличие эксплойта

Данные уточняются

Информация об устранении

Уязвимость устранена

Ссылки на источники

Идентификаторы других систем описаний уязвимостей

EPSS

Процентиль: 3%
0.00016
Низкий

5.9 Medium

CVSS3

6.2 Medium

CVSS2

Связанные уязвимости

nvd логотип

CVE-2024-20265

CVSS3: 5.9
nvd
почти 2 года назад

A vulnerability in the boot process of Cisco Access Point (AP) Software could allow an unauthenticated, physical attacker to bypass the Cisco Secure Boot functionality and load a software image that has been tampered with on an affected device. This vulnerability exists because unnecessary commands are available during boot time at the physical console. An attacker could exploit this vulnerability by interrupting the boot process and executing specific commands to bypass the Cisco Secure Boot validation checks and load an image that has been tampered with. This image would have been previously downloaded onto the targeted device. A successful exploit could allow the attacker to load the image once. The Cisco Secure Boot functionality is not permanently compromised.

github логотип

GHSA-gqw2-gvrw-vqqg

CVSS3: 5.9
github
почти 2 года назад

A vulnerability in the boot process of Cisco Access Point (AP) Software could allow an unauthenticated, physical attacker to bypass the Cisco Secure Boot functionality and load a software image that has been tampered with on an affected device. This vulnerability exists because unnecessary commands are available during boot time at the physical console. An attacker could exploit this vulnerability by interrupting the boot process and executing specific commands to bypass the Cisco Secure Boot validation checks and load an image that has been tampered with. This image would have been previously downloaded onto the targeted device. A successful exploit could allow the attacker to load the image once. The Cisco Secure Boot functionality is not permanently compromised.

EPSS

Процентиль: 3%
0.00016
Низкий

5.9 Medium

CVSS3

6.2 Medium

CVSS2