Cisco IOS XE Software Secure Boot Bypass Vulnerabilities

🚨 SEVERITY: MEDIUM — CVSS 6.7 Security Advisory

TL;DR 📌

Multiple vulnerabilities in Cisco IOS XE Software could allow an authenticated local attacker or an unauthenticated attacker with physical access to execute persistent code at boot time, compromising device security. Cisco has released fixed software, and no workarounds are available.

What happened 🕵️‍♂️

Cisco has identified multiple vulnerabilities in its IOS XE Software that could allow an attacker to bypass secure boot mechanisms. These vulnerabilities stem from improper validation of software packages, enabling an attacker to place a crafted file on an affected device. This could lead to the execution of persistent code on the operating system, effectively breaking the chain of trust.

Affected products 🖥️

The following Cisco products are affected if they are running vulnerable releases of Cisco IOS XE Software:

  • 1000 Series Integrated Services Routers (First Affected Release: 17.8.1)
  • 1100 Terminal Services Gateways (17.7.1)
  • 4000 Series Integrated Services Routers (17.3.1)
  • 8100 Series Secure Routers (17.15.1)
  • 8400 Series Secure Routers (17.12.1)
  • ASR 1000 Series Aggregation Services Routers (17.7.1)
  • C8375-E-G2 Platforms (17.15.3)
  • Catalyst IE3300 Rugged Series Routers (17.12.1)
  • Catalyst IR1100 Rugged Series Routers (17.13.1)
  • Catalyst IR8100 Heavy Duty Series Routers (17.4.1)
  • Catalyst IR8300 Rugged Series Routers (17.7.1)
  • Catalyst 8200 Series Edge Platforms (17.8.1)
  • Catalyst 8300 Series Edge Platforms (17.8.1)
  • Catalyst 8500L Edge Platforms (17.8.1)
  • Catalyst 9200 Series Switches (17.8.1)
  • Embedded Services 3300 Series (17.12.1)
  • VG410 Analog Voice Gateways (17.17.1)

Fixed software 🔧

Upgrade to the first fixed release in your train (or later):

Release / Product First Fixed Release Notes
1.0 Initial public release.
Cisco IOS and IOS XE Software N/A

Workarounds 🧯

There are no workarounds available for these vulnerabilities.

Risk in context 🎯

The highest CVSS score for these vulnerabilities is 6.7, which is classified as Medium severity. The risk is primarily associated with local access or physical access to the device, making it less likely to be exploited remotely. However, the potential for persistent code execution poses a significant security risk.

Fast facts ⚡

  • Vulnerabilities allow bypassing secure boot mechanisms.
  • Exploitation requires either local authenticated access or physical access.
  • No workarounds are available; immediate software updates are necessary.

For leadership 🧭

The vulnerabilities in Cisco IOS XE Software present a Medium risk, with a CVSS score of 6.7. Exploitation requires either authenticated local access or physical access to the device, which limits exposure but does not eliminate risk. Immediate remediation is necessary, with a recommendation to patch within 7 days. The operational impact involves a brief maintenance window, with no expected configuration drift.

Now: Review affected devices and plan for immediate software updates.
Next: Implement the fixed software as soon as possible.
Later: Monitor for any further advisories or updates from Cisco regarding these vulnerabilities.