{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2024-20265","assignerOrgId":"d1c1063e-7a18-46af-9102-31f8928bc633","state":"PUBLISHED","assignerShortName":"cisco","dateReserved":"2023-11-08T15:08:07.624Z","datePublished":"2024-03-27T17:03:54.505Z","dateUpdated":"2024-08-01T21:52:31.616Z"},"containers":{"cna":{"providerMetadata":{"orgId":"d1c1063e-7a18-46af-9102-31f8928bc633","shortName":"cisco","dateUpdated":"2024-03-27T17:03:54.505Z"},"descriptions":[{"lang":"en","value":"A vulnerability in the boot process of Cisco Access Point (AP) Software could allow an unauthenticated, physical attacker to bypass the Cisco Secure Boot functionality and load a software image that has been tampered with on an affected device.\r\n\r This vulnerability exists because unnecessary commands are available during boot time at the physical console. An attacker could exploit this vulnerability by interrupting the boot process and executing specific commands to bypass the Cisco Secure Boot validation checks and load an image that has been tampered with. This image would have been previously downloaded onto the targeted device. A successful exploit could allow the attacker to load the image once. The Cisco Secure Boot functionality is not permanently compromised."}],"affected":[{"vendor":"Cisco","product":"Cisco IOS XE Software","versions":[{"version":"N/A","status":"affected"}]},{"vendor":"Cisco","product":"Cisco Aironet Access Point Software","versions":[{"version":"8.2.100.0","status":"affected"},{"version":"8.2.130.0","status":"affected"},{"version":"8.2.111.0","status":"affected"},{"version":"8.2.110.0","status":"affected"},{"version":"8.2.121.0","status":"affected"},{"version":"8.2.141.0","status":"affected"},{"version":"8.2.151.0","status":"affected"},{"version":"8.2.160.0","status":"affected"},{"version":"8.2.161.0","status":"affected"},{"version":"8.2.164.0","status":"affected"},{"version":"8.2.166.0","status":"affected"},{"version":"8.2.170.0","status":"affected"},{"version":"8.2.163.0","status":"affected"},{"version":"8.3.102.0","status":"affected"},{"version":"8.3.111.0","status":"affected"},{"version":"8.3.112.0","status":"affected"},{"version":"8.3.121.0","status":"affected"},{"version":"8.3.122.0","status":"affected"},{"version":"8.3.130.0","status":"affected"},{"version":"8.3.131.0","status":"affected"},{"version":"8.3.132.0","status":"affected"},{"version":"8.3.133.0","status":"affected"},{"version":"8.3.140.0","status":"affected"},{"version":"8.3.141.0","status":"affected"},{"version":"8.3.143.0","status":"affected"},{"version":"8.3.150.0","status":"affected"},{"version":"8.3.108.0","status":"affected"},{"version":"8.3.90.53","status":"affected"},{"version":"8.3.104.46","status":"affected"},{"version":"8.3.200.200","status":"affected"},{"version":"8.3.104.64","status":"affected"},{"version":"8.3.15.165","status":"affected"},{"version":"8.3.90.11","status":"affected"},{"version":"8.3.135.0","status":"affected"},{"version":"8.3.104.14","status":"affected"},{"version":"8.3.90.36","status":"affected"},{"version":"8.3.15.142","status":"affected"},{"version":"8.3.104.37","status":"affected"},{"version":"8.3.15.117","status":"affected"},{"version":"8.3.15.120","status":"affected"},{"version":"8.3.15.25","status":"affected"},{"version":"8.3.15.158","status":"affected"},{"version":"8.3.15.118","status":"affected"},{"version":"8.3.90.25","status":"affected"},{"version":"8.3.15.169","status":"affected"},{"version":"8.3.90.58","status":"affected"},{"version":"8.4.100.0","status":"affected"},{"version":"8.4.1.199","status":"affected"},{"version":"8.4.1.91","status":"affected"},{"version":"8.4.1.142","status":"affected"},{"version":"8.4.1.175","status":"affected"},{"version":"8.4.1.218","status":"affected"},{"version":"8.4.1.92","status":"affected"},{"version":"8.5.103.0","status":"affected"},{"version":"8.5.105.0","status":"affected"},{"version":"8.5.110.0","status":"affected"},{"version":"8.5.120.0","status":"affected"},{"version":"8.5.131.0","status":"affected"},{"version":"8.5.140.0","status":"affected"},{"version":"8.5.135.0","status":"affected"},{"version":"8.5.151.0","status":"affected"},{"version":"8.5.101.0","status":"affected"},{"version":"8.5.102.0","status":"affected"},{"version":"8.5.161.0","status":"affected"},{"version":"8.5.160.0","status":"affected"},{"version":"8.5.100.0","status":"affected"},{"version":"8.5.171.0","status":"affected"},{"version":"8.5.164.0","status":"affected"},{"version":"8.5.182.0","status":"affected"},{"version":"8.5.182.11 ME","status":"affected"},{"version":"8.7.102.0","status":"affected"},{"version":"8.7.106.0","status":"affected"},{"version":"8.7.1.16","status":"affected"},{"version":"8.8.100.0","status":"affected"},{"version":"8.8.111.0","status":"affected"},{"version":"8.8.120.0","status":"affected"},{"version":"8.8.125.0","status":"affected"},{"version":"8.8.130.0","status":"affected"},{"version":"8.6.101.0","status":"affected"},{"version":"8.6.1.84","status":"affected"},{"version":"8.6.1.70","status":"affected"},{"version":"8.6.1.71","status":"affected"},{"version":"8.9.100.0","status":"affected"},{"version":"8.9.111.0","status":"affected"},{"version":"8.10.105.0","status":"affected"},{"version":"8.10.111.0","status":"affected"},{"version":"8.10.130.0","status":"affected"},{"version":"8.10.112.0","status":"affected"},{"version":"8.10.122.0","status":"affected"},{"version":"8.10.113.0","status":"affected"},{"version":"8.10.121.0","status":"affected"},{"version":"8.10.141.0","status":"affected"},{"version":"8.10.142.0","status":"affected"},{"version":"8.10.151.0","status":"affected"},{"version":"8.10.150.0","status":"affected"},{"version":"8.10.171.0","status":"affected"},{"version":"8.10.181.0","status":"affected"},{"version":"8.10.182.0","status":"affected"},{"version":"8.10.161.0","status":"affected"},{"version":"8.10.170.0","status":"affected"},{"version":"8.10.183.0","status":"affected"},{"version":"8.10.162.0","status":"affected"},{"version":"8.10.185.0","status":"affected"}]},{"vendor":"Cisco","product":"Cisco Business Wireless Access Point Software","versions":[{"version":"10.0.1.0","status":"affected"},{"version":"10.0.2.0","status":"affected"},{"version":"10.1.1.0","status":"affected"},{"version":"10.1.2.0","status":"affected"},{"version":"10.2.1.0","status":"affected"},{"version":"10.2.2.0","status":"affected"},{"version":"10.3.1.0","status":"affected"},{"version":"10.3.1.1","status":"affected"},{"version":"10.3.2.0","status":"affected"},{"version":"10.4.1.0","status":"affected"},{"version":"10.4.2.0","status":"affected"},{"version":"10.6.1.0","status":"affected"},{"version":"10.6.2.0","status":"affected"},{"version":"10.7.1.0","status":"affected"},{"version":"10.8.1.0","status":"affected"},{"version":"10.5.2.0","status":"affected"}]},{"vendor":"Cisco","product":"Cisco Aironet Access Point Software (IOS XE Controller)","versions":[{"version":"16.10.1e","status":"affected"},{"version":"16.10.1","status":"affected"},{"version":"17.1.1t","status":"affected"},{"version":"17.1.1s","status":"affected"},{"version":"17.1.1","status":"affected"},{"version":"16.11.1a","status":"affected"},{"version":"16.11.1","status":"affected"},{"version":"16.11.1c","status":"affected"},{"version":"16.11.1b","status":"affected"},{"version":"16.12.1s","status":"affected"},{"version":"16.12.4","status":"affected"},{"version":"16.12.1","status":"affected"},{"version":"16.12.2s","status":"affected"},{"version":"16.12.1t","status":"affected"},{"version":"16.12.4a","status":"affected"},{"version":"16.12.5","status":"affected"},{"version":"16.12.3","status":"affected"},{"version":"16.12.6","status":"affected"},{"version":"16.12.8","status":"affected"},{"version":"16.12.7","status":"affected"},{"version":"16.12.6a","status":"affected"},{"version":"17.3.1","status":"affected"},{"version":"17.3.2a","status":"affected"},{"version":"17.3.3","status":"affected"},{"version":"17.3.4","status":"affected"},{"version":"17.3.5","status":"affected"},{"version":"17.3.2","status":"affected"},{"version":"17.3.4c","status":"affected"},{"version":"17.3.5a","status":"affected"},{"version":"17.3.5b","status":"affected"},{"version":"17.3.6","status":"affected"},{"version":"17.2.1","status":"affected"},{"version":"17.2.1a","status":"affected"},{"version":"17.2.3","status":"affected"},{"version":"17.2.2","status":"affected"},{"version":"17.5.1","status":"affected"},{"version":"17.4.1","status":"affected"},{"version":"17.4.2","status":"affected"},{"version":"17.6.1","status":"affected"},{"version":"17.6.2","status":"affected"},{"version":"17.6.3","status":"affected"},{"version":"17.6.4","status":"affected"},{"version":"17.6.5","status":"affected"},{"version":"17.6.6a","status":"affected"},{"version":"17.6.5a","status":"affected"},{"version":"17.10.1","status":"affected"},{"version":"17.9.1","status":"affected"},{"version":"17.9.2","status":"affected"},{"version":"17.9.3","status":"affected"},{"version":"17.7.1","status":"affected"},{"version":"17.8.1","status":"affected"},{"version":"17.11.1","status":"affected"}]}],"problemTypes":[{"descriptions":[{"lang":"en","description":"Trust Boundary Violation","type":"cwe","cweId":"CWE-501"}]}],"references":[{"url":"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ap-secureboot-bypass-zT5vJkSD","name":"cisco-sa-ap-secureboot-bypass-zT5vJkSD"}],"metrics":[{"format":"cvssV3_1","cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"PHYSICAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"}}],"exploits":[{"lang":"en","value":"The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."}],"source":{"advisory":"cisco-sa-ap-secureboot-bypass-zT5vJkSD","discovery":"INTERNAL","defects":["CSCwf62026"]}},"adp":[{"affected":[{"vendor":"cisco","product":"aironet_access_point_software","cpes":["cpe:2.3:a:cisco:aironet_access_point_software:8.2.100.0:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"8.2.100.0","status":"affected","lessThanOrEqual":"8.10.185.0","versionType":"custom"}]},{"vendor":"cisco","product":"business_wireless_access_point_software","cpes":["cpe:2.3:a:cisco:business_wireless_access_point_software:10.0.1.0:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"10.0.1.0","status":"affected","lessThanOrEqual":"10.8.1.0","versionType":"custom"}]},{"vendor":"cisco","product":"aironet_access_point_software","cpes":["cpe:2.3:a:cisco:aironet_access_point_software:16.10.1:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"16.10.1","status":"affected","lessThanOrEqual":"17.11.1","versionType":"custom"}]}],"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-03-27T19:46:28.390425Z","id":"CVE-2024-20265","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-08-01T15:33:37.498Z"}},{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-01T21:52:31.616Z"},"title":"CVE Program Container","references":[{"url":"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ap-secureboot-bypass-zT5vJkSD","name":"cisco-sa-ap-secureboot-bypass-zT5vJkSD","tags":["x_transferred"]}]}]}}