How severe is CVE-2024-20456?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.7 out of 10.

What type of vulnerability is CVE-2024-20456?

This is classified as CWE-732, which is a common weakness in software security.

CVE-2024-20456 - MEDIUM Severity | CVSS 6.7

Vulnerability Description

A vulnerability in the boot process of Cisco IOS XR Software could allow an authenticated, local attacker with high privileges to bypass the Cisco Secure Boot functionality and load unverified software on an affected device. To exploit this successfully, the attacker must have root-system privileges on the affected device. This vulnerability is due to an error in the software build process. An attacker could exploit this vulnerability by manipulating the system’s configuration options to bypass some of the integrity checks that are performed during the booting process. A successful exploit could allow the attacker to control the boot configuration, which could enable them to bypass of the requirement to run Cisco signed images or alter the security properties of the running system.

Related Vulnerabilities

CVE-2018-1203

MEDIUM

CVSS:6.7(Medium)

In Dell EMC Isilon OneFS, the compadmin is able to run tcpdump binary with root privileges. In versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, the tcpdump binary, being r...

CWE-7322018

CVE-2018-12200

MEDIUM

CVSS:6.7(Medium)

Insufficient access control in Intel(R) Capability Licensing Service before version 1.50.638.1 may allow an unprivileged user to potentially escalate privileges via local access.

CWE-7322018

CVE-2018-6978

MEDIUM

CVSS:6.7(Medium)

vRealize Operations (7.x before 7.0.0.11287810, 6.7.x before 6.7.0.11286837 and 6.6.x before 6.6.1.11286876) contains a local privilege escalation vulnerability due to improper permissions of support ...

CWE-7322018

CVE-2019-11166

MEDIUM

CVSS:6.7(Medium)

Improper file permissions in the installer for Intel(R) Easy Streaming Wizard before version 2.1.0731 may allow an authenticated user to potentially enable escalation of privilege via local attack.

CWE-7322019

CVE-2019-18577

MEDIUM

CVSS:6.7(Medium)

Dell EMC XtremIO XMS versions prior to 6.3.0 contain an incorrect permission assignment vulnerability. A malicious local user with XtremIO xinstall privileges may exploit this vulnerability to gain ro...

CWE-7322019

CVE-2020-7337

MEDIUM

CVSS:6.7(Medium)

Incorrect Permission Assignment for Critical Resource vulnerability in McAfee VirusScan Enterprise (VSE) prior to 8.8 Patch 16 allows local administrators to bypass local security protection through V...

CWE-7322020