Cisco IOS XR Software Enhanced Preboot eXecution Environment Unsigned Code Execution Vulnerability

Vulnerability

A vulnerability in the enhanced Preboot eXecution Environment (PXE) boot loader for Cisco IOS XR 64-bit Software could allow an unauthenticated, remote attacker to execute unsigned code during the PXE boot process on an affected device. The PXE boot loader is part of the BIOS and runs over the management interface of hardware platforms running Cisco IOS XR Software. The vulnerability exists because internal commands issued when loading a software image during PXE network boot are not properly verified. Affected platforms include those running Cisco IOS XR 64-bit Software on applicable hardware models [1].

Exploitation

An attacker can exploit this vulnerability by compromising the PXE boot server and replacing a valid software image with a malicious one, or by impersonating the PXE boot server and sending a malicious PXE boot reply. The attacker must be able to reach the management interface during the PXE boot process. No authentication is required [1].

Impact

Successful exploitation allows the attacker to execute unsigned code on the affected device. This could lead to full compromise of the device at the firmware or operating system level [1].

Mitigation

Cisco has released free software updates to address this vulnerability. Both the Cisco IOS XR Software and the BIOS must be upgraded; the BIOS code is included in the IOS XR software but may require additional installation steps. Customers should consult the Cisco Security Advisory for fixed releases and installation instructions. No workarounds are available [1].