Cisco IOS XE
Easy fix10 remedies
cpe:2.3:a:cisco:ios_xe:*:*:*:*:*:*:*
Easy fix10 remedies
- >= 17.8.1
- >= 17.7.1
- >= 17.3.1
- >= 17.15.1
- >= 17.12.1
- >= 17.15.3
- >= 17.13.1
- >= 17.4.1
- >= 17.17.1
Cisco IOS XE Software Secure Boot Bypass Vulnerability Allowing Persistent Code Execution
Vulnerability
Patched
A vulnerability exists in Cisco IOS XE Software that could enable an authenticated, local attacker with level-15 privileges, or an unauthenticated attacker with physical access to the device, to execute persistent code at boot time, thereby disrupting the chain of trust. This issue arises from improper validation of software packages, allowing an attacker to place a crafted file in a specific location on the device. Exploitation of this vulnerability could lead to the execution of persistent code on the underlying operating system.
Impact
Exploitation of this vulnerability allows for persistent code execution at boot time, bypassing a critical security feature and breaking the device's chain of trust.
Remediation
Cisco has released software updates to address this vulnerability. Instructions for upgrading can be found on the Cisco Support and Downloads page. Customers without a Cisco service contract should contact the Cisco Technical Assistance Center (TAC) for assistance.
Added: Sep 24, 2025, 6:52 PM
Updated: Sep 24, 2025, 6:52 PM
Vulnerability Rating
Custom Algorithm
spread
8.1impact
10.0exploitability
1.6remediation
8.3relevance
0.5threat
0.0urgency
2.9incentive
1.7Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.