{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-28T00:43:37.873","vulnerabilities":[{"cve":{"id":"CVE-2023-20082","sourceIdentifier":"psirt@cisco.com","published":"2023-03-23T17:15:14.953","lastModified":"2024-11-21T07:40:30.893","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability in Cisco IOS XE Software for Cisco Catalyst 9300 Series Switches could allow an authenticated, local attacker with level-15 privileges or an unauthenticated attacker with physical access to the device to execute persistent code at boot time and break the chain of trust. This vulnerability is due to errors that occur when retrieving the public release key that is used for image signature verification. An attacker could exploit this vulnerability by modifying specific variables in the Serial Peripheral Interface (SPI) flash memory of an affected device. A successful exploit could allow the attacker to execute persistent code on the underlying operating system. Note: In Cisco IOS XE Software releases 16.11.1 and later, the complexity of an attack using this vulnerability is high. However, an attacker with level-15 privileges could easily downgrade the Cisco IOS XE Software on a device to a release that would lower the attack complexity."}],"metrics":{"cvssMetricV31":[{"source":"psirt@cisco.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"PHYSICAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":0.9,"impactScore":5.2},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":6.8,"baseSeverity":"MEDIUM","attackVector":"PHYSICAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":0.9,"impactScore":5.9}]},"weaknesses":[{"source":"psirt@cisco.com","type":"Secondary","description":[{"lang":"en","value":"CWE-78"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:ios_xe:*:*:*:*:*:*:*:*","versionEndExcluding":"17.3.7","matchCriteriaId":"CC8A9AA8-8B32-4DC7-ABD9-BF2C5626BC20"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:ios_xe:*:*:*:*:*:*:*:*","versionStartIncluding":"17.4","versionEndExcluding":"17.6.5","matchCriteriaId":"612EB810-AB85-49D4-BB5C-C03E2B1A0B43"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:ios_xe:17.7:*:*:*:*:*:*:*","matchCriteriaId":"9E0D8A08-6D86-44CE-8002-596EE74C4B26"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:cisco:catalyst_9300:-:*:*:*:*:*:*:*","matchCriteriaId":"0972076B-5C87-44B3-90EC-4C200B89318A"},{"vulnerable":false,"criteria":"cpe:2.3:h:cisco:catalyst_9300-24p-a:-:*:*:*:*:*:*:*","matchCriteriaId":"3765B3DB-8B1B-46EF-AF7D-ED1EB2079C3A"},{"vulnerable":false,"criteria":"cpe:2.3:h:cisco:catalyst_9300-24p-e:-:*:*:*:*:*:*:*","matchCriteriaId":"74AED057-2458-4DE0-8D51-ABD766D07F68"},{"vulnerable":false,"criteria":"cpe:2.3:h:cisco:catalyst_9300-24s-a:-:*:*:*:*:*:*:*","matchCriteriaId":"19538C03-5FB8-4401-8B21-489C629D7E7D"},{"vulnerable":false,"criteria":"cpe:2.3:h:cisco:catalyst_9300-24s-e:-:*:*:*:*:*:*:*","matchCriteriaId":"B26D7061-F471-4DF0-A892-ED132958B84A"},{"vulnerable":false,"criteria":"cpe:2.3:h:cisco:catalyst_9300-24t-a:-:*:*:*:*:*:*:*","matchCriteriaId":"033ED443-80E7-4012-9825-07AAC0D44B96"},{"vulnerable":false,"criteria":"cpe:2.3:h:cisco:catalyst_9300-24t-e:-:*:*:*:*:*:*:*","matchCriteriaId":"AD3F3CC6-A349-47B1-B282-B6458683C191"},{"vulnerable":false,"criteria":"cpe:2.3:h:cisco:catalyst_9300-24u-a:-:*:*:*:*:*:*:*","matchCriteriaId":"CB24EF21-1C10-48A7-BC68-FFC842A28D12"},{"vulnerable":false,"criteria":"cpe:2.3:h:cisco:catalyst_9300-24u-e:-:*:*:*:*:*:*:*","matchCriteriaId":"ED0625A2-BF14-4552-83D8-AEE0A04EA023"},{"vulnerable":false,"criteria":"cpe:2.3:h:cisco:catalyst_9300-24ux-a:-:*:*:*:*:*:*:*","matchCriteriaId":"CD0D6ED6-AE64-4E20-B9CD-3EAA22709CFF"},{"vulnerable":false,"criteria":"cpe:2.3:h:cisco:catalyst_9300-24ux-e:-:*:*:*:*:*:*:*","matchCriteriaId":"21AFDC0D-7629-424E-827B-C8A8767324C3"},{"vulnerable":false,"criteria":"cpe:2.3:h:cisco:catalyst_9300-48p-a:-:*:*:*:*:*:*:*","matchCriteriaId":"A263CFF2-A659-405B-90EA-51E49B25C6D3"},{"vulnerable":false,"criteria":"cpe:2.3:h:cisco:catalyst_9300-48p-e:-:*:*:*:*:*:*:*","matchCriteriaId":"CEFBD449-217D-4569-99F7-D56B853A3E07"},{"vulnerable":false,"criteria":"cpe:2.3:h:cisco:catalyst_9300-48s-a:-:*:*:*:*:*:*:*","matchCriteriaId":"7ED668FC-D1A5-4175-A234-23760BA6E788"},{"vulnerable":false,"criteria":"cpe:2.3:h:cisco:catalyst_9300-48s-e:-:*:*:*:*:*:*:*","matchCriteriaId":"0D650C48-9241-42F7-87A9-20733329489A"},{"vulnerable":false,"criteria":"cpe:2.3:h:cisco:catalyst_9300-48t-a:-:*:*:*:*:*:*:*","matchCriteriaId":"3ED16A65-9AFF-4825-95D1-162FBA0F566D"},{"vulnerable":false,"criteria":"cpe:2.3:h:cisco:catalyst_9300-48t-e:-:*:*:*:*:*:*:*","matchCriteriaId":"82D345E7-8208-41AC-B11A-4425D29E98A1"},{"vulnerable":false,"criteria":"cpe:2.3:h:cisco:catalyst_9300-48u-a:-:*:*:*:*:*:*:*","matchCriteriaId":"E386D461-F1C1-4970-B056-D6119E74D449"},{"vulnerable":false,"criteria":"cpe:2.3:h:cisco:catalyst_9300-48u-e:-:*:*:*:*:*:*:*","matchCriteriaId":"99F3A466-F665-4132-ABC4-2DFC0A7E2B55"},{"vulnerable":false,"criteria":"cpe:2.3:h:cisco:catalyst_9300-48un-a:-:*:*:*:*:*:*:*","matchCriteriaId":"B3395168-FF2E-4CB6-AABE-5E36DEB241CA"},{"vulnerable":false,"criteria":"cpe:2.3:h:cisco:catalyst_9300-48un-e:-:*:*:*:*:*:*:*","matchCriteriaId":"5F525CBC-1CE6-4CAB-B1C1-DFA7EA462EF0"},{"vulnerable":false,"criteria":"cpe:2.3:h:cisco:catalyst_9300-48uxm-a:-:*:*:*:*:*:*:*","matchCriteriaId":"226F985C-4669-4D0A-9DB4-CB1465B37B02"},{"vulnerable":false,"criteria":"cpe:2.3:h:cisco:catalyst_9300-48uxm-e:-:*:*:*:*:*:*:*","matchCriteriaId":"0B736A43-6F4E-40A9-84E4-D9E251489234"},{"vulnerable":false,"criteria":"cpe:2.3:h:cisco:catalyst_9300l:-:*:*:*:*:*:*:*","matchCriteriaId":"B2FF888F-46F5-4A79-BB88-BB2EC2D27E24"},{"vulnerable":false,"criteria":"cpe:2.3:h:cisco:catalyst_9300l-24p-4g-a:-:*:*:*:*:*:*:*","matchCriteriaId":"26437DA7-2EFE-4CA2-8DB0-9FECBEFAE4EA"},{"vulnerable":false,"criteria":"cpe:2.3:h:cisco:catalyst_9300l-24p-4g-e:-:*:*:*:*:*:*:*","matchCriteriaId":"E99CA124-7D86-463B-A31E-A7836B7493E6"},{"vulnerable":false,"criteria":"cpe:2.3:h:cisco:catalyst_9300l-24p-4x-a:-:*:*:*:*:*:*:*","matchCriteriaId":"E014B028-8DD9-428C-B705-8F428F145932"},{"vulnerable":false,"criteria":"cpe:2.3:h:cisco:catalyst_9300l-24p-4x-e:-:*:*:*:*:*:*:*","matchCriteriaId":"A6C44229-A842-49B2-AD3E-79C83DB63EBE"},{"vulnerable":false,"criteria":"cpe:2.3:h:cisco:catalyst_9300l-24t-4g-a:-:*:*:*:*:*:*:*","matchCriteriaId":"5D56D21F-0F55-4AB1-AB9B-8EAE08F4BEDA"},{"vulnerable":false,"criteria":"cpe:2.3:h:cisco:catalyst_9300l-24t-4g-e:-:*:*:*:*:*:*:*","matchCriteriaId":"D3C0441D-A7AC-4B4E-970A-3A441C2F66B0"},{"vulnerable":false,"criteria":"cpe:2.3:h:cisco:catalyst_9300l-24t-4x-a:-:*:*:*:*:*:*:*","matchCriteriaId":"5306E847-C718-4C83-9C97-8AB498DC4A88"},{"vulnerable":false,"criteria":"cpe:2.3:h:cisco:catalyst_9300l-24t-4x-e:-:*:*:*:*:*:*:*","matchCriteriaId":"18287CEF-B574-4498-A256-567CA6E6CA7C"},{"vulnerable":false,"criteria":"cpe:2.3:h:cisco:catalyst_9300l-48p-4g-a:-:*:*:*:*:*:*:*","matchCriteriaId":"1E9AAA2C-495E-4FD1-9050-264FDC25254B"},{"vulnerable":false,"criteria":"cpe:2.3:h:cisco:catalyst_9300l-48p-4g-e:-:*:*:*:*:*:*:*","matchCriteriaId":"5713043E-2535-4540-B3EF-41FAC40BECE9"},{"vulnerable":false,"criteria":"cpe:2.3:h:cisco:catalyst_9300l-48p-4x-a:-:*:*:*:*:*:*:*","matchCriteriaId":"0C0C18E5-45B9-49D2-A4AB-DD8D5CB04C5C"},{"vulnerable":false,"criteria":"cpe:2.3:h:cisco:catalyst_9300l-48p-4x-e:-:*:*:*:*:*:*:*","matchCriteriaId":"67701D77-8B03-446A-AE22-4B8CCCD6F029"},{"vulnerable":false,"criteria":"cpe:2.3:h:cisco:catalyst_9300l-48t-4g-a:-:*:*:*:*:*:*:*","matchCriteriaId":"5B0BEAE3-2056-4B7B-8D7C-AEE3DC86CC2A"},{"vulnerable":false,"criteria":"cpe:2.3:h:cisco:catalyst_9300l-48t-4g-e:-:*:*:*:*:*:*:*","matchCriteriaId":"831A2390-7170-4FC0-A95E-3DAB1791017D"},{"vulnerable":false,"criteria":"cpe:2.3:h:cisco:catalyst_9300l-48t-4x-a:-:*:*:*:*:*:*:*","matchCriteriaId":"F788CBC4-782F-4A43-AC80-4AEF1C43A22D"},{"vulnerable":false,"criteria":"cpe:2.3:h:cisco:catalyst_9300l-48t-4x-e:-:*:*:*:*:*:*:*","matchCriteriaId":"493989DC-8F1B-45C9-AD11-38B97B958C9C"},{"vulnerable":false,"criteria":"cpe:2.3:h:cisco:catalyst_9300l_stack:-:*:*:*:*:*:*:*","matchCriteriaId":"419ABFB5-2C27-4EBE-98EF-8A8B718CD1F9"},{"vulnerable":false,"criteria":"cpe:2.3:h:cisco:catalyst_9300lm:-:*:*:*:*:*:*:*","matchCriteriaId":"FA0DBB2E-DB15-47E1-B8F2-3AC0B1197C5F"},{"vulnerable":false,"criteria":"cpe:2.3:h:cisco:catalyst_9300x:-:*:*:*:*:*:*:*","matchCriteriaId":"F168FB20-0C44-4A5B-910A-04B9517545C2"}]}]}],"references":[{"url":"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-c9300-spi-ace-yejYgnNQ","source":"psirt@cisco.com","tags":["Vendor Advisory"]},{"url":"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-c9300-spi-ace-yejYgnNQ","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}