Monday, May 12, 2025
HomeCiscoCisco IOS Verification Flaw Let Attackers Execute Arbitrary Code

Cisco IOS Verification Flaw Let Attackers Execute Arbitrary Code

Published on

SIEM as a Service

Follow Us on Google News

Cisco has been discovered with an arbitrary code execution flaw on their Cisco IOS XR Software image verification checks, which allows an authenticated, local attacker to execute arbitrary code on their underlying operating system.

Cisco Internetwork Operating System (IOS) is a network operating system that can be used in large-scale enterprise environments for high-performance and reliable routing. It is a privately owned Operating System that runs on the Cisco Systems routers and switches. 

CVE-2023-20135: Cisco IOS XR Image Verification Vulnerability

This is a Time-of-Check Time-of-use (TOCTOU) race condition due to the install query sent to the ISO image during an ISO install operation. A threat actor can exploit this by modifying an ISO image and carrying out the install requests in parallel, resulting in an arbitrary code execution if the exploitation succeeds.

- Advertisement - Google News

CISCO SYSTEMS GIVES the CVSS score for this vulnerability as 5.7 (Medium). Cisco has released a security advisory for addressing this vulnerability.

Document
Get a Demo

Start protecting your SaaS data in just a few minutes!

With DoControl, you can keep your SaaS applications and data safe and secure by creating workflows tailored to your needs. It’s an easy and efficient way to identify and manage risks. You can mitigate the risk and exposure of your organization’s SaaS applications in just a few simple steps.

Affected Products

As per the reports shared with Cyber Security News, the affected products are as mentioned below,

  • 8000 Series Routers
  • Network Convergence System (NCS) 540 Series Routers that are running the NCS540L images
  • Network Convergence System (NCS) 5700 Series Routers that are running the NCS5700 images (NCS-57B1-5DSE-SYS, NCS-57B1-6D24-SYS and NCS-57C1-48Q6-SYS)

However, Cisco has confirmed that this product does not affect IOS Software, IOS XE Software, and NX-OS Software.

Fixed in Release

Cisco IOS XR ReleaseFirst Fixed Release
Earlier than 7.5.2Not affected.
7.5.2 and laterMigrate to a fixed release.
7.6 and laterNot affected.
7.7 and later7.10.1

Users of these products are recommended to upgrade to the latest version to fix this vulnerability and prevent them from getting exploited.

Keep informed about the latest cybersecurity news by following us on Google NewsLinkedinTwitter, and Facebook.

Eswar
Eswar
Eswar is a Cyber security content editor with a passion for creating captivating and informative content. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news.

Latest articles

Open Source Linux Firewall IPFire 2.29 – Core Update 194 Released: What’s New!

IPFire, the powerful open-source firewall, has unveiled its latest release, IPFire 2.29 – Core...

Threat Actors Leverage DDoS Attacks as Smokescreens for Data Theft

Distributed Denial of Service (DDoS) attacks, once seen as crude tools for disruption wielded...

20-Year-Old Proxy Botnet Network Dismantled After Exploiting 1,000 Unpatched Devices Each Week

A 20-year-old criminal proxy network has been disrupted through a joint operation involving Lumen’s...

“PupkinStealer” – .NET Malware Steals Browser Data and Exfiltrates via Telegram

A new information-stealing malware dubbed “PupkinStealer” has emerged as a significant threat to individuals...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Open Source Linux Firewall IPFire 2.29 – Core Update 194 Released: What’s New!

IPFire, the powerful open-source firewall, has unveiled its latest release, IPFire 2.29 – Core...

Threat Actors Leverage DDoS Attacks as Smokescreens for Data Theft

Distributed Denial of Service (DDoS) attacks, once seen as crude tools for disruption wielded...

20-Year-Old Proxy Botnet Network Dismantled After Exploiting 1,000 Unpatched Devices Each Week

A 20-year-old criminal proxy network has been disrupted through a joint operation involving Lumen’s...