How severe is CVE-2024-20265?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.9 out of 10.

What type of vulnerability is CVE-2024-20265?

This is classified as CWE-501, which is a common weakness in software security.

CVE-2024-20265

MEDIUM Year: 2024

CVSS v3 Score

5.9

Medium

Weakness Type

CWE-501

View all →

Vulnerability Description

A vulnerability in the boot process of Cisco Access Point (AP) Software could allow an unauthenticated, physical attacker to bypass the Cisco Secure Boot functionality and load a software image that has been tampered with on an affected device. This vulnerability exists because unnecessary commands are available during boot time at the physical console. An attacker could exploit this vulnerability by interrupting the boot process and executing specific commands to bypass the Cisco Secure Boot validation checks and load an image that has been tampered with. This image would have been previously downloaded onto the targeted device. A successful exploit could allow the attacker to load the image once. The Cisco Secure Boot functionality is not permanently compromised.

CVE-2024-1725

MEDIUM

CVSS:6.5(Medium)

A flaw was found in the kubevirt-csi component of OpenShift Virtualization's Hosted Control Plane (HCP). This issue could allow an authenticated attacker to gain access to the root HCP worker node's v...

CWE-5012024

CVE-2019-0035

MEDIUM

CVSS:6.8(Medium)

When "set system ports console insecure" is enabled, root login is disallowed for Junos OS as expected. However, the root password can be changed using "set system root-authentication plain-text-passw...

CWE-5012019

CVE-2020-15096

MEDIUM

CVSS:6.8(Medium)

In Electron before versions 6.1.1, 7.2.4, 8.2.4, and 9.0.0-beta21, there is a context isolation bypass, meaning that code running in the main world context in the renderer can reach into the isolated ...

CWE-5012020

CVE-2022-20826

MEDIUM

CVSS:6.8(Medium)

A vulnerability in the secure boot implementation of Cisco Secure Firewalls 3100 Series that are running Cisco Adaptive Security Appliance (ASA) Software or Cisco Firepower Threat Defense (FTD) Softwa...

CWE-5012022

CVE-2025-1118

MEDIUM

CVSS:4.4(Medium)

A flaw was found in grub2. Grub's dump command is not blocked when grub is in lockdown mode, which allows the user to read any memory information, and an attacker may leverage this in order to extract...

CWE-5012025

CVE-2023-28597

HIGH

CVSS:7.5(High)

Zoom clients prior to 5.13.5 contain an improper trust boundary implementation vulnerability. If a victim saves a local recording to an SMB location and later opens it using a link from Zoom’s web por...

CWE-5012023

CVE-2024-20265

Vulnerability Description

Related Vulnerabilities

CVE-2024-1725

CVE-2019-0035

CVE-2020-15096

CVE-2022-20826

CVE-2025-1118

CVE-2023-28597