Lucene search

CiscoCISCO-SA-IOSXE-RSP3-RCE-JVHG8Z7C

HistorySep 24, 2020 - 4:00 p.m.

Cisco IOS XE Software for Cisco ASR 900 Series Route Switch Processor 3 Arbitrary Code Execution Vulnerabilities

2020-09-2416:00:00

tools.cisco.com

0.0004 Low

EPSS

Percentile

5.1%

JSON

Multiple vulnerabilities in the initialization routines that are executed during bootup of Cisco IOS XE Software for Cisco ASR 900 Series Aggregation Services Routers with a Route Switch Processor 3 (RSP3) installed could allow an authenticated, local attacker with high privileges to execute persistent code at bootup and break the chain of trust.

These vulnerabilities are due to incorrect validations by boot scripts when specific ROM monitor (ROMMON) variables are set. An attacker could exploit these vulnerabilities by copying a specific file to the local file system of an affected device and defining specific ROMMON variables. A successful exploit could allow the attacker to run arbitrary code on the underlying operating system (OS) with root privileges. To exploit these vulnerabilities, an attacker would need to have access to the root shell on the device or have physical access to the device.

Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.

This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-rsp3-rce-jVHg8Z7c [“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-rsp3-rce-jVHg8Z7c”]

This advisory is part of the September 24, 2020, release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication, which includes 25 Cisco Security Advisories that describe 34 vulnerabilities. For a complete list of the advisories and links to them, see Cisco Event Response: September 2020 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication [“https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-74268”].

Affected configurations

Vulners

Node

ciscorvs4000_softwareMatch3.16s

ciscorvs4000_softwareMatch3.17s

ciscorvs4000_softwareMatch16.2

ciscorvs4000_softwareMatch16.3

ciscorvs4000_softwareMatch16.4

ciscorvs4000_softwareMatch16.5

ciscorvs4000_softwareMatch3.18s

ciscorvs4000_softwareMatch3.18sp

ciscorvs4000_softwareMatch16.6

ciscorvs4000_softwareMatch16.7

ciscorvs4000_softwareMatch16.8

ciscorvs4000_softwareMatch16.9

ciscorvs4000_softwareMatch16.10

ciscorvs4000_softwareMatch16.11

ciscorvs4000_softwareMatch16.12

ciscorvs4000_softwareMatch17.1

ciscorvs4000_softwareMatchany

ciscorvs4000_softwareMatch3.16.0s

ciscorvs4000_softwareMatch3.16.1s

ciscorvs4000_softwareMatch3.16.0as

ciscorvs4000_softwareMatch3.16.1as

ciscorvs4000_softwareMatch3.16.2as

ciscorvs4000_softwareMatch3.16.0bs

ciscorvs4000_softwareMatch3.16.0cs

ciscorvs4000_softwareMatch3.16.3s

ciscorvs4000_softwareMatch3.16.2bs

ciscorvs4000_softwareMatch3.16.3as

ciscorvs4000_softwareMatch3.16.4s

ciscorvs4000_softwareMatch3.16.4as

ciscorvs4000_softwareMatch3.16.4bs

ciscorvs4000_softwareMatch3.16.4gs

ciscorvs4000_softwareMatch3.16.5s

ciscorvs4000_softwareMatch3.16.4cs

ciscorvs4000_softwareMatch3.16.4ds

ciscorvs4000_softwareMatch3.16.4es

ciscorvs4000_softwareMatch3.16.6s

ciscorvs4000_softwareMatch3.16.5as

ciscorvs4000_softwareMatch3.16.5bs

ciscorvs4000_softwareMatch3.16.7s

ciscorvs4000_softwareMatch3.16.6bs

ciscorvs4000_softwareMatch3.16.7as

ciscorvs4000_softwareMatch3.16.7bs

ciscorvs4000_softwareMatch3.16.8s

ciscorvs4000_softwareMatch3.16.9s

ciscorvs4000_softwareMatch3.16.10s

ciscorvs4000_softwareMatch3.17.0s

ciscorvs4000_softwareMatch3.17.1s

ciscorvs4000_softwareMatch3.17.2s

ciscorvs4000_softwareMatch3.17.1as

ciscorvs4000_softwareMatch3.17.3s

ciscorvs4000_softwareMatch3.17.4s

ciscorvs4000_softwareMatch16.2.1

ciscorvs4000_softwareMatch16.2.2

ciscorvs4000_softwareMatch16.3.1

ciscorvs4000_softwareMatch16.3.2

ciscorvs4000_softwareMatch16.3.3

ciscorvs4000_softwareMatch16.3.1a

ciscorvs4000_softwareMatch16.3.4

ciscorvs4000_softwareMatch16.3.5

ciscorvs4000_softwareMatch16.3.5b

ciscorvs4000_softwareMatch16.3.6

ciscorvs4000_softwareMatch16.3.7

ciscorvs4000_softwareMatch16.3.8

ciscorvs4000_softwareMatch16.3.9

ciscorvs4000_softwareMatch16.3.10

ciscorvs4000_softwareMatch16.4.2

ciscorvs4000_softwareMatch16.4.3

ciscorvs4000_softwareMatch16.5.1

ciscorvs4000_softwareMatch16.5.1a

ciscorvs4000_softwareMatch16.5.1b

ciscorvs4000_softwareMatch16.5.2

ciscorvs4000_softwareMatch16.5.3

ciscorvs4000_softwareMatch3.18.0s

ciscorvs4000_softwareMatch3.18.1s

ciscorvs4000_softwareMatch3.18.2s

ciscorvs4000_softwareMatch3.18.3s

ciscorvs4000_softwareMatch3.18.4s

ciscorvs4000_softwareMatch3.18.0sp

ciscorvs4000_softwareMatch3.18.1sp

ciscorvs4000_softwareMatch3.18.1gsp

ciscorvs4000_softwareMatch3.18.1bsp

ciscorvs4000_softwareMatch3.18.2sp

ciscorvs4000_softwareMatch3.18.1hsp

ciscorvs4000_softwareMatch3.18.1isp

ciscorvs4000_softwareMatch3.18.3sp

ciscorvs4000_softwareMatch3.18.4sp

ciscorvs4000_softwareMatch3.18.5sp

ciscorvs4000_softwareMatch3.18.6sp

ciscorvs4000_softwareMatch3.18.7sp

ciscorvs4000_softwareMatch3.18.8asp

ciscorvs4000_softwareMatch16.6.1

ciscorvs4000_softwareMatch16.6.2

ciscorvs4000_softwareMatch16.6.3

ciscorvs4000_softwareMatch16.6.4

ciscorvs4000_softwareMatch16.6.5

ciscorvs4000_softwareMatch16.6.5a

ciscorvs4000_softwareMatch16.6.6

ciscorvs4000_softwareMatch16.6.7

ciscorvs4000_softwareMatch16.6.8

ciscorvs4000_softwareMatch16.7.1

ciscorvs4000_softwareMatch16.7.2

ciscorvs4000_softwareMatch16.7.3

ciscorvs4000_softwareMatch16.8.1

ciscorvs4000_softwareMatch16.8.1b

ciscorvs4000_softwareMatch16.8.1c

ciscorvs4000_softwareMatch16.9.1

ciscorvs4000_softwareMatch16.9.2

ciscorvs4000_softwareMatch16.9.1a

ciscorvs4000_softwareMatch16.9.1b

ciscorvs4000_softwareMatch16.9.3

ciscorvs4000_softwareMatch16.9.3h

ciscorvs4000_softwareMatch16.9.4

ciscorvs4000_softwareMatch16.9.5

ciscorvs4000_softwareMatch16.9.5f

ciscorvs4000_softwareMatch16.10.1

ciscorvs4000_softwareMatch16.11.1

ciscorvs4000_softwareMatch16.11.1a

ciscorvs4000_softwareMatch16.11.2

ciscorvs4000_softwareMatch16.12.1

ciscorvs4000_softwareMatch16.12.2

ciscorvs4000_softwareMatch16.12.2a

ciscorvs4000_softwareMatch16.12.3

ciscorvs4000_softwareMatch16.12.3s

ciscorvs4000_softwareMatch17.1.1

ciscorvs4000_softwareMatch17.1.1a

ciscorvs4000_softwareMatchany

CPENameOperatorVersion
cisco ios xe softwareeq3.16S
cisco ios xe softwareeq3.17S
cisco ios xe softwareeq16.2
cisco ios xe softwareeq16.3
cisco ios xe softwareeq16.4
cisco ios xe softwareeq16.5
cisco ios xe softwareeq3.18S
cisco ios xe softwareeq3.18SP
cisco ios xe softwareeq16.6
cisco ios xe softwareeq16.7

Name	Operator	Version
cisco ios xe software	eq	3.16S
cisco ios xe software	eq	3.17S
cisco ios xe software	eq	16.2
cisco ios xe software	eq	16.3
cisco ios xe software	eq	16.4
cisco ios xe software	eq	16.5
cisco ios xe software	eq	3.18S
cisco ios xe software	eq	3.18SP
cisco ios xe software	eq	16.6
cisco ios xe software	eq	16.7