Lucene search

[email protected]CVE-2020-3524

HistorySep 24, 2020 - 6:15 p.m.

CVE-2020-3524

2020-09-2418:15:21

CWE-284

CWE-862

[email protected]

web.nvd.nist.gov

cisco

ios xe

rom monitor

rommon

software

vulnerability

cisco routers

nvd

cve-2020-3524

6.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

6.8 Medium

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

6.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

30.8%

JSON

A vulnerability in the Cisco IOS XE ROM Monitor (ROMMON) Software for Cisco 4000 Series Integrated Services Routers, Cisco ASR 920 Series Aggregation Services Routers, Cisco ASR 1000 Series Aggregation Services Routers, and Cisco cBR-8 Converged Broadband Routers could allow an unauthenticated, physical attacker to break the chain of trust and load a compromised software image on an affected device. The vulnerability is due to the presence of a debugging configuration option in the affected software. An attacker could exploit this vulnerability by connecting to an affected device through the console, forcing the device into ROMMON mode, and writing a malicious pattern using that specific option on the device. A successful exploit could allow the attacker to break the chain of trust and load a compromised software image on the affected device. A compromised software image is any software image that has not been digitally signed by Cisco.

Affected configurations

NVD

Node

ciscoios_xe_rom_monitorRange<16.2\(1r\)

AND

cisco4221_integrated_services_routerMatch-

cisco4331_integrated_services_routerMatch-

cisco4431_integrated_services_routerMatch-

cisco4461_integrated_services_routerMatch-

Node

ciscoios_xe_rom_monitorRange<15.6\(18r\)

AND

ciscoasr-920-10sz-pdMatch-

ciscoasr-920-12cz-aMatch-

ciscoasr-920-12cz-dMatch-

ciscoasr-920-12sz-aMatch-

ciscoasr-920-12sz-dMatch-

ciscoasr-920-20sz-mMatch-

ciscoasr-920-24sz-imMatch-

ciscoasr-920-24sz-mMatch-

ciscoasr-920-24tz-mMatch-

ciscoasr-920-4sz-aMatch-

ciscoasr-920-4sz-dMatch-

ciscoasr_920u-12sz-imMatch-

Node

ciscoios_xe_rom_monitorRange<16.2\(1r\)

AND

ciscoasr_1000-xMatch-

ciscoasr_1001Match-

ciscoasr_1001-xMatch-

ciscoasr_1002Match-

ciscoasr_1002-xMatch-

ciscoasr_1004Match-

ciscoasr_1006Match-

ciscoasr_1013Match-

Node

ciscoios_xe_rom_monitorRange<16.4\(1r\)s

AND

ciscocbr8Match-

CPENameOperatorVersion
cisco:ios_xe_rom_monitorcisco ios xe rom monitorlt16.2\(1r\)

CPE	Name	Operator	Version
cisco:ios_xe_rom_monitor	cisco ios xe rom monitor	lt	16.2\(1r\)

CNA Affected

[
  {
    "product": "Cisco IOS XE ROMMON Software ",
    "vendor": "Cisco",
    "versions": [
      {
        "status": "affected",
        "version": "n/a"
      }
    ]
  }
]

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rommon-secboot-7JgVLVYC

6.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

6.8 Medium

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

6.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

30.8%

JSON

Related for CVE-2020-3524

cvelist1 prion1 cisco1 nvd1