49 matches found
CVE-2020-3524
A vulnerability in the Cisco IOS XE ROM Monitor ROMMON Software for Cisco 4000 Series Integrated Services Routers, Cisco ASR 920 Series Aggregation Services Routers, Cisco ASR 1000 Series Aggregation Services Routers, and Cisco cBR-8 Converged Broadband Routers could allow an unauthenticated,...
CVE-2020-3513
Multiple vulnerabilities in the initialization routines that are executed during bootup of Cisco IOS XE Software for Cisco ASR 900 Series Aggregation Services Routers with a Route Switch Processor 3 RSP3 installed could allow an authenticated, local attacker with high privileges to execute...
CVE-2020-3524
A vulnerability in the Cisco IOS XE ROM Monitor ROMMON Software for Cisco 4000 Series Integrated Services Routers, Cisco ASR 920 Series Aggregation Services Routers, Cisco ASR 1000 Series Aggregation Services Routers, and Cisco cBR-8 Converged Broadband Routers could allow an unauthenticated,...
CVE-2020-3513
Multiple vulnerabilities in the initialization routines that are executed during bootup of Cisco IOS XE Software for Cisco ASR 900 Series Aggregation Services Routers with a Route Switch Processor 3 RSP3 installed could allow an authenticated, local attacker with high privileges to execute...
CVE-2020-3417
A vulnerability in Cisco IOS XE Software could allow an authenticated, local attacker to execute persistent code at boot time and break the chain of trust. This vulnerability is due to incorrect validations by boot scripts when specific ROM monitor ROMMON variables are set. An attacker could...
Design/Logic Flaw
A vulnerability in the Cisco IOS XE ROM Monitor ROMMON Software for Cisco 4000 Series Integrated Services Routers, Cisco ASR 920 Series Aggregation Services Routers, Cisco ASR 1000 Series Aggregation Services Routers, and Cisco cBR-8 Converged Broadband Routers could allow an unauthenticated,...
Design/Logic Flaw
A vulnerability in Cisco IOS XE Software could allow an authenticated, local attacker to execute persistent code at boot time and break the chain of trust. This vulnerability is due to incorrect validations by boot scripts when specific ROM monitor ROMMON variables are set. An attacker could...
CVE-2020-3416
Cisco IOS XE Software for Cisco ASR 900 Series Route Switch Processor 3 (RSP3) consoles a set of boot-time vulnerabilities in the initialization routines. The issues stem from incorrect validations in boot scripts when specific ROMMON variables are defined, enabling an authenticated, local attack...
CVE-2020-3417 Cisco IOS XE Software Arbitrary Code Execution Vulnerability
A vulnerability in Cisco IOS XE Software could allow an authenticated, local attacker to execute persistent code at boot time and break the chain of trust. This vulnerability is due to incorrect validations by boot scripts when specific ROM monitor ROMMON variables are set. An attacker could...
CVE-2020-3417
CVE-2020-3417 affects Cisco IOS XE Software. It enables an authenticated, local attacker to execute persistent code at boot time and break the chain of trust due to incorrect ROMMON-variable handling during boot script validation. Exploitation requires root shell access or physical access to the ...
CVE-2020-3417 Cisco IOS XE Software Arbitrary Code Execution Vulnerability
A vulnerability in Cisco IOS XE Software could allow an authenticated, local attacker to execute persistent code at boot time and break the chain of trust. This vulnerability is due to incorrect validations by boot scripts when specific ROM monitor ROMMON variables are set. An attacker could...
CVE-2020-3524
Cisco IOS XE ROMMON vulnerability (CVE-2020-3524) affects the ROMMON software on Cisco 4000 Series routers, ASR 920/1000 Series, and cBR-8. The root cause is a debugging configuration option in the ROMMON image. An unauthenticated, physical attacker can connect to the device console, boot into RO...
CVE-2020-3524 Cisco IOS XE ROM Monitor Software Vulnerability
A vulnerability in the Cisco IOS XE ROM Monitor ROMMON Software for Cisco 4000 Series Integrated Services Routers, Cisco ASR 920 Series Aggregation Services Routers, Cisco ASR 1000 Series Aggregation Services Routers, and Cisco cBR-8 Converged Broadband Routers could allow an unauthenticated,...
CVE-2020-3524 Cisco IOS XE ROM Monitor Software Vulnerability
A vulnerability in the Cisco IOS XE ROM Monitor ROMMON Software for Cisco 4000 Series Integrated Services Routers, Cisco ASR 920 Series Aggregation Services Routers, Cisco ASR 1000 Series Aggregation Services Routers, and Cisco cBR-8 Converged Broadband Routers could allow an unauthenticated,...
Cisco IOS XE Software for Cisco ASR 900 Series Route Switch Processor 3 Arbitrary Code Execution Vulnerabilities
Multiple vulnerabilities in the initialization routines that are executed during bootup of Cisco IOS XE Software for Cisco ASR 900 Series Aggregation Services Routers with a Route Switch Processor 3 RSP3 installed could allow an authenticated, local attacker with high privileges to execute...
Cisco IOS XE ROM Monitor Software Vulnerability
A vulnerability in the Cisco IOS XE ROM Monitor ROMMON Software for Cisco 4000 Series Integrated Services Routers, Cisco ASR 920 Series Aggregation Services Routers, Cisco ASR 1000 Series Aggregation Services Routers, and Cisco cBR-8 Converged Broadband Routers could allow an unauthenticated,...
Cisco IOS XE Software Arbitrary Code Execution Vulnerability
A vulnerability in Cisco IOS XE Software could allow an authenticated, local attacker to execute persistent code at boot time and break the chain of trust. This vulnerability is due to incorrect validations by boot scripts when specific ROM monitor ROMMON variables are set. An attacker could...
Cisco IOS XE Software Privilege License and Access Control Issues Vulnerability
Cisco IOS XE is the United States Cisco Cisco company's set of operating system developed for its network equipment. A privilege permission and access control issue vulnerability exists in ROMMON in Cisco IOS XE Software. An attacker can exploit this vulnerability by sending parameters to elevate...
The vulnerability of the Cisco IOS operating system’s ROM Monitor, related to the presence of a hidden command that allows attackers to bypass signature checks and load malicious software images.
The vulnerability of the Cisco IOS ROM Monitor is related to the presence of a hidden command. Exploiting this vulnerability allows an attacker to bypass signature checks and load malicious software...
CVE-2018-15370 Cisco Catalyst 6800 Series Switches ROM Monitor Software Secure Boot Bypass Vulnerability
A vulnerability in Cisco IOS ROM Monitor ROMMON Software for Cisco Catalyst 6800 Series Switches could allow an unauthenticated, local attacker to bypass Cisco Secure Boot validation checks and load a compromised software image on an affected device. The vulnerability is due to the presence of a...