42 matches found
EUVD-2001-0739
Malware in sbrugna...
EUVD-2020-24484
Malware in sbrugna...
CVE-2022-20864
A vulnerability in the password-recovery disable feature of Cisco IOS XE ROM Monitor ROMMON Software for Cisco Catalyst Switches could allow an unauthenticated, local attacker to recover the configuration or reset the enable password. This vulnerability is due to a problem with the file and boot...
CVE-2022-20864
CVE-2022-20864 affects Cisco IOS XE ROM Monitor (ROMMON) software on Catalyst Switches. Root cause: a permissions issue in the ROMMON password-recovery disable feature (file and boot variable permissions) that could let an unauthenticated, local attacker reboot to ROMMON and issue commands to rea...
Cisco IOS XE Software ROM Monitor for Industrial Switches Command Injection (cisco-sa-iosxe-romvar-cmd-inj-N56fYbrw)
According to its self-reported version, IOS-XE is affected by a command injection vulnerability due to incorrect validations of specific function arguments passed to a boot script when specific ROMMON variables are set. An unauthenticated, physical attacker can exploit this by setting malicious...
Cisco IOS XE OS Command Injection Vulnerability
Cisco IOS XE is a set of modular operating system based on Linux kernel developed by Cisco for its network equipment. An OS command injection vulnerability exists in ROMMON of Cisco IOS XE. The vulnerability stems from incorrect validation of specific function parameters passed to the startup...
CVE-2021-1452
A vulnerability in the ROM Monitor ROMMON of Cisco IOS XE Software for Cisco Catalyst IE3200, IE3300, and IE3400 Rugged Series Switches, Cisco Catalyst IE3400 Heavy Duty Series Switches, and Cisco Embedded Services 3300 Series Switches could allow an unauthenticated, physical attacker to execute...
CVE-2021-1452
CVE-2021-1452 affects Cisco IOS XE ROMMON on Cisco Catalyst IE3200, IE3300, IE3400 Rugged Series Switches, IE3400 Heavy Duty, and Embedded Services 3300 Series. The flaw stems from incorrect validation of function arguments passed to a boot script when specific ROMMON variables are set, allowing ...
CVE-2020-3513
Multiple vulnerabilities in the initialization routines that are executed during bootup of Cisco IOS XE Software for Cisco ASR 900 Series Aggregation Services Routers with a Route Switch Processor 3 RSP3 installed could allow an authenticated, local attacker with high privileges to execute...
CVE-2020-3417
A vulnerability in Cisco IOS XE Software could allow an authenticated, local attacker to execute persistent code at boot time and break the chain of trust. This vulnerability is due to incorrect validations by boot scripts when specific ROM monitor ROMMON variables are set. An attacker could...
CVE-2020-3416
Multiple vulnerabilities in the initialization routines that are executed during bootup of Cisco IOS XE Software for Cisco ASR 900 Series Aggregation Services Routers with a Route Switch Processor 3 RSP3 installed could allow an authenticated, local attacker with high privileges to execute...
CVE-2020-3416
Multiple vulnerabilities in the initialization routines that are executed during bootup of Cisco IOS XE Software for Cisco ASR 900 Series Aggregation Services Routers with a Route Switch Processor 3 RSP3 installed could allow an authenticated, local attacker with high privileges to execute...
Design/Logic Flaw
Multiple vulnerabilities in the initialization routines that are executed during bootup of Cisco IOS XE Software for Cisco ASR 900 Series Aggregation Services Routers with a Route Switch Processor 3 RSP3 installed could allow an authenticated, local attacker with high privileges to execute...
CVE-2020-3416
Cisco IOS XE Software for Cisco ASR 900 Series Route Switch Processor 3 (RSP3) consoles a set of boot-time vulnerabilities in the initialization routines. The issues stem from incorrect validations in boot scripts when specific ROMMON variables are defined, enabling an authenticated, local attack...
CVE-2020-3416 Cisco IOS XE Software for Cisco ASR 900 Series Route Switch Processor 3 Arbitrary Code Execution Vulnerabilities
Multiple vulnerabilities in the initialization routines that are executed during bootup of Cisco IOS XE Software for Cisco ASR 900 Series Aggregation Services Routers with a Route Switch Processor 3 RSP3 installed could allow an authenticated, local attacker with high privileges to execute...
CVE-2020-3417
CVE-2020-3417 affects Cisco IOS XE Software. It enables an authenticated, local attacker to execute persistent code at boot time and break the chain of trust due to incorrect ROMMON-variable handling during boot script validation. Exploitation requires root shell access or physical access to the ...
CVE-2020-3513
CVE-2020-3513 affects Cisco IOS XE Software on Cisco ASR 900 Series Routers with Route Switch Processor 3 (RSP3). Connected advisories confirm multiple boot-time vulnerabilities tied to incorrect ROMMON variable handling and boot-script validation, enabling an authenticated local attacker with hi...
CVE-2020-3513 Cisco IOS XE Software for Cisco ASR 900 Series Route Switch Processor 3 Arbitrary Code Execution Vulnerabilities
Multiple vulnerabilities in the initialization routines that are executed during bootup of Cisco IOS XE Software for Cisco ASR 900 Series Aggregation Services Routers with a Route Switch Processor 3 RSP3 installed could allow an authenticated, local attacker with high privileges to execute...
CVE-2020-3513 Cisco IOS XE Software for Cisco ASR 900 Series Route Switch Processor 3 Arbitrary Code Execution Vulnerabilities
Multiple vulnerabilities in the initialization routines that are executed during bootup of Cisco IOS XE Software for Cisco ASR 900 Series Aggregation Services Routers with a Route Switch Processor 3 RSP3 installed could allow an authenticated, local attacker with high privileges to execute...
CVE-2020-3524
Cisco IOS XE ROMMON vulnerability (CVE-2020-3524) affects the ROMMON software on Cisco 4000 Series routers, ASR 920/1000 Series, and cBR-8. The root cause is a debugging configuration option in the ROMMON image. An unauthenticated, physical attacker can connect to the device console, boot into RO...