Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-3417

A vulnerability in Cisco IOS XE Software could allow an authenticated, local attacker to execute persistent code at boot time and break the chain of trust. This vulnerability is due to incorrect validations by boot scripts when specific ROM monitor (ROMMON) variables are set. An attacker could exploit this vulnerability by installing code to a specific directory in the underlying operating system (OS) and setting a specific ROMMON variable. A successful exploit could allow the attacker to execute persistent code on the underlying OS. To exploit this vulnerability, the attacker would need access to the root shell on the device or have physical access to the device.

Published

2020-09-24T18:15:18.730

Last Modified

2024-11-21T05:31:00.430

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.8 (MEDIUM)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

3.9

Impact Score

10.0

Weaknesses

Type: Secondary
CWE-78
Type: Primary
CWE-78

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	cisco	ios_xe	3.18.0sp	Yes
Operating System	cisco	ios_xe	3.18.1asp	Yes
Operating System	cisco	ios_xe	3.18.1bsp	Yes
Operating System	cisco	ios_xe	3.18.1csp	Yes
Operating System	cisco	ios_xe	3.18.1gsp	Yes
Operating System	cisco	ios_xe	3.18.1hsp	Yes
Operating System	cisco	ios_xe	3.18.1isp	Yes
Operating System	cisco	ios_xe	3.18.1sp	Yes
Operating System	cisco	ios_xe	3.18.2asp	Yes
Operating System	cisco	ios_xe	3.18.2sp	Yes
Operating System	cisco	ios_xe	3.18.3asp	Yes
Operating System	cisco	ios_xe	3.18.3bsp	Yes
Operating System	cisco	ios_xe	3.18.3sp	Yes
Operating System	cisco	ios_xe	3.18.4sp	Yes
Operating System	cisco	ios_xe	3.18.5sp	Yes
Operating System	cisco	ios_xe	3.18.6sp	Yes
Operating System	cisco	ios_xe	3.18.7sp	Yes
Operating System	cisco	ios_xe	3.18.8asp	Yes
Operating System	cisco	ios_xe	3.18.8sp	Yes
Operating System	cisco	ios_xe	16.6.1	Yes
Operating System	cisco	ios_xe	16.6.2	Yes
Operating System	cisco	ios_xe	16.6.3	Yes
Operating System	cisco	ios_xe	16.6.4	Yes
Operating System	cisco	ios_xe	16.6.4a	Yes
Operating System	cisco	ios_xe	16.6.4s	Yes
Operating System	cisco	ios_xe	16.6.5	Yes
Operating System	cisco	ios_xe	16.6.5a	Yes
Operating System	cisco	ios_xe	16.6.5b	Yes
Operating System	cisco	ios_xe	16.6.6	Yes
Operating System	cisco	ios_xe	16.6.7	Yes
Operating System	cisco	ios_xe	16.6.7a	Yes
Operating System	cisco	ios_xe	16.7.1	Yes
Operating System	cisco	ios_xe	16.7.1a	Yes
Operating System	cisco	ios_xe	16.7.1b	Yes
Operating System	cisco	ios_xe	16.7.2	Yes
Operating System	cisco	ios_xe	16.7.3	Yes
Operating System	cisco	ios_xe	16.7.4	Yes
Operating System	cisco	ios_xe	16.8.1	Yes
Operating System	cisco	ios_xe	16.8.1a	Yes
Operating System	cisco	ios_xe	16.8.1b	Yes
Operating System	cisco	ios_xe	16.8.1c	Yes
Operating System	cisco	ios_xe	16.8.1d	Yes
Operating System	cisco	ios_xe	16.8.1e	Yes
Operating System	cisco	ios_xe	16.8.1s	Yes
Operating System	cisco	ios_xe	16.8.2	Yes
Operating System	cisco	ios_xe	16.8.3	Yes
Operating System	cisco	ios_xe	16.9.1	Yes
Operating System	cisco	ios_xe	16.9.1a	Yes
Operating System	cisco	ios_xe	16.9.1b	Yes
Operating System	cisco	ios_xe	16.9.1c	Yes
Operating System	cisco	ios_xe	16.9.1d	Yes
Operating System	cisco	ios_xe	16.9.1s	Yes
Operating System	cisco	ios_xe	16.9.2	Yes
Operating System	cisco	ios_xe	16.9.2a	Yes
Operating System	cisco	ios_xe	16.9.2s	Yes
Operating System	cisco	ios_xe	16.9.3	Yes
Operating System	cisco	ios_xe	16.9.3a	Yes
Operating System	cisco	ios_xe	16.9.3h	Yes
Operating System	cisco	ios_xe	16.9.3s	Yes
Operating System	cisco	ios_xe	16.9.4	Yes
Operating System	cisco	ios_xe	16.9.4c	Yes
Operating System	cisco	ios_xe	16.9.5	Yes
Operating System	cisco	ios_xe	16.9.5f	Yes
Operating System	cisco	ios_xe	16.10.1	Yes
Operating System	cisco	ios_xe	16.10.1a	Yes
Operating System	cisco	ios_xe	16.10.1b	Yes
Operating System	cisco	ios_xe	16.10.1c	Yes
Operating System	cisco	ios_xe	16.10.1d	Yes
Operating System	cisco	ios_xe	16.10.1e	Yes
Operating System	cisco	ios_xe	16.10.1f	Yes
Operating System	cisco	ios_xe	16.10.1g	Yes
Operating System	cisco	ios_xe	16.10.1s	Yes
Operating System	cisco	ios_xe	16.10.2	Yes
Operating System	cisco	ios_xe	16.10.3	Yes
Operating System	cisco	ios_xe	16.11.1	Yes
Operating System	cisco	ios_xe	16.11.1a	Yes
Operating System	cisco	ios_xe	16.11.1b	Yes
Operating System	cisco	ios_xe	16.11.1c	Yes
Operating System	cisco	ios_xe	16.11.1s	Yes
Operating System	cisco	ios_xe	16.11.2	Yes
Operating System	cisco	ios_xe	16.12.1	Yes
Operating System	cisco	ios_xe	16.12.1a	Yes
Operating System	cisco	ios_xe	16.12.1c	Yes
Operating System	cisco	ios_xe	16.12.1s	Yes
Operating System	cisco	ios_xe	16.12.1t	Yes
Operating System	cisco	ios_xe	16.12.1w	Yes
Operating System	cisco	ios_xe	16.12.1x	Yes
Operating System	cisco	ios_xe	16.12.1y	Yes
Operating System	cisco	ios_xe	16.12.2	Yes
Operating System	cisco	ios_xe	16.12.2a	Yes
Operating System	cisco	ios_xe	16.12.2s	Yes
Operating System	cisco	ios_xe	16.12.2t	Yes
Operating System	cisco	ios_xe	16.12.3	Yes
Operating System	cisco	ios_xe	16.12.3a	Yes
Operating System	cisco	ios_xe	17.1.1	Yes
Operating System	cisco	ios_xe	17.1.1a	Yes
Operating System	cisco	ios_xe	17.1.1s	Yes
Operating System	cisco	ios_xe	17.1.1t	Yes

References

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xbace-OnCEbyS Vendor Advisory ([email protected])
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xbace-OnCEbyS Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)