Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-20864

A vulnerability in the password-recovery disable feature of Cisco IOS XE ROM Monitor (ROMMON) Software for Cisco Catalyst Switches could allow an unauthenticated, local attacker to recover the configuration or reset the enable password. This vulnerability is due to a problem with the file and boot variable permissions in ROMMON. An attacker could exploit this vulnerability by rebooting the switch into ROMMON and entering specific commands through the console. A successful exploit could allow the attacker to read any file or reset the enable password.

Security Impact Summary

This vulnerability carries a MEDIUM severity rating with a CVSS v3.1 score of 4.6, with relatively low complexity without requiring user interaction and does not require pre-existing privileges . The vulnerability impacts confidentiality (data exposure), for affected systems. Impacting 240 products from cisco, from cisco, from cisco and 237 others, organizations running these solutions should prioritize assessment and patching.

Historical Context

Reported in 2022, this vulnerability emerged during an era marked by increased sophistication in supply chain attacks, cloud infrastructure vulnerabilities, and software-as-a-service (SaaS) security challenges. Security practices during this period emphasized zero-trust architectures, container security, and API protection.

Published

2022-10-10T21:15:10.207

Last Modified

2024-11-21T06:43:42.610

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 4.6 (MEDIUM)

Weaknesses

Type: Secondary
CWE-538
Type: Primary
NVD-CWE-Other

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	cisco	ios_xe_rom_monitor	-	Yes
Hardware	cisco	catalyst_3650	-	No
Hardware	cisco	catalyst_3650-12x48fd-e	-	No
Hardware	cisco	catalyst_3650-12x48fd-l	-	No
Hardware	cisco	catalyst_3650-12x48fd-s	-	No
Hardware	cisco	catalyst_3650-12x48uq	-	No
Hardware	cisco	catalyst_3650-12x48uq-e	-	No
Hardware	cisco	catalyst_3650-12x48uq-l	-	No
Hardware	cisco	catalyst_3650-12x48uq-s	-	No
Hardware	cisco	catalyst_3650-12x48ur	-	No
Hardware	cisco	catalyst_3650-12x48ur-e	-	No
Hardware	cisco	catalyst_3650-12x48ur-l	-	No
Hardware	cisco	catalyst_3650-12x48ur-s	-	No
Hardware	cisco	catalyst_3650-12x48uz	-	No
Hardware	cisco	catalyst_3650-12x48uz-e	-	No
Hardware	cisco	catalyst_3650-12x48uz-l	-	No
Hardware	cisco	catalyst_3650-12x48uz-s	-	No
Hardware	cisco	catalyst_3650-24pd	-	No
Hardware	cisco	catalyst_3650-24pd-e	-	No
Hardware	cisco	catalyst_3650-24pd-l	-	No
Hardware	cisco	catalyst_3650-24pd-s	-	No
Hardware	cisco	catalyst_3650-24pdm	-	No
Hardware	cisco	catalyst_3650-24pdm-e	-	No
Hardware	cisco	catalyst_3650-24pdm-l	-	No
Hardware	cisco	catalyst_3650-24pdm-s	-	No
Hardware	cisco	catalyst_3650-24ps-e	-	No
Hardware	cisco	catalyst_3650-24ps-l	-	No
Hardware	cisco	catalyst_3650-24ps-s	-	No
Hardware	cisco	catalyst_3650-24td-e	-	No
Hardware	cisco	catalyst_3650-24td-l	-	No
Hardware	cisco	catalyst_3650-24td-s	-	No
Hardware	cisco	catalyst_3650-24ts-e	-	No
Hardware	cisco	catalyst_3650-24ts-l	-	No
Hardware	cisco	catalyst_3650-24ts-s	-	No
Hardware	cisco	catalyst_3650-48fd-e	-	No
Hardware	cisco	catalyst_3650-48fd-l	-	No
Hardware	cisco	catalyst_3650-48fd-s	-	No
Hardware	cisco	catalyst_3650-48fq	-	No
Hardware	cisco	catalyst_3650-48fq-e	-	No
Hardware	cisco	catalyst_3650-48fq-l	-	No
Hardware	cisco	catalyst_3650-48fq-s	-	No
Hardware	cisco	catalyst_3650-48fqm	-	No
Hardware	cisco	catalyst_3650-48fqm-e	-	No
Hardware	cisco	catalyst_3650-48fqm-l	-	No
Hardware	cisco	catalyst_3650-48fqm-s	-	No
Hardware	cisco	catalyst_3650-48fs-e	-	No
Hardware	cisco	catalyst_3650-48fs-l	-	No
Hardware	cisco	catalyst_3650-48fs-s	-	No
Hardware	cisco	catalyst_3650-48pd-e	-	No
Hardware	cisco	catalyst_3650-48pd-l	-	No
Hardware	cisco	catalyst_3650-48pd-s	-	No
Hardware	cisco	catalyst_3650-48pq-e	-	No
Hardware	cisco	catalyst_3650-48pq-l	-	No
Hardware	cisco	catalyst_3650-48pq-s	-	No
Hardware	cisco	catalyst_3650-48ps-e	-	No
Hardware	cisco	catalyst_3650-48ps-l	-	No
Hardware	cisco	catalyst_3650-48ps-s	-	No
Hardware	cisco	catalyst_3650-48td-e	-	No
Hardware	cisco	catalyst_3650-48td-l	-	No
Hardware	cisco	catalyst_3650-48td-s	-	No
Hardware	cisco	catalyst_3650-48tq-e	-	No
Hardware	cisco	catalyst_3650-48tq-l	-	No
Hardware	cisco	catalyst_3650-48tq-s	-	No
Hardware	cisco	catalyst_3650-48ts-e	-	No
Hardware	cisco	catalyst_3650-48ts-l	-	No
Hardware	cisco	catalyst_3650-48ts-s	-	No
Hardware	cisco	catalyst_3650-8x24pd-e	-	No
Hardware	cisco	catalyst_3650-8x24pd-l	-	No
Hardware	cisco	catalyst_3650-8x24pd-s	-	No
Hardware	cisco	catalyst_3650-8x24uq	-	No
Hardware	cisco	catalyst_3650-8x24uq-e	-	No
Hardware	cisco	catalyst_3650-8x24uq-l	-	No
Hardware	cisco	catalyst_3650-8x24uq-s	-	No
Hardware	cisco	catalyst_3850	-	No
Hardware	cisco	catalyst_3850-12s-e	-	No
Hardware	cisco	catalyst_3850-12s-s	-	No
Hardware	cisco	catalyst_3850-12x48u	-	No
Hardware	cisco	catalyst_3850-12xs-e	-	No
Hardware	cisco	catalyst_3850-12xs-s	-	No
Hardware	cisco	catalyst_3850-16xs-e	-	No
Hardware	cisco	catalyst_3850-16xs-s	-	No
Hardware	cisco	catalyst_3850-24p-e	-	No
Hardware	cisco	catalyst_3850-24p-l	-	No
Hardware	cisco	catalyst_3850-24p-s	-	No
Hardware	cisco	catalyst_3850-24pw-s	-	No
Hardware	cisco	catalyst_3850-24s-e	-	No
Hardware	cisco	catalyst_3850-24s-s	-	No
Hardware	cisco	catalyst_3850-24t-e	-	No
Hardware	cisco	catalyst_3850-24t-l	-	No
Hardware	cisco	catalyst_3850-24t-s	-	No
Hardware	cisco	catalyst_3850-24u	-	No
Hardware	cisco	catalyst_3850-24u-e	-	No
Hardware	cisco	catalyst_3850-24u-l	-	No
Hardware	cisco	catalyst_3850-24u-s	-	No
Hardware	cisco	catalyst_3850-24xs	-	No
Hardware	cisco	catalyst_3850-24xs-e	-	No
Hardware	cisco	catalyst_3850-24xs-s	-	No
Hardware	cisco	catalyst_3850-24xu	-	No
Hardware	cisco	catalyst_3850-24xu-e	-	No
Hardware	cisco	catalyst_3850-24xu-l	-	No
Hardware	cisco	catalyst_3850-24xu-s	-	No
Hardware	cisco	catalyst_3850-32xs-e	-	No
Hardware	cisco	catalyst_3850-32xs-s	-	No
Hardware	cisco	catalyst_3850-48f-e	-	No
Hardware	cisco	catalyst_3850-48f-l	-	No
Hardware	cisco	catalyst_3850-48f-s	-	No
Hardware	cisco	catalyst_3850-48p-e	-	No
Hardware	cisco	catalyst_3850-48p-l	-	No
Hardware	cisco	catalyst_3850-48p-s	-	No
Hardware	cisco	catalyst_3850-48pw-s	-	No
Hardware	cisco	catalyst_3850-48t-e	-	No
Hardware	cisco	catalyst_3850-48t-l	-	No
Hardware	cisco	catalyst_3850-48t-s	-	No
Hardware	cisco	catalyst_3850-48u	-	No
Hardware	cisco	catalyst_3850-48u-e	-	No
Hardware	cisco	catalyst_3850-48u-l	-	No
Hardware	cisco	catalyst_3850-48u-s	-	No
Hardware	cisco	catalyst_3850-48xs	-	No
Hardware	cisco	catalyst_3850-48xs-e	-	No
Hardware	cisco	catalyst_3850-48xs-f-e	-	No
Hardware	cisco	catalyst_3850-48xs-f-s	-	No
Hardware	cisco	catalyst_3850-48xs-s	-	No
Hardware	cisco	catalyst_3850-nm-2-40g	-	No
Hardware	cisco	catalyst_3850-nm-8-10g	-	No
Hardware	cisco	catalyst_9200	-	No
Hardware	cisco	catalyst_9200cx	-	No
Hardware	cisco	catalyst_9200l	-	No
Hardware	cisco	catalyst_9300	-	No
Hardware	cisco	catalyst_9300-24p-a	-	No
Hardware	cisco	catalyst_9300-24p-e	-	No
Hardware	cisco	catalyst_9300-24s-a	-	No
Hardware	cisco	catalyst_9300-24s-e	-	No
Hardware	cisco	catalyst_9300-24t-a	-	No
Hardware	cisco	catalyst_9300-24t-e	-	No
Hardware	cisco	catalyst_9300-24u-a	-	No
Hardware	cisco	catalyst_9300-24u-e	-	No
Hardware	cisco	catalyst_9300-24ux-a	-	No
Hardware	cisco	catalyst_9300-24ux-e	-	No
Hardware	cisco	catalyst_9300-48p-a	-	No
Hardware	cisco	catalyst_9300-48p-e	-	No
Hardware	cisco	catalyst_9300-48s-a	-	No
Hardware	cisco	catalyst_9300-48s-e	-	No
Hardware	cisco	catalyst_9300-48t-a	-	No
Hardware	cisco	catalyst_9300-48t-e	-	No
Hardware	cisco	catalyst_9300-48u-a	-	No
Hardware	cisco	catalyst_9300-48u-e	-	No
Hardware	cisco	catalyst_9300-48un-a	-	No
Hardware	cisco	catalyst_9300-48un-e	-	No
Hardware	cisco	catalyst_9300-48uxm-a	-	No
Hardware	cisco	catalyst_9300-48uxm-e	-	No
Hardware	cisco	catalyst_9300l	-	No
Hardware	cisco	catalyst_9300l-24p-4g-a	-	No
Hardware	cisco	catalyst_9300l-24p-4g-e	-	No
Hardware	cisco	catalyst_9300l-24p-4x-a	-	No
Hardware	cisco	catalyst_9300l-24p-4x-e	-	No
Hardware	cisco	catalyst_9300l-24t-4g-a	-	No
Hardware	cisco	catalyst_9300l-24t-4g-e	-	No
Hardware	cisco	catalyst_9300l-24t-4x-a	-	No
Hardware	cisco	catalyst_9300l-24t-4x-e	-	No
Hardware	cisco	catalyst_9300l-48p-4g-a	-	No
Hardware	cisco	catalyst_9300l-48p-4g-e	-	No
Hardware	cisco	catalyst_9300l-48p-4x-a	-	No
Hardware	cisco	catalyst_9300l-48p-4x-e	-	No
Hardware	cisco	catalyst_9300l-48t-4g-a	-	No
Hardware	cisco	catalyst_9300l-48t-4g-e	-	No
Hardware	cisco	catalyst_9300l-48t-4x-a	-	No
Hardware	cisco	catalyst_9300l-48t-4x-e	-	No
Hardware	cisco	catalyst_9300l_stack	-	No
Hardware	cisco	catalyst_9300lm	-	No
Hardware	cisco	catalyst_9300x	-	No
Hardware	cisco	catalyst_9400	-	No
Hardware	cisco	catalyst_9407r	-	No
Hardware	cisco	catalyst_9410r	-	No
Hardware	cisco	catalyst_9500	-	No
Hardware	cisco	catalyst_9500h	-	No
Hardware	cisco	catalyst_9600	-	No
Hardware	cisco	catalyst_9600x	-	No
Hardware	cisco	catalyst_c2928-24lt-c	-	No
Hardware	cisco	catalyst_c2928-48tc-c	-	No
Hardware	cisco	catalyst_c3850-12x48u-e	-	No
Hardware	cisco	catalyst_c3850-12x48u-l	-	No
Hardware	cisco	catalyst_c3850-12x48u-s	-	No
Hardware	cisco	catalyst_c9200-24p	-	No
Hardware	cisco	catalyst_c9200-24t	-	No
Hardware	cisco	catalyst_c9200-48p	-	No
Hardware	cisco	catalyst_c9200-48t	-	No
Hardware	cisco	catalyst_c9200l-24p-4g	-	No
Hardware	cisco	catalyst_c9200l-24p-4x	-	No
Hardware	cisco	catalyst_c9200l-24pxg-2y	-	No
Hardware	cisco	catalyst_c9200l-24pxg-4x	-	No
Hardware	cisco	catalyst_c9200l-24t-4g	-	No
Hardware	cisco	catalyst_c9200l-24t-4x	-	No
Hardware	cisco	catalyst_c9200l-48p-4g	-	No
Hardware	cisco	catalyst_c9200l-48p-4x	-	No
Hardware	cisco	catalyst_c9200l-48pxg-2y	-	No
Hardware	cisco	catalyst_c9200l-48pxg-4x	-	No
Hardware	cisco	catalyst_c9200l-48t-4g	-	No
Hardware	cisco	catalyst_c9200l-48t-4x	-	No
Hardware	cisco	catalyst_c9300-24p	-	No
Hardware	cisco	catalyst_c9300-24s	-	No
Hardware	cisco	catalyst_c9300-24t	-	No
Hardware	cisco	catalyst_c9300-24u	-	No
Hardware	cisco	catalyst_c9300-24ux	-	No
Hardware	cisco	catalyst_c9300-48p	-	No
Hardware	cisco	catalyst_c9300-48s	-	No
Hardware	cisco	catalyst_c9300-48t	-	No
Hardware	cisco	catalyst_c9300-48u	-	No
Hardware	cisco	catalyst_c9300-48un	-	No
Hardware	cisco	catalyst_c9300-48uxm	-	No
Hardware	cisco	catalyst_c9300l-24p-4g	-	No
Hardware	cisco	catalyst_c9300l-24p-4x	-	No
Hardware	cisco	catalyst_c9300l-24t-4g	-	No
Hardware	cisco	catalyst_c9300l-24t-4x	-	No
Hardware	cisco	catalyst_c9300l-48p-4g	-	No
Hardware	cisco	catalyst_c9300l-48p-4x	-	No
Hardware	cisco	catalyst_c9300l-48t-4g	-	No
Hardware	cisco	catalyst_c9300l-48t-4x	-	No
Hardware	cisco	catalyst_c9404r	-	No
Hardware	cisco	catalyst_c9407r	-	No
Hardware	cisco	catalyst_c9410r	-	No
Hardware	cisco	catalyst_c9500-12q	-	No
Hardware	cisco	catalyst_c9500-12q-a	-	No
Hardware	cisco	catalyst_c9500-12q-e	-	No
Hardware	cisco	catalyst_c9500-16x	-	No
Hardware	cisco	catalyst_c9500-16x-a	-	No
Hardware	cisco	catalyst_c9500-16x-e	-	No
Hardware	cisco	catalyst_c9500-24q	-	No
Hardware	cisco	catalyst_c9500-24q-a	-	No
Hardware	cisco	catalyst_c9500-24q-e	-	No
Hardware	cisco	catalyst_c9500-24y4c	-	No
Hardware	cisco	catalyst_c9500-32c	-	No
Hardware	cisco	catalyst_c9500-32qc	-	No
Hardware	cisco	catalyst_c9500-40x	-	No
Hardware	cisco	catalyst_c9500-40x-a	-	No
Hardware	cisco	catalyst_c9500-40x-e	-	No
Hardware	cisco	catalyst_c9500-48y4c	-	No
Hardware	cisco	catalyst_c9600-lc-24c	-	No
Hardware	cisco	catalyst_c9600-lc-48s	-	No
Hardware	cisco	catalyst_c9600-lc-48tx	-	No
Hardware	cisco	catalyst_c9600-lc-48yl	-	No

References

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-info-disc-nrORXjO Vendor Advisory ([email protected])
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-info-disc-nrORXjO Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)

How SecUtils Interprets This CVE

SecUtils normalizes and enriches National Vulnerability Database (NVD) records by standardizing vendor and product identifiers, aggregating vulnerability metadata from both NVD and MITRE sources, and providing structured context for security teams. For cisco's affected products, we extract Common Platform Enumeration (CPE) data, Common Weakness Enumeration (CWE) classifications, CVSS severity metrics, and reference data to enable rapid vulnerability prioritization and asset correlation. This record contains no exploit code, proof-of-concept instructions, or attack methodologies—only defensive intelligence necessary for patch management, risk assessment, and security operations.