CVE-2020-3524Improper Access Control in Cisco IOS XE ROM Monitor

CWE-284Improper Access ControlCWE-862Missing AuthorizationCWE-20Improper Input Validation5 documents5 sources
Severity
6.8MEDIUMNVD
EPSS
0.1%
top 77.96%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco IOS XE ROM MonitorCisco IOS XE Rommon Software
Timeline
PublishedSep 24
Latest updateMay 24

Description

A vulnerability in the Cisco IOS XE ROM Monitor (ROMMON) Software for Cisco 4000 Series Integrated Services Routers, Cisco ASR 920 Series Aggregation Services Routers, Cisco ASR 1000 Series Aggregation Services Routers, and Cisco cBR-8 Converged Broadband Routers could allow an unauthenticated, physical attacker to break the chain of trust and load a compromised software image on an affected device. The vulnerability is due to the presence of a debugging configuration option in the affected soft

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 0.9 | Impact: 5.9

Affected Packages2 packages

NVDcisco/ios_xe_rom_monitor< 16.2\(1r\)+2

🔴Vulnerability Details

2
GHSA
GHSA-wvf6-cqwc-cf6x: A vulnerability in the Cisco IOS XE ROM Monitor (ROMMON) Software for Cisco 4000 Series Integrated Services Routers, Cisco ASR 920 Series Aggregation2022-05-24
CVEList
Cisco IOS XE ROM Monitor Software Vulnerability2020-09-24

📋Vendor Advisories

2
Red Hat
gateway: radosgw: CRLF injection2021-04-15
Cisco
Cisco IOS XE ROM Monitor Software Vulnerability2020-09-24
CVE-2020-3524 — Improper Access Control in Cisco | cvebase