Lucene search

CiscoCVE-2020-3513

HistorySep 24, 2020 - 6:15 p.m.

CVE-2020-3513

2020-09-2418:15:21

CWE-749

CWE-94

cisco

web.nvd.nist.gov

cisco

ios xe

software

vulnerabilities

cve-2020-3513

asr 900 series

routers

rsp3

rommon

bootup

security vulnerability

CVSS2

6.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

CVSS3

6.7

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

AI Score

6.7

Confidence

High

EPSS

Percentile

5.1%

JSON

Multiple vulnerabilities in the initialization routines that are executed during bootup of Cisco IOS XE Software for Cisco ASR 900 Series Aggregation Services Routers with a Route Switch Processor 3 (RSP3) installed could allow an authenticated, local attacker with high privileges to execute persistent code at bootup and break the chain of trust. These vulnerabilities are due to incorrect validations by boot scripts when specific ROM monitor (ROMMON) variables are set. An attacker could exploit these vulnerabilities by copying a specific file to the local file system of an affected device and defining specific ROMMON variables. A successful exploit could allow the attacker to run arbitrary code on the underlying operating system (OS) with root privileges. To exploit these vulnerabilities, an attacker would need to have access to the root shell on the device or have physical access to the device.

Affected configurations

Nvd

Node

ciscoios_xeMatch16.12.1

ciscoios_xeMatch17.2

AND

ciscoasr_902Match-

ciscoasr_903Match-

ciscoasr_907Match-

cisconcs_4206Match-

cisconcs_4216Match-

cisconcs_4216_f2bMatch-

VendorProductVersionCPE
ciscoios_xe16.12.1cpe:2.3:o:cisco:ios_xe:16.12.1:*:*:*:*:*:*:*
ciscoios_xe17.2cpe:2.3:o:cisco:ios_xe:17.2:*:*:*:*:*:*:*
ciscoasr_902-cpe:2.3:h:cisco:asr_902:-:*:*:*:*:*:*:*
ciscoasr_903-cpe:2.3:h:cisco:asr_903:-:*:*:*:*:*:*:*
ciscoasr_907-cpe:2.3:h:cisco:asr_907:-:*:*:*:*:*:*:*
cisconcs_4206-cpe:2.3:h:cisco:ncs_4206:-:*:*:*:*:*:*:*
cisconcs_4216-cpe:2.3:h:cisco:ncs_4216:-:*:*:*:*:*:*:*
cisconcs_4216_f2b-cpe:2.3:h:cisco:ncs_4216_f2b:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	ios_xe	16.12.1	cpe:2.3:o:cisco:ios_xe:16.12.1:::::::*
cisco	ios_xe	17.2	cpe:2.3:o:cisco:ios_xe:17.2:::::::*
cisco	asr_902	-	cpe:2.3:h:cisco:asr_902:-:::::::*
cisco	asr_903	-	cpe:2.3:h:cisco:asr_903:-:::::::*
cisco	asr_907	-	cpe:2.3:h:cisco:asr_907:-:::::::*
cisco	ncs_4206	-	cpe:2.3:h:cisco:ncs_4206:-:::::::*
cisco	ncs_4216	-	cpe:2.3:h:cisco:ncs_4216:-:::::::*
cisco	ncs_4216_f2b	-	cpe:2.3:h:cisco:ncs_4216_f2b:-:::::::*

CNA Affected

[
  {
    "product": "Cisco IOS XE Software",
    "vendor": "Cisco",
    "versions": [
      {
        "status": "affected",
        "version": "n/a"
      }
    ]
  }
]

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-rsp3-rce-jVHg8Z7c

CVSS2

6.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

CVSS3

6.7

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

AI Score

6.7

Confidence

High

EPSS

Percentile

5.1%

JSON

Related for CVE-2020-3513