CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
AI Score
Confidence
High
EPSS
Percentile
5.1%
A vulnerability in the Secure Storage feature of Cisco IOS and IOS XE Software could allow an authenticated, local attacker to access sensitive system information on an affected device. The vulnerability is due to improper memory operations performed at encryption time, when affected software handles configuration updates. An attacker could exploit this vulnerability by retrieving the contents of specific memory locations of an affected device. A successful exploit could result in the disclosure of keying materials that are part of the device configuration, which can be used to recover critical system information.
Vendor | Product | Version | CPE |
---|---|---|---|
cisco | ios | 12.2(6)i1 | cpe:2.3:o:cisco:ios:12.2\(6\)i1:*:*:*:*:*:*:* |
cisco | ios | 15.1(2)sg8a | cpe:2.3:o:cisco:ios:15.1\(2\)sg8a:*:*:*:*:*:*:* |
cisco | ios | 15.1(3)svg3d | cpe:2.3:o:cisco:ios:15.1\(3\)svg3d:*:*:*:*:*:*:* |
cisco | ios | 15.1(3)svi1b | cpe:2.3:o:cisco:ios:15.1\(3\)svi1b:*:*:*:*:*:*:* |
cisco | ios | 15.1(3)svm3 | cpe:2.3:o:cisco:ios:15.1\(3\)svm3:*:*:*:*:*:*:* |
cisco | ios | 15.1(3)svn2 | cpe:2.3:o:cisco:ios:15.1\(3\)svn2:*:*:*:*:*:*:* |
cisco | ios | 15.1(3)svo1 | cpe:2.3:o:cisco:ios:15.1\(3\)svo1:*:*:*:*:*:*:* |
cisco | ios | 15.1(3)svo2 | cpe:2.3:o:cisco:ios:15.1\(3\)svo2:*:*:*:*:*:*:* |
cisco | ios | 15.1(3)svp1 | cpe:2.3:o:cisco:ios:15.1\(3\)svp1:*:*:*:*:*:*:* |
cisco | ios | 15.1(4)m12c | cpe:2.3:o:cisco:ios:15.1\(4\)m12c:*:*:*:*:*:*:* |
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
AI Score
Confidence
High
EPSS
Percentile
5.1%