Lucene search

[email protected]NVD:CVE-2021-1452

HistoryMar 24, 2021 - 8:15 p.m.

CVE-2021-1452

2021-03-2420:15:15

CWE-78

[email protected]

web.nvd.nist.gov

cisco

ios xe

catalyst

switches

vulnerability

unsigned code

system boot

rommon

physical attacker

exploit

image verification check

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

6.8

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

30.1%

JSON

A vulnerability in the ROM Monitor (ROMMON) of Cisco IOS XE Software for Cisco Catalyst IE3200, IE3300, and IE3400 Rugged Series Switches, Cisco Catalyst IE3400 Heavy Duty Series Switches, and Cisco Embedded Services 3300 Series Switches could allow an unauthenticated, physical attacker to execute unsigned code at system boot time. This vulnerability is due to incorrect validations of specific function arguments passed to a boot script when specific ROMMON variables are set. An attacker could exploit this vulnerability by setting malicious values for a specific ROMMON variable. A successful exploit could allow the attacker to execute unsigned code and bypass the image verification check during the secure boot process of an affected device. To exploit this vulnerability, the attacker would need to have unauthenticated, physical access to the device or obtain privileged access to the root shell on the device.

Affected configurations

Nvd

Node

ciscoios_xe_rom_monitorRange≤7.0

AND

ciscocatalyst_ie3200_rugged_switchMatch-

ciscocatalyst_ie3300_rugged_switchMatch-

ciscocatalyst_ie3400_heavy_duty_switchMatch-

ciscocatalyst_ie3400_rugged_switchMatch-

ciscoess_3300Match-

VendorProductVersionCPE
ciscoios_xe_rom_monitor*cpe:2.3:o:cisco:ios_xe_rom_monitor:*:*:*:*:*:*:*:*
ciscocatalyst_ie3200_rugged_switch-cpe:2.3:h:cisco:catalyst_ie3200_rugged_switch:-:*:*:*:*:*:*:*
ciscocatalyst_ie3300_rugged_switch-cpe:2.3:h:cisco:catalyst_ie3300_rugged_switch:-:*:*:*:*:*:*:*
ciscocatalyst_ie3400_heavy_duty_switch-cpe:2.3:h:cisco:catalyst_ie3400_heavy_duty_switch:-:*:*:*:*:*:*:*
ciscocatalyst_ie3400_rugged_switch-cpe:2.3:h:cisco:catalyst_ie3400_rugged_switch:-:*:*:*:*:*:*:*
ciscoess_3300-cpe:2.3:h:cisco:ess_3300:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	ios_xe_rom_monitor	*	cpe:2.3:o:cisco:ios_xe_rom_monitor::::::::
cisco	catalyst_ie3200_rugged_switch	-	cpe:2.3:h:cisco:catalyst_ie3200_rugged_switch:-:::::::*
cisco	catalyst_ie3300_rugged_switch	-	cpe:2.3:h:cisco:catalyst_ie3300_rugged_switch:-:::::::*
cisco	catalyst_ie3400_heavy_duty_switch	-	cpe:2.3:h:cisco:catalyst_ie3400_heavy_duty_switch:-:::::::*
cisco	catalyst_ie3400_rugged_switch	-	cpe:2.3:h:cisco:catalyst_ie3400_rugged_switch:-:::::::*
cisco	ess_3300	-	cpe:2.3:h:cisco:ess_3300:-:::::::*

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-romvar-cmd-inj-N56fYbrw

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

6.8

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

30.1%

JSON

Related for NVD:CVE-2021-1452

prion1 cve1 cisco1 nessus1 cvelist1 ics1