Published: 24/09/2020 Updated: 07/11/2023

CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9

CVSS v3 Base Score: 6.7 | Impact Score: 5.9 | Exploitability Score: 0.8

VMScore: 641

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

A vulnerability in Cisco IOS XE Software could allow an authenticated, local malicious user to execute persistent code at boot time and break the chain of trust. This vulnerability is due to incorrect validations by boot scripts when specific ROM monitor (ROMMON) variables are set. An attacker could exploit this vulnerability by installing code to a specific directory in the underlying operating system (OS) and setting a specific ROMMON variable. A successful exploit could allow the malicious user to execute persistent code on the underlying OS. To exploit this vulnerability, the attacker would need access to the root shell on the device or have physical access to the device.

Vulnerable Product	Search on Vulmon	Subscribe to Product
cisco ios xe 3.18.2asp
cisco ios xe 3.18.3sp
cisco ios xe 16.6.1
cisco ios xe 3.18.1sp
cisco ios xe 3.18.1bsp
cisco ios xe 3.18.1csp
cisco ios xe 3.18.2sp
cisco ios xe 3.18.0sp
cisco ios xe 3.18.1asp
cisco ios xe 16.6.3
cisco ios xe 16.8.1
cisco ios xe 16.7.1
cisco ios xe 16.6.2
cisco ios xe 16.9.1
cisco ios xe 16.8.1a
cisco ios xe 16.8.1s
cisco ios xe 16.8.1b
cisco ios xe 16.8.2
cisco ios xe 16.7.2
cisco ios xe 16.8.1d
cisco ios xe 16.7.3
cisco ios xe 16.7.1a
cisco ios xe 16.7.1b
cisco ios xe 16.8.1c
cisco ios xe 16.8.1e
cisco ios xe 3.18.3asp
cisco ios xe 3.18.1isp
cisco ios xe 16.9.1s
cisco ios xe 3.18.1gsp
cisco ios xe 16.9.1c
cisco ios xe 3.18.3bsp
cisco ios xe 16.9.1b
cisco ios xe 3.18.4sp
cisco ios xe 3.18.1hsp
cisco ios xe 16.9.1d
cisco ios xe 16.6.4s
cisco ios xe 16.6.4
cisco ios xe 3.18.5sp
cisco ios xe 16.10.1
cisco ios xe 16.7.4
cisco ios xe 16.9.1a
cisco ios xe 16.9.2a
cisco ios xe 16.9.2
cisco ios xe 16.6.4a
cisco ios xe 16.12.1
cisco ios xe 16.6.5
cisco ios xe 16.11.1
cisco ios xe 17.1.1
cisco ios xe 16.11.1a
cisco ios xe 16.12.1c
cisco ios xe 16.12.1t
cisco ios xe 16.11.2
cisco ios xe 16.12.1s
cisco ios xe 16.12.1a
cisco ios xe 16.12.1x
cisco ios xe 16.11.1c
cisco ios xe 16.11.1b
cisco ios xe 16.11.1s
cisco ios xe 16.12.1w
cisco ios xe 16.10.1s
cisco ios xe 16.10.1d
cisco ios xe 16.9.2s
cisco ios xe 16.6.6
cisco ios xe 16.9.3h
cisco ios xe 16.6.5b
cisco ios xe 16.6.5a
cisco ios xe 16.9.3a
cisco ios xe 16.10.1a
cisco ios xe 16.10.1f
cisco ios xe 16.10.1g
cisco ios xe 16.10.2
cisco ios xe 16.9.3
cisco ios xe 16.12.1y
cisco ios xe 16.10.1e
cisco ios xe 16.10.1b
cisco ios xe 16.8.3
cisco ios xe 16.9.3s
cisco ios xe 16.10.1c
cisco ios xe 3.18.6sp
cisco ios xe 16.9.4
cisco ios xe 16.12.2
cisco ios xe 16.6.7a
cisco ios xe 16.9.4c
cisco ios xe 3.18.7sp
cisco ios xe 16.12.2a
cisco ios xe 16.6.7
cisco ios xe 16.10.3
cisco ios xe 16.9.5
cisco ios xe 16.9.5f
cisco ios xe 3.18.8sp
cisco ios xe 16.12.3
cisco ios xe 17.1.1s
cisco ios xe 16.12.2t
cisco ios xe 17.1.1a
cisco ios xe 16.12.2s
cisco ios xe 16.12.3a
cisco ios xe 3.18.8asp
cisco ios xe 17.1.1t

A vulnerability in Cisco IOS XE Software could allow an authenticated, local attacker to execute persistent code at boot time and break the chain of trust This vulnerability is due to incorrect validations by boot scripts when specific ROM monitor (ROMMON) variables are set An attacker could exploit this vulnerability by installing code to a spec ...

CWE-78 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xbace-OnCEbyS https://nvd.nist.gov https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xbace-OnCEbyS

CVE-2020-3417

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect