Cisco Security Advisory - Cisco IOS XE ROM Monitor Software for Catalyst Switches Information Disclosure Vulnerability

Started by Netwörkheäd, September 30, 2022, 06:14:55 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions

Netwörkheäd

September 30, 2022, 06:14:55 PM
Cisco IOS XE ROM Monitor Software for Catalyst Switches Information Disclosure Vulnerability

A vulnerability in the password-recovery disable feature of Cisco IOS XE ROM Monitor (ROMMON) Software for Cisco Catalyst Switches could allow an unauthenticated, local attacker to recover the configuration or reset the enable password.


This vulnerability is due to a problem with the file and boot variable permissions in ROMMON. An attacker could exploit this vulnerability by rebooting the switch into ROMMON and entering specific commands through the console. A successful exploit could allow the attacker to read any file or reset the enable password.


Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.


This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-info-disc-nrORXjO



     
         
Security Impact Rating:  Medium
   
   
       
CVE: CVE-2022-20864
Source: Cisco IOS XE ROM Monitor Software for Catalyst Switches Information Disclosure Vulnerability
Let's not argue. Let's network!
Print
Go Up Pages1
User actions