admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-merge PR#4889

Browse Source 
Auto-merge PR#4889
This commit is contained in:
CVE Team 2020-09-24 13:56:43 -04:00 committed by GitHub
commit 55acc59cbc
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 78 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

85
2020/3xxx/CVE-2020-3524.json
View File

@ -1,18 +1,89 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2020-09-24T16:00:00",
"ID": "CVE-2020-3524",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Cisco IOS XE ROM Monitor Software Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco IOS XE ROMMON Software ",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": " A vulnerability in the Cisco IOS XE ROM Monitor (ROMMON) Software for Cisco 4000 Series Integrated Services Routers, Cisco ASR 920 Series Aggregation Services Routers, Cisco ASR 1000 Series Aggregation Services Routers, and Cisco cBR-8 Converged Broadband Routers could allow an unauthenticated, physical attacker to break the chain of trust and load a compromised software image on an affected device. The vulnerability is due to the presence of a debugging configuration option in the affected software. An attacker could exploit this vulnerability by connecting to an affected device through the console, forcing the device into ROMMON mode, and writing a malicious pattern using that specific option on the device. A successful exploit could allow the attacker to break the chain of trust and load a compromised software image on the affected device. A compromised software image is any software image that has not been digitally signed by Cisco. "
}
]
},
"exploit": [
{
"lang": "eng",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. "
}
],
"impact": {
"cvss": {
"baseScore": "6.4",
"vectorString": "CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H ",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20200924 Cisco IOS XE ROM Monitor Software Vulnerability",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rommon-secboot-7JgVLVYC"
}
]
},
"source": {
"advisory": "cisco-sa-rommon-secboot-7JgVLVYC",
"defect": [
[
"CSCuw17929",
"CSCuy11639",
"CSCuy11786",
"CSCuy11815"
]
],
"discovery": "INTERNAL"
}
}
}