Vulnslist

Cisco vulnerabilities by product, model, software, and advisory.

Cisco IOS XE ROM Monitor Software for Catalyst Switches Information Disclosure Vulnerability

cisco-sa-iosxe-info-disc-nrORXjO · Medium · Published · Updated

A vulnerability in the password-recovery disable feature of Cisco IOS XE ROM Monitor (ROMMON) Software for Cisco Catalyst Switches could allow an unauthenticated, local attacker to recover the configuration or reset the enable password. This vulnerability is due to a problem with the file and boot variable permissions in ROMMON. An attacker could exploit this vulnerability by rebooting the switch into ROMMON and entering specific commands through the console. A successful exploit could allow the attacker to read any file or reset the enable password. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-info-disc-nrORXjO

Cisco advisory · CSAF JSON

Workarounds

There are no workarounds that address this vulnerability.

CVEsCVE-2022-20864
Cisco Bug IDsCSCwa58212, CSCvx64514, CSCvx88952, CSCwa53008
CVSS ScoreBase 4.6
Base 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:X/RL:X/RC:X
Product Names From Source
Cisco IOS XE Software

Related Products

Product CVE Evidence
Cisco IOS CVE-2022-20864 Cisco OpenVuln
Cisco IOS XE Software CVE-2022-20864 Cisco OpenVuln
Cisco Catalyst 9600 Series Switches CVE-2022-20864 Cisco OpenVuln · software-dependent
Cisco Catalyst 9500 Series Switches CVE-2022-20864 Cisco OpenVuln · software-dependent
Cisco Catalyst 9400 Series Switches CVE-2022-20864 Cisco OpenVuln · software-dependent
Cisco Catalyst 9200 Series Switches CVE-2022-20864 Cisco OpenVuln · software-dependent
Cisco Catalyst 9300 Series Switches CVE-2022-20864 Cisco OpenVuln · software-dependent