CVE-2022-20864

CVE Database · CVE-2022-20864

CVE-2022-20864

· MEDIUMModified

CVSS v3.1

4.6

EPSS

0.26%

Published

Oct 10, 2022

Modified

Nov 21, 2024

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A vulnerability in the password-recovery disable feature of Cisco IOS XE ROM Monitor (ROMMON) Software for Cisco Catalyst Switches could allow an unauthenticated, local attacker to recover the configuration or reset the enable password. This vulnerability is due to a problem with the file and boot variable permissions in ROMMON. An attacker could exploit this vulnerability by rebooting the switch into ROMMON and entering specific commands through the console. A successful exploit could allow the attacker to read any file or reset the enable password.

CVSS Vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Weaknesses (CWE)

CWE-538

Affected Products (240)

cisco · ios_xe_rom_monitorvulnerable

cisco · catalyst_3650

cisco · catalyst_3650-12x48fd-e

cisco · catalyst_3650-12x48fd-l

cisco · catalyst_3650-12x48fd-s

cisco · catalyst_3650-12x48uq

cisco · catalyst_3650-12x48uq-e

cisco · catalyst_3650-12x48uq-l

cisco · catalyst_3650-12x48uq-s

cisco · catalyst_3650-12x48ur

cisco · catalyst_3650-12x48ur-e

cisco · catalyst_3650-12x48ur-l

cisco · catalyst_3650-12x48ur-s

References (2)

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-info-disc-nrORXjO

Vendor Advisory

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-info-disc-nrORXjO

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs