2 results (0.001 seconds)

CVSS: 7.2EPSS: 0%CPEs: 6EXPL: 0

CVE-2021-1452 – Cisco IOS XE ROM Monitor Software for Cisco Industrial Switches OS Command Injection Vulnerability

https://notcve.org/view.php?id=CVE-2021-1452

24 Mar 2021 — A vulnerability in the ROM Monitor (ROMMON) of Cisco IOS XE Software for Cisco Catalyst IE3200, IE3300, and IE3400 Rugged Series Switches, Cisco Catalyst IE3400 Heavy Duty Series Switches, and Cisco Embedded Services 3300 Series Switches could allow an unauthenticated, physical attacker to execute unsigned code at system boot time. This vulnerability is due to incorrect validations of specific function arguments passed to a boot script when specific ROMMON variables are set. An attacker could exploit this v... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-romvar-cmd-inj-N56fYbrw • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 6.9EPSS: 0%CPEs: 29EXPL: 0

CVE-2020-3524 – Cisco IOS XE ROM Monitor Software Vulnerability

https://notcve.org/view.php?id=CVE-2020-3524

24 Sep 2020 — A vulnerability in the Cisco IOS XE ROM Monitor (ROMMON) Software for Cisco 4000 Series Integrated Services Routers, Cisco ASR 920 Series Aggregation Services Routers, Cisco ASR 1000 Series Aggregation Services Routers, and Cisco cBR-8 Converged Broadband Routers could allow an unauthenticated, physical attacker to break the chain of trust and load a compromised software image on an affected device. The vulnerability is due to the presence of a debugging configuration option in the affected software. An att... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rommon-secboot-7JgVLVYC • CWE-284: Improper Access Control CWE-862: Missing Authorization •