CVE-2017-12223

Severity Score

6.4

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

A vulnerability in the ROM Monitor (ROMMON) code of Cisco IR800 Integrated Services Router Software could allow an unauthenticated, local attacker to boot an unsigned Hypervisor on an affected device and compromise the integrity of the system. The vulnerability is due to insufficient sanitization of user input. An attacker who can access an affected router via the console could exploit this vulnerability by entering ROMMON mode and modifying ROMMON variables. A successful exploit could allow the attacker to execute arbitrary code and install a malicious version of Hypervisor firmware on an affected device. Cisco Bug IDs: CSCvb44027.

Una vulnerabilidad en el código del monitor ROM (ROMMON) de Cisco IR800 Integrated Services Router Software podría permitir que un atacante local sin autenticar arranque un Hipervisor sin firma en un dispositivo afectado y, por lo tanto, comprometa la integridad del sistema. Esta vulnerabilidad se debe a una sanitización insuficiente de las entradas realizadas por el usuario. Un atacante que pueda acceder a un router afectado mediante la consola podría explotar esta vulnerabilidad entrando en modo ROMMON y modificando las variables ROMMON. Si se explota esta vulnerabilidad con éxito, el atacante podría ejecutar código arbitrario e instalar una versión maliciosa del firmware del hipervisor en un dispositivo afectado. Cisco Bug IDs: CSCvb44027.

*Credits: N/A

Attack Vector

Physical

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Local

Attack Complexity

Medium

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2017-08-03 CVE Reserved
2017-09-07 CVE Published
2023-07-18 EPSS Updated
2024-08-05 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-20: Improper Input Validation

CAPEC

References (3)

URL	Tag	Source
http://www.securityfocus.com/bid/100689	Third Party Advisory
http://www.securitytracker.com/id/1039275	Third Party Advisory

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-isr	2019-10-09

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Cisco Search vendor "Cisco"	Ir800 Integrated Services Router Firmware Search vendor "Cisco" for product "Ir800 Integrated Services Router Firmware"	-	-	Affected	in	Cisco Search vendor "Cisco"	Ir800 Integrated Services Router Search vendor "Cisco" for product "Ir800 Integrated Services Router"	-	-	Safe