Vulnerability Description
A vulnerability in the ROM Monitor (ROMMON) code of Cisco IR800 Integrated Services Router Software could allow an unauthenticated, local attacker to boot an unsigned Hypervisor on an affected device and compromise the integrity of the system. The vulnerability is due to insufficient sanitization of user input. An attacker who can access an affected router via the console could exploit this vulnerability by entering ROMMON mode and modifying ROMMON variables. A successful exploit could allow the attacker to execute arbitrary code and install a malicious version of Hypervisor firmware on an affected device. Cisco Bug IDs: CSCvb44027.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Ir800 Integrated Services Router Firmware | - |
| Cisco | Ir800 Integrated Services Router | - |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/100689Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1039275Third Party AdvisoryVDB Entry
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2Vendor Advisory
- http://www.securityfocus.com/bid/100689Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1039275Third Party AdvisoryVDB Entry
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2Vendor Advisory
FAQ
What is CVE-2017-12223?
CVE-2017-12223 is a vulnerability with a CVSS score of 6.4 (MEDIUM). A vulnerability in the ROM Monitor (ROMMON) code of Cisco IR800 Integrated Services Router Software could allow an unauthenticated, local attacker to boot an unsigned Hypervisor on an affected device ...
How severe is CVE-2017-12223?
CVE-2017-12223 has been rated MEDIUM with a CVSS base score of 6.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-12223?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Ir800 Integrated Services Router Firmware, Cisco Ir800 Integrated Services Router.