CVE-2017-12223

MEDIUM

Cisco IR800 Router Firmware - Unauthenticated RCE via ROMMON Variable Manipulation

Title source: llm
STIX 2.1

Description

A vulnerability in the ROM Monitor (ROMMON) code of Cisco IR800 Integrated Services Router Software could allow an unauthenticated, local attacker to boot an unsigned Hypervisor on an affected device and compromise the integrity of the system. The vulnerability is due to insufficient sanitization of user input. An attacker who can access an affected router via the console could exploit this vulnerability by entering ROMMON mode and modifying ROMMON variables. A successful exploit could allow the attacker to execute arbitrary code and install a malicious version of Hypervisor firmware on an affected device. Cisco Bug IDs: CSCvb44027.

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1039275
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/100689

Scores

CVSS v3 6.4
EPSS 0.0042
EPSS Percentile 33.5%
Attack Vector PHYSICAL
CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-20
Status published
Products (2)
cisco/ir800_integrated_services_router_firmware
n/a/Cisco IR800 Integrated Services Router Cisco IR800 Integrated Services Router
Published Sep 07, 2017
Tracked Since Feb 18, 2026