Description
A vulnerability in the ROMMON of Cisco IOS XE Software could allow an authenticated, local attacker to elevate privileges to those of the root user of the underlying operating system. The vulnerability is due to the ROMMON allowing for special parameters to be passed to the device at initial boot up. An attacker could exploit this vulnerability by sending parameters to the device at initial boot up. An exploit could allow the attacker to elevate from a Priv15 user to the root user and execute arbitrary commands with the privileges of the root user.
References (1)
Core 1
Core References
Patch, Vendor Advisory vendor-advisory
x_refsource_cisco
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-priv-esc3-GMgnGCHx
Scores
CVSS v3
6.7
EPSS
0.0004
EPSS Percentile
13.1%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-264
Status
published
Products (50)
cisco/ios_xe
3.8.0s
cisco/ios_xe
3.8.1s
cisco/ios_xe
3.8.2s
cisco/ios_xe
3.9.0as
cisco/ios_xe
3.9.0s
cisco/ios_xe
3.9.1as
cisco/ios_xe
3.9.1s
cisco/ios_xe
3.9.2s
cisco/ios_xe
3.10.0s
cisco/ios_xe
3.10.1s
... and 40 more
Published
Jun 03, 2020
Tracked Since
Feb 18, 2026