CVE-2017-12223

{"id": "CVE-2017-12223", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.9, "accessVector": "LOCAL", "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.4, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 6.4, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 0.5}]}, "published": "2017-09-07T21:29:00.520", "references": [{"url": "http://www.securityfocus.com/bid/100689", "tags": ["Third Party Advisory", "VDB Entry"], "source": "ykramarz@cisco.com"}, {"url": "http://www.securitytracker.com/id/1039275", "tags": ["Third Party Advisory", "VDB Entry"], "source": "ykramarz@cisco.com"}, {"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-isr", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}, {"type": "Secondary", "source": "ykramarz@cisco.com", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the ROM Monitor (ROMMON) code of Cisco IR800 Integrated Services Router Software could allow an unauthenticated, local attacker to boot an unsigned Hypervisor on an affected device and compromise the integrity of the system. The vulnerability is due to insufficient sanitization of user input. An attacker who can access an affected router via the console could exploit this vulnerability by entering ROMMON mode and modifying ROMMON variables. A successful exploit could allow the attacker to execute arbitrary code and install a malicious version of Hypervisor firmware on an affected device. Cisco Bug IDs: CSCvb44027."}, {"lang": "es", "value": "Una vulnerabilidad en el c\u00f3digo del monitor ROM (ROMMON) de Cisco IR800 Integrated Services Router Software podr\u00eda permitir que un atacante local sin autenticar arranque un Hipervisor sin firma en un dispositivo afectado y, por lo tanto, comprometa la integridad del sistema. Esta vulnerabilidad se debe a una sanitizaci\u00f3n insuficiente de las entradas realizadas por el usuario. Un atacante que pueda acceder a un router afectado mediante la consola podr\u00eda explotar esta vulnerabilidad entrando en modo ROMMON y modificando las variables ROMMON. Si se explota esta vulnerabilidad con \u00e9xito, el atacante podr\u00eda ejecutar c\u00f3digo arbitrario e instalar una versi\u00f3n maliciosa del firmware del hipervisor en un dispositivo afectado. Cisco Bug IDs: CSCvb44027."}], "lastModified": "2019-10-09T23:22:30.717", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:ir800_integrated_services_router_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7FD1E3CD-4CA7-40C2-9AEF-4A553B302FAA"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:ir800_integrated_services_router:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "941935AF-4909-4C21-9AD9-0CFE957A1519"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "ykramarz@cisco.com"}