Exposed dangerous method or function in Cisco ASR 900 Series and Cisco IOS XE - CVE-2020-3513

 

Exposed dangerous method or function in Cisco ASR 900 Series and Cisco IOS XE - CVE-2020-3513

Published: September 30, 2020


Vulnerability identifier: #VU47213
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2020-3513
CWE-ID: CWE-749
Exploitation vector: Local access
Exploit availability: No public exploit available
Vendor: Cisco Systems, Inc
Affected software:
Cisco ASR 900 Series
Cisco IOS XE

Detailed vulnerability description

The vulnerability allows a local user to execute arbitrary code at bootup and break the chain of trust.

The vulnerability exists due to incorrect validations by boot scripts when specific ROM monitor (ROMMON) variables are set. A local administrator can copy a specific file to the local file system, define specific ROMMON variables and run arbitrary code on the system with root privileges.


How to mitigate CVE-2020-3513

Install updates from vendor's website.

Sources