Vulnerability-Lookup

CNVD-2017-32482

Vulnerability from cnvd - Published: 2017-11-02

Title

Cisco IR800 Integrated Services Router Software命令执行漏洞

Description

Cisco IR800 Integrated Services Router Software是美国思科（Cisco）公司的一套运行于路由器中的软件。ROM Monitor是其中的一个资源监视器。 Cisco IR800 Integrated Services Router Software中的ROM Monitor (ROMMON)代码存在命令执行漏洞，该漏洞源于程序未能充分的过滤用户的输入。本地攻击者可通过进入ROMMON模式并修改ROMMON变量利用该漏洞执行任意代码，安装恶意的虚拟机监视器固件。

Severity

中

Patch Name

Cisco IR800 Integrated Services Router Software命令执行漏洞的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvb44027

Reference

https://nvd.nist.gov/vuln/detail/CVE-2017-12223 http://www.securityfocus.com/bid/100689

Impacted products

Name
['Cisco IOS 15.6(1)T', 'Cisco IR800 Integrated Services Router Software 0']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "100689"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-12223"
    }
  },
  "description": "Cisco IR800 Integrated Services Router Software\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u7684\u4e00\u5957\u8fd0\u884c\u4e8e\u8def\u7531\u5668\u4e2d\u7684\u8f6f\u4ef6\u3002ROM Monitor\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u8d44\u6e90\u76d1\u89c6\u5668\u3002\r\n\r\nCisco IR800 Integrated Services Router Software\u4e2d\u7684ROM Monitor (ROMMON)\u4ee3\u7801\u5b58\u5728\u547d\u4ee4\u6267\u884c\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u5145\u5206\u7684\u8fc7\u6ee4\u7528\u6237\u7684\u8f93\u5165\u3002\u672c\u5730\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u8fdb\u5165ROMMON\u6a21\u5f0f\u5e76\u4fee\u6539ROMMON\u53d8\u91cf\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u4efb\u610f\u4ee3\u7801\uff0c\u5b89\u88c5\u6076\u610f\u7684\u865a\u62df\u673a\u76d1\u89c6\u5668\u56fa\u4ef6\u3002",
  "discovererName": "Cisco",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://bst.cloudapps.cisco.com/bugsearch/bug/CSCvb44027",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-32482",
  "openTime": "2017-11-02",
  "patchDescription": "Cisco IR800 Integrated Services Router Software\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u7684\u4e00\u5957\u8fd0\u884c\u4e8e\u8def\u7531\u5668\u4e2d\u7684\u8f6f\u4ef6\u3002ROM Monitor\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u8d44\u6e90\u76d1\u89c6\u5668\u3002\r\n\r\nCisco IR800 Integrated Services Router Software\u4e2d\u7684ROM Monitor (ROMMON)\u4ee3\u7801\u5b58\u5728\u547d\u4ee4\u6267\u884c\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u5145\u5206\u7684\u8fc7\u6ee4\u7528\u6237\u7684\u8f93\u5165\u3002\u672c\u5730\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u8fdb\u5165ROMMON\u6a21\u5f0f\u5e76\u4fee\u6539ROMMON\u53d8\u91cf\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u4efb\u610f\u4ee3\u7801\uff0c\u5b89\u88c5\u6076\u610f\u7684\u865a\u62df\u673a\u76d1\u89c6\u5668\u56fa\u4ef6\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Cisco IR800 Integrated Services Router Software\u547d\u4ee4\u6267\u884c\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Cisco IOS 15.6(1)T",
      "Cisco IR800 Integrated Services Router Software 0"
    ]
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2017-12223\r\nhttp://www.securityfocus.com/bid/100689",
  "serverity": "\u4e2d",
  "submitTime": "2017-09-08",
  "title": "Cisco IR800 Integrated Services Router Software\u547d\u4ee4\u6267\u884c\u6f0f\u6d1e"
}

CVE-2017-12223 (GCVE-0-2017-12223)

Vulnerability from cvelistv5 – Published: 2017-09-07 21:00 – Updated: 2024-08-05 18:28

Summary

A vulnerability in the ROM Monitor (ROMMON) code of Cisco IR800 Integrated Services Router Software could allow an unauthenticated, local attacker to boot an unsigned Hypervisor on an affected device and compromise the integrity of the system. The vulnerability is due to insufficient sanitization of user input. An attacker who can access an affected router via the console could exploit this vulnerability by entering ROMMON mode and modifying ROMMON variables. A successful exploit could allow the attacker to execute arbitrary code and install a malicious version of Hypervisor firmware on an affected device. Cisco Bug IDs: CSCvb44027.

Severity ?

No CVSS data available.

CWE

CWE-20

Assigner

cisco

References

URL

Tags

	https://tools.cisco.com/security/center/content/C…	x_refsource_CONFIRM
	http://www.securitytracker.com/id/1039275	vdb-entryx_refsource_SECTRACK
	http://www.securityfocus.com/bid/100689	vdb-entryx_refsource_BID

Impacted products

	Vendor	Product	Version
	n/a	Cisco IR800 Integrated Services Router	Affected: Cisco IR800 Integrated Services Router

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T18:28:16.601Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-isr"
          },
          {
            "name": "1039275",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1039275"
          },
          {
            "name": "100689",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/100689"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco IR800 Integrated Services Router",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Cisco IR800 Integrated Services Router"
            }
          ]
        }
      ],
      "datePublic": "2017-09-07T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the ROM Monitor (ROMMON) code of Cisco IR800 Integrated Services Router Software could allow an unauthenticated, local attacker to boot an unsigned Hypervisor on an affected device and compromise the integrity of the system. The vulnerability is due to insufficient sanitization of user input. An attacker who can access an affected router via the console could exploit this vulnerability by entering ROMMON mode and modifying ROMMON variables. A successful exploit could allow the attacker to execute arbitrary code and install a malicious version of Hypervisor firmware on an affected device. Cisco Bug IDs: CSCvb44027."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-12T09:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-isr"
        },
        {
          "name": "1039275",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1039275"
        },
        {
          "name": "100689",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/100689"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2017-12223",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco IR800 Integrated Services Router",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Cisco IR800 Integrated Services Router"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the ROM Monitor (ROMMON) code of Cisco IR800 Integrated Services Router Software could allow an unauthenticated, local attacker to boot an unsigned Hypervisor on an affected device and compromise the integrity of the system. The vulnerability is due to insufficient sanitization of user input. An attacker who can access an affected router via the console could exploit this vulnerability by entering ROMMON mode and modifying ROMMON variables. A successful exploit could allow the attacker to execute arbitrary code and install a malicious version of Hypervisor firmware on an affected device. Cisco Bug IDs: CSCvb44027."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-20"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-isr",
              "refsource": "CONFIRM",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-isr"
            },
            {
              "name": "1039275",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1039275"
            },
            {
              "name": "100689",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/100689"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2017-12223",
    "datePublished": "2017-09-07T21:00:00",
    "dateReserved": "2017-08-03T00:00:00",
    "dateUpdated": "2024-08-05T18:28:16.601Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2017-32482

CVE-2017-12223 (GCVE-0-2017-12223)

Tags

Sightings

Nomenclature