Details of VAR-201810-0562

ID

VAR-201810-0562

CVE

CVE-2018-15370

TITLE

Cisco Catalyst 6800 For series switch Cisco IOS ROM Monitor Vulnerability related to authorization, authority, and access control in software

Trust: 0.8

sources: JVNDB: JVNDB-2018-013330

DESCRIPTION

A vulnerability in Cisco IOS ROM Monitor (ROMMON) Software for Cisco Catalyst 6800 Series Switches could allow an unauthenticated, local attacker to bypass Cisco Secure Boot validation checks and load a compromised software image on an affected device. The vulnerability is due to the presence of a hidden command in the affected software. An attacker could exploit this vulnerability by connecting to an affected device via the console, forcing the device into ROMMON mode, and writing a malicious pattern to a specific memory address on the device. A successful exploit could allow the attacker to bypass signature validation checks by Cisco Secure Boot technology and load a compromised software image on the affected device. A compromised software image is any software image that has not been digitally signed by Cisco. Cisco Catalyst 6800 Series SupervisorEngine6T and so on are Cisco's switch products. IOSROMMonitor (ROMMON) Software is one of the ROM monitoring software for iOS devices. Cisco IOS ROM Monitor is prone to a local security-bypass vulnerability. An attacker may exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may lead to further attacks. This issue is being tracked by Cisco Bug ID CSCvc16091

Trust: 2.52

sources: NVD: CVE-2018-15370 // JVNDB: JVNDB-2018-013330 // CNVD: CNVD-2018-21223 // BID: 105412 // VULHUB: VHN-125623

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2018-21223

AFFECTED PRODUCTS

vendor:	cisco	model:	ios rom monitor	scope:	eq	version:	15.1\(2\)sy3	Trust: 1.6
vendor:	cisco	model:	ios rom monitor	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	catalyst series supervisor engine 6t	scope:	eq	version:	6800	Trust: 0.6
vendor:	cisco	model:	catalyst series fixed backbone switches	scope:	eq	version:	6840-x	Trust: 0.6
vendor:	cisco	model:	catalyst series extensible fixed aggregation switches	scope:	eq	version:	6880-x	Trust: 0.6
vendor:	cisco	model:	ios rom monitor	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst 15.1 sy3	scope:	eq	version:	6000	Trust: 0.3

sources: CNVD: CNVD-2018-21223 // BID: 105412 // JVNDB: JVNDB-2018-013330 // CNNVD: CNNVD-201809-1269 // NVD: CVE-2018-15370

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-15370
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2018-15370
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2018-21223
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201809-1269
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-125623
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2018-15370
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2018-21223
severity:	MEDIUM
baseScore:	6.2
vectorString:	AV:L/AC:H/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	1.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-125623
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-15370
baseSeverity:	MEDIUM
baseScore:	6.8
vectorString:	CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	PHYSICAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	0.9
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2018-21223 // VULHUB: VHN-125623 // JVNDB: JVNDB-2018-013330 // CNNVD: CNNVD-201809-1269 // NVD: CVE-2018-15370

PROBLEMTYPE DATA

problemtype:	CWE-264	Trust: 1.8
problemtype:	NVD-CWE-noinfo	Trust: 1.0

sources: JVNDB: JVNDB-2018-013330 // NVD: CVE-2018-15370

THREAT TYPE

local

Trust: 0.9

sources: BID: 105412 // CNNVD: CNNVD-201809-1269

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-201809-1269

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-013330

PATCH

title:	cisco-sa-20180926-catalyst6800	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-catalyst6800	Trust: 0.8
title:	A variety of Cisco products IOSROMMonitorSoftware local security bypass vulnerability patch	url:	https://www.cnvd.org.cn/patchInfo/show/142749	Trust: 0.6
title:	Multiple Cisco product IOS ROM Monitor Software Fixes for permission permissions and access control vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=85278	Trust: 0.6

sources: CNVD: CNVD-2018-21223 // JVNDB: JVNDB-2018-013330 // CNNVD: CNNVD-201809-1269

EXTERNAL IDS

db:	NVD	id:	CVE-2018-15370	Trust: 3.4
db:	BID	id:	105412	Trust: 2.6
db:	JVNDB	id:	JVNDB-2018-013330	Trust: 0.8
db:	CNVD	id:	CNVD-2018-21223	Trust: 0.6
db:	CNNVD	id:	CNNVD-201809-1269	Trust: 0.6
db:	VULHUB	id:	VHN-125623	Trust: 0.1

sources: CNVD: CNVD-2018-21223 // VULHUB: VHN-125623 // BID: 105412 // JVNDB: JVNDB-2018-013330 // CNNVD: CNNVD-201809-1269 // NVD: CVE-2018-15370

REFERENCES

url:	http://www.securityfocus.com/bid/105412	Trust: 2.3
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180926-catalyst6800	Trust: 2.0
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-15370	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-15370	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: CNVD: CNVD-2018-21223 // VULHUB: VHN-125623 // BID: 105412 // JVNDB: JVNDB-2018-013330 // CNNVD: CNNVD-201809-1269 // NVD: CVE-2018-15370

CREDITS

Cisco

Trust: 0.3

sources: BID: 105412

SOURCES

db:	CNVD	id:	CNVD-2018-21223
db:	VULHUB	id:	VHN-125623
db:	BID	id:	105412
db:	JVNDB	id:	JVNDB-2018-013330
db:	CNNVD	id:	CNNVD-201809-1269
db:	NVD	id:	CVE-2018-15370

LAST UPDATE DATE

2024-11-23T22:26:08.794000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2018-21223	date:	2018-10-18T00:00:00
db:	VULHUB	id:	VHN-125623	date:	2019-10-09T00:00:00
db:	BID	id:	105412	date:	2018-09-26T00:00:00
db:	JVNDB	id:	JVNDB-2018-013330	date:	2019-02-19T00:00:00
db:	CNNVD	id:	CNNVD-201809-1269	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2018-15370	date:	2024-11-21T03:50:38.570

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2018-21223	date:	2018-10-18T00:00:00
db:	VULHUB	id:	VHN-125623	date:	2018-10-05T00:00:00
db:	BID	id:	105412	date:	2018-09-26T00:00:00
db:	JVNDB	id:	JVNDB-2018-013330	date:	2019-02-19T00:00:00
db:	CNNVD	id:	CNNVD-201809-1269	date:	2018-09-28T00:00:00
db:	NVD	id:	CVE-2018-15370	date:	2018-10-05T14:29:06.107