{ "affected": [ { "database_specific": { "unresolved_ranges": [ { "events": [ { "introduced": "0" }, { "last_affected": "3.18.0sp" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "3.18.1asp" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "3.18.1bsp" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "3.18.1csp" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "3.18.1gsp" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "3.18.1hsp" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "3.18.1isp" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "3.18.1sp" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "3.18.2asp" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "3.18.2sp" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "3.18.3asp" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "3.18.3bsp" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "3.18.3sp" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "3.18.4sp" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "3.18.5sp" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "3.18.6sp" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "3.18.7sp" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "3.18.8asp" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "3.18.8sp" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "16.6.1" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "16.6.2" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "16.6.3" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "16.6.4" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "16.6.4a" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "16.6.4s" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "16.6.5" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "16.6.5a" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "16.6.5b" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "16.6.6" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "16.6.7" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "16.6.7a" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "16.7.1" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "16.7.1a" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "16.7.1b" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "16.7.2" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "16.7.3" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "16.7.4" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "16.8.1" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "16.8.1a" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "16.8.1b" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "16.8.1c" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "16.8.1d" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "16.8.1e" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "16.8.1s" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "16.8.2" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "16.8.3" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "16.9.1" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "16.9.1a" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "16.9.1b" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "16.9.1c" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "16.9.1d" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "16.9.1s" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "16.9.2" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "16.9.2a" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "16.9.2s" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "16.9.3" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "16.9.3a" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "16.9.3h" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "16.9.3s" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "16.9.4" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "16.9.4c" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "16.9.5" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "16.9.5f" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "16.10.1" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "16.10.1a" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "16.10.1b" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "16.10.1c" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "16.10.1d" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "16.10.1e" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "16.10.1f" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "16.10.1g" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "16.10.1s" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "16.10.2" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "16.10.3" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "16.11.1" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "16.11.1a" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "16.11.1b" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "16.11.1c" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "16.11.1s" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "16.11.2" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "16.12.1" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "16.12.1a" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "16.12.1c" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "16.12.1s" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "16.12.1t" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "16.12.1w" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "16.12.1x" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "16.12.1y" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "16.12.2" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "16.12.2a" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "16.12.2s" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "16.12.2t" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "16.12.3" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "16.12.3a" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "17.1.1" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "17.1.1a" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "17.1.1s" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "17.1.1t" } ] } ] } } ], "details": "A vulnerability in Cisco IOS XE Software could allow an authenticated, local attacker to execute persistent code at boot time and break the chain of trust. This vulnerability is due to incorrect validations by boot scripts when specific ROM monitor (ROMMON) variables are set. An attacker could exploit this vulnerability by installing code to a specific directory in the underlying operating system (OS) and setting a specific ROMMON variable. A successful exploit could allow the attacker to execute persistent code on the underlying OS. To exploit this vulnerability, the attacker would need access to the root shell on the device or have physical access to the device.", "id": "CVE-2020-3417", "modified": "2026-03-13T21:47:44.662228085Z", "published": "2020-09-24T18:15:18.730Z", "references": [ { "type": "ADVISORY", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xbace-OnCEbyS" } ], "severity": [ { "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "type": "CVSS_V3" } ] }