How severe is CVE-2017-12223?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.4 out of 10.

What type of vulnerability is CVE-2017-12223?

This is classified as CWE-20, which is a common weakness in software security.

CVE-2017-12223 - MEDIUM Severity | CVSS 6.4

Vulnerability Description

A vulnerability in the ROM Monitor (ROMMON) code of Cisco IR800 Integrated Services Router Software could allow an unauthenticated, local attacker to boot an unsigned Hypervisor on an affected device and compromise the integrity of the system. The vulnerability is due to insufficient sanitization of user input. An attacker who can access an affected router via the console could exploit this vulnerability by entering ROMMON mode and modifying ROMMON variables. A successful exploit could allow the attacker to execute arbitrary code and install a malicious version of Hypervisor firmware on an affected device. Cisco Bug IDs: CSCvb44027.

Related Vulnerabilities

CVE-2012-0334

MEDIUM

CVSS:6.4(Medium)

Cisco IronPort Web Security Appliance AsyncOS software prior to 7.5 has a SSL Certificate Caching vulnerability which could allow man-in-the-middle attacks

CWE-202012

CVE-2016-8764

MEDIUM

CVSS:6.4(Medium)

The TrustZone driver in Huawei P9 phones with software Versions earlier than EVA-AL10C00B352 and P9 Lite with software VNS-L21C185B130 and earlier versions and P8 Lite with software ALE-L02C636B150 an...

CWE-202016

CVE-2018-18558

MEDIUM

CVSS:6.4(Medium)

An issue was discovered in Espressif ESP-IDF 2.x and 3.x before 3.0.6 and 3.1.x before 3.1.1. Insufficient validation of input data in the 2nd stage bootloader allows a physically proximate attacker t...

CWE-202018

CVE-2020-6020

MEDIUM

CVSS:6.4(Medium)

Check Point Security Management's Internal CA web management before Jumbo HFAs R80.10 Take 278, R80.20 Take 160, R80.30 Take 210, and R80.40 Take 38, can be manipulated to run commands as a high privi...

CWE-202020

CVE-2021-1482

MEDIUM

CVSS:6.4(Medium)

A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to bypass authorization checking and gain access to sensitive ...

CWE-202021

CVE-2024-2165

MEDIUM

CVSS:6.4(Medium)

The SEOPress – On-site SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the image alt parameter in all versions up to, and including, 7.5.2.1 due to insufficient input sanitiz...

CWE-202024