CVE-2017-12223

Name of the Vulnerable Software and Affected Versions Cisco IR800 Integrated Services Router Software (affected versions not specified)

Description A vulnerability in the ROM Monitor (ROMMON) code could allow an unauthenticated, local attacker to compromise the integrity of the system by booting an unsigned Hypervisor on an affected device. The issue is due to insufficient sanitization of user input. An attacker with console access to an affected router could exploit this by entering ROMMON mode and modifying ROMMON variables, potentially allowing the execution of arbitrary code and the installation of malicious Hypervisor firmware.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.