CVE-2022-20864

Name of the Vulnerable Software and Affected Versions Cisco IOS XE ROM Monitor (ROMMON) Software for Cisco Catalyst Switches (affected versions not specified)

Description A problem with file and boot variable permissions in ROMMON could allow an unauthenticated, local attacker to recover the configuration or reset the enable password. This issue can be exploited by rebooting the switch into ROMMON and entering specific commands through the console, potentially allowing the attacker to read any file or reset the enable password.

Recommendations For Cisco IOS XE ROM Monitor (ROMMON) Software, update to a version that includes the fix for this issue, as software updates have been released by Cisco to address this problem. At the moment, there is no information about specific workarounds that address this vulnerability.