First published: Mon Oct 10 2022(Updated: )
A vulnerability in the password-recovery disable feature of Cisco IOS XE ROM Monitor (ROMMON) Software for Cisco Catalyst Switches could allow an unauthenticated, local attacker to recover the configuration or reset the enable password. This vulnerability is due to a problem with the file and boot variable permissions in ROMMON. An attacker could exploit this vulnerability by rebooting the switch into ROMMON and entering specific commands through the console. A successful exploit could allow the attacker to read any file or reset the enable password.
Credit: ykramarz@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Cisco IOS XE ROM Monitor | ||
Cisco Catalyst 3650 | ||
Cisco Catalyst 3650-12X48FD-E | ||
Cisco Catalyst 3650-12x48FD-L | ||
Cisco Catalyst 3650-12x48FD-S | ||
Cisco Catalyst 3650-12x48UQ | ||
Cisco Catalyst 3650-12x48UQ-E | ||
Cisco Catalyst 3650-12X48UQ-L | ||
Cisco Catalyst 3650-12x48UQ-S | ||
Cisco Catalyst 3650-12x48UR | ||
Cisco Catalyst 3650-12X48UR-E | ||
Cisco Catalyst 3650-12X48UR-L | ||
Cisco Catalyst 3650-12x48ur-s | ||
Cisco Catalyst 3650-12X48UZ | ||
Cisco Catalyst 3650-12x48UZ-E | ||
Cisco Catalyst 3650-12x48UZ-L | ||
Cisco Catalyst 3650-12x48uz-s | ||
Cisco Catalyst 3650 24 Port PoE Switch (WS-C3650-24PD) | ||
Cisco Catalyst 3650-24PD-E | ||
Cisco Catalyst 3650-24PD-L | ||
Cisco Catalyst 3650-24PD-S | ||
Cisco Catalyst 3650-24PDM | ||
Cisco Catalyst 3650-24PDM-E | ||
Cisco Catalyst 3650-24PDM-L | ||
Cisco Catalyst 3650-24PDM-S | ||
Cisco Catalyst 3650-24PS-E | ||
Cisco Catalyst 3650-24PS-L | ||
Cisco Catalyst 3650-24PS-S | ||
Cisco Catalyst 3650-24TD-E | ||
Cisco Catalyst 3650-24TD-L | ||
Cisco Catalyst 3650-24TD Switch | ||
Cisco Catalyst 3650-24TS-E | ||
Cisco Catalyst 3650-24TS-L | ||
Cisco Catalyst 3650-24TS-S | ||
Cisco Catalyst 3650-48FD-E | ||
Cisco Catalyst 3650-48FD-L | ||
Cisco Catalyst 3650-48FD-S | ||
Cisco Catalyst 3650-48FQ | ||
Cisco Catalyst 3650-48FQ-E | ||
Cisco Catalyst 3650-48FQ-L | ||
Cisco Catalyst 3650-48FQ-S | ||
Cisco Catalyst 3650-48FQM Switch | ||
Cisco Catalyst 3650-48FQM Switch | ||
Cisco Catalyst 3650-48FQM Switch | ||
Cisco Catalyst 3650-48FQM Switch | ||
Cisco Catalyst 3650-48FS-E | ||
Cisco Catalyst 3650 Series Switch WS-C3650-48FS | ||
Cisco Catalyst 3650 Series Switch WS-C3650-48FS | ||
Cisco Catalyst 3650-48PD-E | ||
Cisco Catalyst 3650-48PD-L | ||
Cisco Catalyst 3650-48PD-S | ||
Cisco Catalyst 3650-48PQ-E | ||
Cisco Catalyst 3650-48PQ-L | ||
Cisco Catalyst 3650-48PQ-S | ||
Cisco Catalyst 3650-48PS-E | ||
Cisco Catalyst 3650-48PS-L | ||
Cisco Catalyst 3650-48PS-S | ||
Cisco Catalyst 3650-48TD-E | ||
Cisco Catalyst 3650-48TD-L | ||
Cisco Catalyst 3650-48TD-S | ||
Cisco Catalyst 3650-48TQ-E | ||
Cisco Catalyst 3650-48TQ-L | ||
Cisco Catalyst 3650-48TQ-S | ||
Cisco Catalyst 3650-48TS Switch | ||
Cisco Catalyst 3650-48TS Switch | ||
Cisco Catalyst 3650-48TS Switch | ||
Cisco Catalyst 3650-8x24PD-E | ||
Cisco Catalyst 3650-8x24PD-L | ||
Cisco Catalyst 3650-8x24PD-S | ||
Cisco Catalyst 3650-8X24UQ | ||
Cisco Catalyst 3650-8x24UQ-E | ||
Cisco Catalyst 3650-8X24UQ | ||
Cisco Catalyst 3650-8X24UQ | ||
Cisco Catalyst 3850 | ||
Cisco Catalyst 3850-12S-E | ||
Cisco Catalyst 3850-12S-S | ||
Cisco Catalyst 3850-12X48U-E | ||
Cisco Catalyst 3850-12XS-E | ||
Cisco Catalyst 3850-12XS-S | ||
Cisco Catalyst 3850-16XS-E | ||
Cisco Catalyst 3850-16XS-S | ||
Cisco Catalyst 3850-24P-E | ||
Cisco Catalyst 3850-24P-L | ||
Cisco Catalyst 3850-24P-S | ||
Cisco Catalyst 3850-24PW-S | ||
Cisco Catalyst 3850-24S-E | ||
Cisco Catalyst 3850-24S-S | ||
Cisco Catalyst 3850-24T-E | ||
Cisco Catalyst 3850-24T-L | ||
Cisco Catalyst 3850-24T-S | ||
Cisco Catalyst 3850-24U | ||
Cisco Catalyst 3850-24U-E | ||
Cisco Catalyst 3850-24U-L | ||
Cisco Catalyst 3850-24U-S | ||
Cisco Catalyst 3850-24XS | ||
Cisco Catalyst 3850-24XS-E | ||
Cisco Catalyst 3850-24XS-S | ||
Cisco Catalyst 3850-24XU | ||
Cisco Catalyst 3850-24XU | ||
Cisco Catalyst 3850-24XU | ||
Cisco Catalyst 3850-24XU | ||
Cisco Catalyst 3850-32XS-E | ||
Cisco Catalyst 3850-32XS-S | ||
Cisco Catalyst 3850-48F-E | ||
Cisco Catalyst 3850-48F-L | ||
Cisco Catalyst 3850-48F-S | ||
Cisco Catalyst 3850-48P-E | ||
Cisco Catalyst 3850-48P-L | ||
Cisco Catalyst 3850-48P-S | ||
Cisco Catalyst 3850-48PW-S | ||
Cisco Catalyst 3850-48T-E | ||
Cisco Catalyst 3850-48T-L | ||
Cisco Catalyst 3850-48T-S | ||
Cisco Catalyst 3850-48U | ||
Cisco Catalyst 3850-48U-E | ||
Cisco Catalyst 3850-48U | ||
Cisco Catalyst 3850-48U-S | ||
Cisco Catalyst 3850-48XS | ||
Cisco Catalyst 3850-48XS-E | ||
Cisco Catalyst 3850-48XS | ||
Cisco Catalyst 3850-48XS | ||
Cisco Catalyst 3850-48XS-S | ||
Cisco Catalyst 3850-NM-2-40G | ||
Cisco Catalyst 3850-NM-8-10G | ||
Cisco Catalyst 9200CX | ||
Cisco Catalyst 9200CX | ||
Cisco Catalyst 9200 Series | ||
Cisco Catalyst 9300 Series | ||
Cisco Catalyst C9300-24P | ||
Cisco Catalyst C9300-24P | ||
Cisco Catalyst 9300 Series | ||
Cisco Catalyst 9300 Series | ||
Cisco Catalyst C9300-24T | ||
Cisco Catalyst C9300-24T | ||
Cisco Catalyst C9300-24U | ||
Cisco Catalyst C9300-24U | ||
Cisco Catalyst 9300-24UX-A | ||
Cisco Catalyst 9300-24UX-E | ||
Cisco Catalyst 9300-48P-A | ||
Cisco Catalyst 9300-48P-E | ||
Cisco Catalyst 9300 Series | ||
Cisco Catalyst 9300 Series | ||
Cisco Catalyst 9300-48T-A | ||
Cisco Catalyst 9300-48T-E | ||
Cisco Catalyst 9300-48U-A | ||
Cisco Catalyst 9300-48U-E | ||
Cisco Catalyst C9300 Series | ||
Cisco Catalyst 9300-48U-E | ||
Cisco Catalyst 9300-48UXM-A | ||
Cisco Catalyst 9300-48UXM-E | ||
Cisco Catalyst 9300L Stack | ||
Cisco Catalyst C9300L-24P-4G | ||
Cisco Catalyst C9300L-24P-4G | ||
Cisco Catalyst 9300L-24P-4X-A | ||
Cisco Catalyst 9300L-24P-4X-E | ||
Cisco Catalyst 9300L-24T-4G | ||
Cisco Catalyst 9300L-24T-4G | ||
Cisco Catalyst 9300L-24T-4X-A | ||
Cisco Catalyst 9300L-24T-4X-E | ||
Cisco Catalyst C9300L-48P-4G | ||
Cisco Catalyst C9300L-48P-4G | ||
Cisco Catalyst C9300L-48P-4X | ||
Cisco Catalyst C9300L-48P-4X | ||
Cisco Catalyst C9300L-48T-4G | ||
Cisco Catalyst C9300L-48T-4G | ||
Cisco Catalyst C9300L-48T-4X | ||
Cisco Catalyst C9300L-48T-4X | ||
Cisco Catalyst 9300L Stack | ||
Cisco Catalyst 9300 Series | ||
Cisco Catalyst 9300X | ||
Cisco Catalyst 9400 | ||
Cisco Catalyst C9407R | ||
Cisco Catalyst C9410R | ||
Cisco Catalyst 9500 Series | ||
Cisco Catalyst 9500H | ||
Cisco Catalyst 9600 | ||
Cisco Catalyst 9600 | ||
Cisco Catalyst c2928-24lt-c | ||
Cisco Catalyst c2928-48tc-c | ||
Cisco Catalyst 3850-12X48U-E | ||
Cisco Catalyst C3850-12X48U-L | ||
Cisco Catalyst 3850-12X48U-S | ||
Cisco Catalyst C9200-24P | ||
Cisco Catalyst C9200-24T | ||
Cisco Catalyst C9200-48P | ||
Cisco Catalyst C9200-48T | ||
Cisco Catalyst C9200L-24P-4G | ||
Cisco Catalyst C9200L-24P-4X | ||
Cisco catalyst c9200l-24pxg-2y | ||
Cisco Catalyst C9200L-24PXG-4X | ||
Cisco Catalyst C9200L-24T-4G | ||
Cisco Catalyst C9200L-24T-4X | ||
Cisco Catalyst C9200L-48P-4G | ||
Cisco Catalyst C9200L-48P-4X | ||
Cisco Catalyst C9200L-48PXG-2Y | ||
Cisco Catalyst C9200L-48PXG-4X | ||
Cisco Catalyst C9200L-48T-4G | ||
Cisco Catalyst C9200L-48T-4X | ||
Cisco Catalyst C9300-24P | ||
Cisco Catalyst C9300-24S | ||
Cisco Catalyst 9300-24T-A | ||
Cisco Catalyst C9300-24U | ||
Cisco Catalyst C9300-24UX | ||
Cisco Catalyst C9300-48P | ||
Cisco Catalyst C9300-48S | ||
Cisco Catalyst C9300-48T | ||
Cisco Catalyst 9300-48U | ||
Cisco Catalyst C9300 Series | ||
Cisco Catalyst C9300-48UXM | ||
Cisco Catalyst C9300L-24P-4G | ||
Cisco Catalyst C9300L-24P-4X | ||
Cisco Catalyst 9300L-24T-4G | ||
Cisco Catalyst C9300L-24T-4X | ||
Cisco Catalyst C9300L-48P-4G | ||
Cisco Catalyst C9300L-48P-4X | ||
Cisco Catalyst C9300L-48T-4G | ||
Cisco Catalyst C9300L-48T-4X | ||
Cisco Catalyst C9404R | ||
Cisco Catalyst C9407R | ||
Cisco Catalyst C9410R | ||
Cisco Catalyst 9500 | ||
Cisco Catalyst C9500-12Q-A | ||
Cisco Catalyst 9500 | ||
Cisco Catalyst 9500 Series | ||
Cisco Catalyst C9500-16X-A | ||
Cisco Catalyst 9500 Series | ||
Cisco Catalyst C9500-24Q | ||
Cisco Catalyst C9500-24Q-A | ||
Cisco Catalyst C9500-24Q-E | ||
Cisco Catalyst C9500-24Y4C | ||
Cisco Catalyst C9500-32C | ||
Cisco Catalyst C9500-32QC | ||
Cisco Catalyst 9500-40X-E | ||
Cisco Catalyst 9500-40X-A | ||
Cisco Catalyst 9500-40X-E | ||
Cisco Catalyst C9500-48Y4C | ||
Cisco Catalyst c9600-lc-24c | ||
Cisco Catalyst 9600 | ||
Cisco Catalyst c9600-lc-48tx | ||
Cisco Catalyst c9600-lc-48yl |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-20864 has been assigned a severity rating of high due to its potential to allow unauthorized configuration recovery.
To fix CVE-2022-20864, upgrade the Cisco IOS XE ROMMON Software to the latest version provided by Cisco.
CVE-2022-20864 affects Cisco Catalyst Switches with IOS XE ROMMON Software, particularly models like the Catalyst 3650 and 3850.
No, CVE-2022-20864 requires local access for an attacker to take advantage of the vulnerability.
Organizations may face unauthorized access to configurations or password resets, which could compromise network security.