SB2022041512 - Multiple vulnerabilities in Cisco Catalyst Digital Building Series Switches and Cisco Catalyst Micro Switches

Security Bulletin ID SB2022041512

Severity

Low

Patch available

YES

Number of vulnerabilities 2

Exploitation vector Physical access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.

1) Active Debug Code (CVE-ID: CVE-2022-20661)

The vulnerability allows a local attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to the affected devices have an internal Cisco development boot loader that includes capabilities beyond those present in a normal boot loader. An attacker with physical access can break into the ROM monitor (ROMMON) during the boot cycle and perform a denial of service (DoS) attack.

2) Active Debug Code (CVE-ID: CVE-2022-20731)

The vulnerability allows a local attacker to execute arbitrary code on the system.

The vulnerability exists due to the Secure Boot is not properly enabled. An attacker with physical access can load unsigned code and execute arbitrary code on the target system.

Remediation

Install update from vendor's website.

References

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cdb-cmicr-vulns-KJjFtNb

SB2022041512 - Multiple vulnerabilities in Cisco Catalyst Digital Building Series Switches and Cisco Catalyst Micro Switches

Breakdown by Severity

Description

Remediation

References

Please verify you're human