Risk | Low |
Patch available | YES |
Number of vulnerabilities | 2 |
CVE-ID | CVE-2022-20661 CVE-2022-20731 |
CWE-ID | CWE-489 |
Exploitation vector | Local |
Public exploit | N/A |
Vulnerable software Subscribe |
Cisco IOS Operating systems & Components / Operating system Catalyst Digital Building Series Switches Other software / Other software solutions Catalyst Micro Switches Other software / Other software solutions Cisco Boot Loader Other software / Other software solutions |
Vendor | Cisco Systems, Inc |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
EUVDB-ID: #VU62353
Risk: Low
CVSSv3.1: 4 [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-20661
CWE-ID:
CWE-489 - Active Debug Code
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to the affected devices have an internal Cisco development boot loader that includes capabilities beyond those present in a normal boot loader. An attacker with physical access can break into the ROM monitor (ROMMON) during the boot cycle and perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's website.
Vulnerable software versionsCisco IOS: 15.2(8)E - 15.2.7 E
Catalyst Digital Building Series Switches: All versions
Catalyst Micro Switches: All versions
Cisco Boot Loader: 15.2(7r)E2
External linksQ & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU62354
Risk: Low
CVSSv3.1: 5.9 [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-20731
CWE-ID:
CWE-489 - Active Debug Code
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to execute arbitrary code on the system.
The vulnerability exists due to the Secure Boot is not properly enabled. An attacker with physical access can load unsigned code and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsCatalyst Digital Building Series Switches: All versions
Cisco IOS: 15.2.5 EX - 15.2.7 E
Cisco Boot Loader: 15.2(7r)E2
External linksQ & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.