#VU62354 Active Debug Code in Cisco Systems, Inc products - CVE-2022-20731
Published: April 15, 2022
Vulnerability identifier: #VU62354
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2022-20731
CWE-ID: CWE-489
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Catalyst Digital Building Series Switches
Cisco Boot Loader
Cisco IOS
Catalyst Digital Building Series Switches
Cisco Boot Loader
Cisco IOS
Software vendor:
Cisco Systems, Inc
Cisco Systems, Inc
Description
The vulnerability allows a local attacker to execute arbitrary code on the system.
The vulnerability exists due to the Secure Boot is not properly enabled. An attacker with physical access can load unsigned code and execute arbitrary code on the target system.
Remediation
Install updates from vendor's website.