Active Debug Code in Cisco Systems, Inc products - CVE-2022-20731
Published: April 15, 2022
Vulnerability identifier: #VU62354
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2022-20731
CWE-ID: CWE-489
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Cisco Systems, Inc
Affected software:
Catalyst Digital Building Series Switches
Cisco Boot Loader
Cisco IOS
Catalyst Digital Building Series Switches
Cisco Boot Loader
Cisco IOS
Detailed vulnerability description
The vulnerability allows a local attacker to execute arbitrary code on the system.
The vulnerability exists due to the Secure Boot is not properly enabled. An attacker with physical access can load unsigned code and execute arbitrary code on the target system.
How to mitigate CVE-2022-20731
Install updates from vendor's website.