Active Debug Code in Cisco Systems, Inc products - CVE-2022-20731

 

Active Debug Code in Cisco Systems, Inc products - CVE-2022-20731

Published: April 15, 2022


Vulnerability identifier: #VU62354
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2022-20731
CWE-ID: CWE-489
Exploitation vector: Local access
Exploit availability: No public exploit available
Vendor: Cisco Systems, Inc
Affected software:
Catalyst Digital Building Series Switches
Cisco Boot Loader
Cisco IOS

Detailed vulnerability description

The vulnerability allows a local attacker to execute arbitrary code on the system.

The vulnerability exists due to the Secure Boot is not properly enabled. An attacker with physical access can load unsigned code and execute arbitrary code on the target system.


How to mitigate CVE-2022-20731

Install updates from vendor's website.

Sources