Main Vulnerability Database Vulnerabilities #VU67726

Improper Verification of Cryptographic Signature in Cisco IOS XE and Catalyst 9200 Series Switches - CVE-2022-20944

Published: September 29, 2022

Vulnerability identifier: #VU67726

CSH Severity: Low

CVSSv4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2022-20944

CWE-ID: CWE-347

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
Cisco IOS XE
Catalyst 9200 Series Switches

Software vendor:
Cisco Systems, Inc

Description

The vulnerability allows a local attacker to execute arbitrary code on the target system.

The vulnerability exists due to an improper check in the code function that manages the verification of the digital signatures of system image files during the initial boot process. An attacker with physical access can load unsigned software and execute arbitrary code on the target system.

Remediation

Install updates from vendor's website.

External links

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-xe-cat-verify-D4NEQA6q

Improper Verification of Cryptographic Signature in Cisco IOS XE and Catalyst 9200 Series Switches - CVE-2022-20944

Description

Remediation

External links

Please verify you're human