#VU62353 Active Debug Code in Cisco Systems, Inc products - CVE-2022-20661

Cybersecurity Help s.r.o.

Published: 2022-04-15

Vulnerability identifier: #VU62353

Vulnerability risk: Low

CVSSv4.0: 1.7 [CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-20661

CWE-ID: CWE-489

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Cisco IOS
Operating systems & Components / Operating system
Catalyst Digital Building Series Switches
Other software / Other software solutions
Catalyst Micro Switches
Other software / Other software solutions
Cisco Boot Loader
Other software / Other software solutions

Vendor: Cisco Systems, Inc

Description

The vulnerability allows a local attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to the affected devices have an internal Cisco development boot loader that includes capabilities beyond those present in a normal boot loader. An attacker with physical access can break into the ROM monitor (ROMMON) during the boot cycle and perform a denial of service (DoS) attack.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Cisco IOS: 15.2(5)EX - 15.2(8)E

Catalyst Digital Building Series Switches: All versions

Catalyst Micro Switches: All versions

Cisco Boot Loader: 15.2(7r)E2

External links
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cdb-cmicr-vulns-KJjFtNb

Q & A

Can this vulnerability be exploited remotely?

No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in Cisco Catalyst Digital Building Series Switches and Cisco Catalyst Micro Switches