#VU67740 File and Directory Information Exposure in Cisco Systems, Inc products - CVE-2022-20864
Published: September 29, 2022
Vulnerability identifier: #VU67740
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2022-20864
CWE-ID: CWE-538
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Catalyst 3600 Series Switches
Catalyst 3800 Series Switches
Catalyst 9200 Series Switches
Catalyst 9300 Series Switches
Catalyst 9400 Series Switches
Catalyst 9500 Series Switches
Catalyst 9600 Series Switches
Cisco IOS XE ROM Monitor
Catalyst 3600 Series Switches
Catalyst 3800 Series Switches
Catalyst 9200 Series Switches
Catalyst 9300 Series Switches
Catalyst 9400 Series Switches
Catalyst 9500 Series Switches
Catalyst 9600 Series Switches
Cisco IOS XE ROM Monitor
Software vendor:
Cisco Systems, Inc
Cisco Systems, Inc
Description
The vulnerability allows a local attacker to gain access to potentially sensitive information.
The vulnerability exists due to a problem with the file and boot variable permissions in the password-recovery disable feature. An attacker with physical access can gain unauthorized access to sensitive information on the system.
Remediation
Install updates from vendor's website.