CVE-2022-20731 — Incorrect Register Defaults or Module Parameters in Cisco Catalyst Digital Building Series Switches Firmware

CWE-1221 — Incorrect Register Defaults or Module Parameters CWE-665 — Improper Initialization CWE-489 — Active Debug Code4 documents4 sources

Severity

6.8MEDIUMNVD

CNA4.6

EPSS

0.1%

top 74.76%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Catalyst Digital Building Series Switches Firmware Cisco IOS Rommon Software

Timeline

PublishedApr 15

Latest updateApr 16

Description

Multiple vulnerabilities that affect Cisco Catalyst Digital Building Series Switches and Cisco Catalyst Micro Switches could allow an attacker to execute persistent code at boot time or to permanently prevent the device from booting, resulting in a permanent denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this advisory.

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 0.9 | Impact: 5.9

Affected Packages2 packages

▶NVDcisco/catalyst_digital_building_series_switches_firmware15.2\(7\)e

▶CVEListV5cisco/cisco_ios_rommon_softwaren/a

🔴Vulnerability Details

GHSA

GHSA-r38r-g64f-728h: Multiple vulnerabilities that affect Cisco Catalyst Digital Building Series Switches and Cisco Catalyst Micro Switches could allow an attacker to exec↗2022-04-16

▶

CVEList

Cisco Catalyst Digital Building Series Switches and Cisco Catalyst Micro Switches Vulnerabilities↗2022-04-15

▶

📋Vendor Advisories

Cisco

Cisco Catalyst Digital Building Series Switches and Cisco Catalyst Micro Switches Vulnerabilities↗2022-04-13

▶