CVE-2022-20944Improper Verification of Cryptographic Signature in Cisco IOS XE Software

CWE-347Improper Verification of Cryptographic Signature4 documents4 sources
Severity
6.8MEDIUMNVD
CNA6.1
EPSS
0.1%
top 71.58%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco IOS XE Software
Timeline
PublishedOct 10
Latest updateOct 11

Description

A vulnerability in the software image verification functionality of Cisco IOS XE Software for Cisco Catalyst 9200 Series Switches could allow an unauthenticated, physical attacker to execute unsigned code at system boot time. This vulnerability is due to an improper check in the code function that manages the verification of the digital signatures of system image files during the initial boot process. An attacker could exploit this vulnerability by loading unsigned software on an affected device

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 0.9 | Impact: 5.9

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-854x-2jm6-mvwp: A vulnerability in the software image verification functionality of Cisco IOS XE Software for Cisco Catalyst 9200 Series Switches could allow an unaut2022-10-11
CVEList
Cisco IOS XE Software for Catalyst 9200 Series Switches Arbitrary Code Execution Vulnerability2022-10-10

📋Vendor Advisories

1
Cisco
Cisco IOS XE Software for Catalyst 9200 Series Switches Arbitrary Code Execution Vulnerability2022-09-28
CVE-2022-20944 — Cisco IOS XE Software vulnerability | cvebase