CVE-2022-20944
Cisco IOS XE Software for Catalyst 9200 Series Switches Arbitrary Code Execution Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A vulnerability in the software image verification functionality of Cisco IOS XE Software for Cisco Catalyst 9200 Series Switches could allow an unauthenticated, physical attacker to execute unsigned code at system boot time. This vulnerability is due to an improper check in the code function that manages the verification of the digital signatures of system image files during the initial boot process. An attacker could exploit this vulnerability by loading unsigned software on an affected device. A successful exploit could allow the attacker to boot a malicious software image or execute unsigned code and bypass the image verification check part of the boot process of the affected device. To exploit this vulnerability, the attacker needs either unauthenticated physical access to the device or privileged access to the root shell on the device. Note: In Cisco IOS XE Software releases 16.11.1 and later, root shell access is protected by the Consent Token mechanism. However, an attacker with level-15 privileges could easily downgrade the Cisco IOS XE Software running on a device to a release where root shell access is more readily available.
Una vulnerabilidad en la función de verificación de imágenes de software del software Cisco IOS XE para los switches Cisco Catalyst de la serie 9200 podría permitir a un atacante físico no autenticado ejecutar código no firmado en el momento del arranque del sistema. Esta vulnerabilidad es debido a una comprobación inapropiada en la función del código que administra la verificación de las firmas digitales de los archivos de imagen del sistema durante el proceso de arranque inicial. Un atacante podría explotar esta vulnerabilidad al cargar software no firmado en un dispositivo afectado. Una explotación con éxito podría permitir al atacante arrancar una imagen de software malicioso o ejecutar código no firmado y omitir la parte de verificación de la imagen del proceso de arranque del dispositivo afectado. Para explotar esta vulnerabilidad, el atacante necesita un acceso físico no autenticado al dispositivo o un acceso privilegiado al shell root del dispositivo. Nota: En versiones 16.11.1 y posteriores del software Cisco IOS XE, el acceso al shell root está protegido por el mecanismo de token de consentimiento. Sin embargo, un atacante con privilegios de nivel 15 podría fácilmente degradar el software Cisco IOS XE que es ejecutado en un dispositivo a una versión en la que el acceso al shell root está más disponible
CVSS Scores
SSVC
- Decision:Track*
Timeline
- 2021-11-02 CVE Reserved
- 2022-10-10 CVE Published
- 2024-03-10 EPSS Updated
- 2024-11-01 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-347: Improper Verification of Cryptographic Signature
CAPEC
References (1)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | - | - |
Affected
| in | Cisco Search vendor "Cisco" | Catalyst 9200 Search vendor "Cisco" for product "Catalyst 9200" | - | - |
Safe
|
Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | - | - |
Affected
| in | Cisco Search vendor "Cisco" | Catalyst 9200cx Search vendor "Cisco" for product "Catalyst 9200cx" | - | - |
Safe
|
Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | - | - |
Affected
| in | Cisco Search vendor "Cisco" | Catalyst 9200l Search vendor "Cisco" for product "Catalyst 9200l" | - | - |
Safe
|
Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | - | - |
Affected
| in | Cisco Search vendor "Cisco" | Catalyst C9200-24p Search vendor "Cisco" for product "Catalyst C9200-24p" | - | - |
Safe
|
Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | - | - |
Affected
| in | Cisco Search vendor "Cisco" | Catalyst C9200-24t Search vendor "Cisco" for product "Catalyst C9200-24t" | - | - |
Safe
|
Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | - | - |
Affected
| in | Cisco Search vendor "Cisco" | Catalyst C9200-48p Search vendor "Cisco" for product "Catalyst C9200-48p" | - | - |
Safe
|
Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | - | - |
Affected
| in | Cisco Search vendor "Cisco" | Catalyst C9200-48t Search vendor "Cisco" for product "Catalyst C9200-48t" | - | - |
Safe
|
Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | - | - |
Affected
| in | Cisco Search vendor "Cisco" | Catalyst C9200l-24p-4g Search vendor "Cisco" for product "Catalyst C9200l-24p-4g" | - | - |
Safe
|
Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | - | - |
Affected
| in | Cisco Search vendor "Cisco" | Catalyst C9200l-24p-4x Search vendor "Cisco" for product "Catalyst C9200l-24p-4x" | - | - |
Safe
|
Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | - | - |
Affected
| in | Cisco Search vendor "Cisco" | Catalyst C9200l-24pxg-2y Search vendor "Cisco" for product "Catalyst C9200l-24pxg-2y" | - | - |
Safe
|
Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | - | - |
Affected
| in | Cisco Search vendor "Cisco" | Catalyst C9200l-24pxg-4x Search vendor "Cisco" for product "Catalyst C9200l-24pxg-4x" | - | - |
Safe
|
Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | - | - |
Affected
| in | Cisco Search vendor "Cisco" | Catalyst C9200l-24t-4g Search vendor "Cisco" for product "Catalyst C9200l-24t-4g" | - | - |
Safe
|
Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | - | - |
Affected
| in | Cisco Search vendor "Cisco" | Catalyst C9200l-24t-4x Search vendor "Cisco" for product "Catalyst C9200l-24t-4x" | - | - |
Safe
|
Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | - | - |
Affected
| in | Cisco Search vendor "Cisco" | Catalyst C9200l-48p-4g Search vendor "Cisco" for product "Catalyst C9200l-48p-4g" | - | - |
Safe
|
Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | - | - |
Affected
| in | Cisco Search vendor "Cisco" | Catalyst C9200l-48p-4x Search vendor "Cisco" for product "Catalyst C9200l-48p-4x" | - | - |
Safe
|
Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | - | - |
Affected
| in | Cisco Search vendor "Cisco" | Catalyst C9200l-48pxg-2y Search vendor "Cisco" for product "Catalyst C9200l-48pxg-2y" | - | - |
Safe
|
Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | - | - |
Affected
| in | Cisco Search vendor "Cisco" | Catalyst C9200l-48pxg-4x Search vendor "Cisco" for product "Catalyst C9200l-48pxg-4x" | - | - |
Safe
|
Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | - | - |
Affected
| in | Cisco Search vendor "Cisco" | Catalyst C9200l-48t-4g Search vendor "Cisco" for product "Catalyst C9200l-48t-4g" | - | - |
Safe
|
Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | - | - |
Affected
| in | Cisco Search vendor "Cisco" | Catalyst C9200l-48t-4x Search vendor "Cisco" for product "Catalyst C9200l-48t-4x" | - | - |
Safe
|