fkie_nvd - fkie_cve-2022-20661

fkie_cve-2022-20661

Vulnerability from fkie_nvd

Published

2022-04-15 15:15

Modified

2024-11-21 06:43

Severity ?

4.6 (Medium) - CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
4.6 (Medium) - CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

Multiple vulnerabilities that affect Cisco Catalyst Digital Building Series Switches and Cisco Catalyst Micro Switches could allow an attacker to execute persistent code at boot time or to permanently prevent the device from booting, resulting in a permanent denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this advisory.

References

▶	URL	Tags
	psirt@cisco.com	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cdb-cmicr-vulns-KJjFtNb	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cdb-cmicr-vulns-KJjFtNb	Vendor Advisory

Impacted products

Vendor	Product	Version
cisco	ios	*
cisco	cdb-8p	-
cisco	cdb-8u	-
cisco	ios	*
cisco	ios	15.2\(8\)e
cisco	cmicr-4pc	-
cisco	cmicr-4ps	-
cisco	cmicr-4pt	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:ios:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1D314C9-2824-416D-B5E8-D5FA3A75BB21",
              "versionEndExcluding": "15.2\\(7\\)e5",
              "versionStartIncluding": "15.2\\(5\\)ex",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:cdb-8p:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EADFD557-FD58-434E-AF80-02E57B9D88FC",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:cdb-8u:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "56C7E5F1-4D51-4622-8375-C78E8665D84A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:ios:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1D314C9-2824-416D-B5E8-D5FA3A75BB21",
              "versionEndExcluding": "15.2\\(7\\)e5",
              "versionStartIncluding": "15.2\\(5\\)ex",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios:15.2\\(8\\)e:*:*:*:*:*:*:*",
              "matchCriteriaId": "FFF00927-80B0-4BE3-BF7C-E663A5E7763A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:cmicr-4pc:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA90B732-C0DA-4B96-9989-57BC515D6C9F",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:cmicr-4ps:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CB744048-0288-4121-9CE5-EB6FD32A7BBC",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:cmicr-4pt:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "74745F07-B24A-4F2D-AC3A-CB607D5EB0FF",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple vulnerabilities that affect Cisco Catalyst Digital Building Series Switches and Cisco Catalyst Micro Switches could allow an attacker to execute persistent code at boot time or to permanently prevent the device from booting, resulting in a permanent denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this advisory."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples vulnerabilidades que afectan a  Cisco Catalyst Digital Building Series Switches and Cisco Catalyst Micro Switches podr\u00edan permitir a un atacante ejecutar c\u00f3digo persistente en el momento del arranque o impedir permanentemente el arranque del dispositivo, resultando en una condici\u00f3n de denegaci\u00f3n de servicio (DoS) permanente. Para m\u00e1s informaci\u00f3n sobre estas vulnerabilidades, consulte la secci\u00f3n Details de este aviso"
    }
  ],
  "id": "CVE-2022-20661",
  "lastModified": "2024-11-21T06:43:15.880",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 4.9,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "PHYSICAL",
          "availabilityImpact": "HIGH",
          "baseScore": 4.6,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 0.9,
        "impactScore": 3.6,
        "source": "psirt@cisco.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "PHYSICAL",
          "availabilityImpact": "HIGH",
          "baseScore": 4.6,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 0.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-04-15T15:15:12.300",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cdb-cmicr-vulns-KJjFtNb"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cdb-cmicr-vulns-KJjFtNb"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-1221"
        }
      ],
      "source": "psirt@cisco.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-665"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2022-20661 (GCVE-0-2022-20661)

Vulnerability from cvelistv5

Published

2022-04-15 14:16

Modified

2024-11-06 16:25

Severity ?

4.6 (Medium) - CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-1221

Summary

References

►

URL

Tags

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cdb-cmicr-vulns-KJjFtNb

vendor-advisory, x_refsource_CISCO