CVE-2022-20944

Name of the Vulnerable Software and Affected Versions Cisco IOS XE Software for Cisco Catalyst 9200 Series Switches versions prior to 16.11.1

Description A vulnerability in the software image verification functionality could allow an unauthenticated, physical attacker to execute unsigned code at system boot time. This issue is due to an improper check in the code function that manages the verification of the digital signatures of system image files during the initial boot process. An attacker could exploit this vulnerability by loading unsigned software on an affected device, potentially allowing the attacker to boot a malicious software image or execute unsigned code and bypass the image verification check. To exploit this vulnerability, the attacker needs either unauthenticated physical access to the device or privileged access to the root shell on the device.

Recommendations For Cisco IOS XE Software for Cisco Catalyst 9200 Series Switches versions prior to 16.11.1, update to a version that includes the fix for this vulnerability, as software updates have been released by Cisco to address this issue. As a temporary workaround, consider restricting physical access to the device and limiting privileged access to the root shell to minimize the risk of exploitation.