CVE-2022-20661

MEDIUM

Cisco Catalyst - Code Injection

Title source: llm

Description

Multiple vulnerabilities that affect Cisco Catalyst Digital Building Series Switches and Cisco Catalyst Micro Switches could allow an attacker to execute persistent code at boot time or to permanently prevent the device from booting, resulting in a permanent denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this advisory.

References (1)

[Vendor Advisory] https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cdb-cmicr-vulns-KJjFtNb

Scores

CVSS v3 4.6

EPSS 0.0033

EPSS Percentile 55.8%

Attack Vector PHYSICAL

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-665 CWE-1221

Status published

Products (2)

cisco/ios 15.2\(8\)e

cisco/ios 15.2\(5\)ex - 15.2\(7\)e5

Published Apr 15, 2022

Tracked Since Feb 18, 2026