CVE-2022-20665

Published: Apr 6, 2022Modified: Nov 21, 2024

6.7

Vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Exploitability: 0.8 / Impact: 5.9

Source: NVD

Description

A vulnerability in the CLI of Cisco StarOS could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerability is due to insufficient input validation of CLI commands. An attacker could exploit this vulnerability by sending crafted commands to the CLI. A successful exploit could allow the attacker to execute arbitrary code with the privileges of the root user. To exploit this vulnerability, an attacker would need to have valid administrative credentials on an affected device.

Affected (2)

Products: Cisco: Staros

1 product

Configuration A

2 vulnerable · 3 platform

Vulnerable Software	Affected Versions
Cisco Staros	Before 21.22.n6
Cisco Staros	From 21.23.0 to 21.23.n7

Running on/with	Platform Versions
Cisco Asr 5500	All versions
Cisco Asr 5700	All versions
Cisco Ultra Cloud Core	All versions

Related CWEs

Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

References (2)

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-staros-cmdinj-759mNT4n

Source: psirt@cisco.com

Vendor Advisory

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-staros-cmdinj-759mNT4n

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.