CVE-2022-20677
6.7
Vector
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Exploitability: 0.8 / Impact: 5.9
Source: NVD
Description
Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software. For more information about these vulnerabilities, see the Details section of this advisory.
Affected (1)
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Version 17.6.1 |
| Running on/with | Platform Versions |
|---|---|
Cisco 1100 4g Integrated Services Router | All versions |
Cisco 1100 6g Integrated Services Router | All versions |
Cisco 1101 Integrated Services Router | All versions |
Cisco 1109 Integrated Services Router | All versions |
Cisco 1111x Integrated Services Router | All versions |
Cisco 111x Integrated Services Router | All versions |
Cisco 1120 Integrated Services Router | All versions |
Cisco 1131 Integrated Services Router | All versions |
Cisco 1160 Integrated Services Router | All versions |
Cisco 4221 Integrated Services Router | All versions |
Cisco 8101 32fh | All versions |
Cisco 8101 32h | All versions |
Cisco 8102 64h | All versions |
Cisco 8201 | All versions |
Cisco 8201 32fh | All versions |
Cisco 8202 | All versions |
Cisco 8800 | All versions |
Cisco Asr 1001 X | All versions |
Cisco Asr 1002 Hx | All versions |
Cisco Asr 1006 X | All versions |
Cisco Asr 1009 X | All versions |
Cisco Asr 900 | All versions |
Cisco Asr 9000v V2 | All versions |
Cisco Asr 9001 | All versions |
Cisco Asr 9006 | All versions |
Cisco Asr 9010 | All versions |
Cisco Asr 9901 | All versions |
Cisco Asr 9902 | All versions |
Cisco Asr 9903 | All versions |
Cisco Asr 9904 | All versions |
Cisco Asr 9906 | All versions |
Cisco Asr 9910 | All versions |
Cisco Asr 9912 | All versions |
Cisco Asr 9922 | All versions |
Cisco Catalyst 3650 | All versions |
Cisco Catalyst 3850 | All versions |
Cisco Catalyst 8200 | All versions |
Cisco Catalyst 8300 | All versions |
Cisco Catalyst 8500 | All versions |
Cisco Catalyst 8500l | All versions |
Cisco Catalyst 9200 | All versions |
Cisco Catalyst 9300 | All versions |
Cisco Catalyst 9400 | All versions |
Cisco Catalyst 9500 | All versions |
Cisco Catalyst 9500h | All versions |
Cisco Catalyst 9600 | All versions |
Cisco Catalyst 9800 | All versions |
Cisco Catalyst 9800 40 | All versions |
Cisco Catalyst 9800 80 | All versions |
Cisco Catalyst 9800 Cl | All versions |
Cisco Catalyst 9800 L | All versions |
Cisco Catalyst Cg418 E | All versions |
Cisco Catalyst Cg522 E | All versions |
Cisco Catalyst Ess9300 | All versions |
Cisco Catalyst Ie3200 | All versions |
Cisco Catalyst Ie3300 | All versions |
Cisco Catalyst Ie3400 | All versions |
Cisco Catalyst Ie9300 | All versions |
Cisco Cloud Services Router 1000v | All versions |
Cisco Esr3300 | All versions |
Cisco Esr6300 | All versions |
Related CWEs
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
CWE-326
Inadequate Encryption Strength
The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.
References (2)
Source: psirt@cisco.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Timeline
No history available yet.