CVE-2022-20725
4.8
Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Exploitability: 1.7 / Impact: 2.7
Source: NVD
Description
Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software. For more information about these vulnerabilities, see the Details section of this advisory.
Affected (215)
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| All versions | |
| All versions | |
| Version 15.2(5)e1 | |
| Version 16.10.1 | |
| All versions |
| Running on/with | Platform Versions |
|---|---|
Cisco 800m Integrated Services Router | All versions |
Cisco 807 Industrial Integrated Services Router | All versions |
Cisco 812 3g Integrated Services Router | All versions |
Cisco 812 Cifi Integrated Services Router | All versions |
Cisco 819 Hardened Dual Radio 802.11n Wifi Integrated Services Router | All versions |
Cisco 819 Hardened Integrated Services Router | All versions |
Cisco 829 Industrial Integrated Services Router | All versions |
Cisco 860vae W Integrated Services Router | All versions |
Cisco 861 Integrated Services Router | All versions |
Cisco 861w Integrated Services Router | All versions |
Cisco 866vae Integrated Services Router | All versions |
Cisco 867 Integrated Services Router | All versions |
Cisco 867vae Integrated Services Router | All versions |
Cisco 880 Voice Integrated Services Router | All versions |
Cisco 880 3g Integrated Services Router | All versions |
Cisco 881 Cube Integrated Services Router | All versions |
Cisco 881 3g Integrated Services Router | All versions |
Cisco 881 Integrated Services Router | All versions |
Cisco 881w Integrated Services Router | All versions |
Cisco 886 Integrated Services Router | All versions |
Cisco 886va Cube Integrated Services Router | All versions |
Cisco 886va W Integrated Services Router | All versions |
Cisco 886va Integrated Services Router | All versions |
Cisco 886vag 3g Integrated Services Router | All versions |
Cisco 887 Integrated Services Router | All versions |
Cisco 887v Integrated Services Router | All versions |
Cisco 887va Cube Integrated Services Router | All versions |
Cisco 887va W Integrated Services Router | All versions |
Cisco 887va Integrated Services Router | All versions |
Cisco 887vag 3g Integrated Services Router | All versions |
Cisco 887vam W Integrated Services Router | All versions |
Cisco 887vamg 3g Integrated Services Router | All versions |
Cisco 888 Cube Integrated Services Router | All versions |
Cisco 888 Integrated Services Router | All versions |
Cisco 888e Cube Integrated Services Router | All versions |
Cisco 888e Integrated Services Router | All versions |
Cisco 888eg 3g Integrated Services Router | All versions |
Cisco 888w Integrated Services Router | All versions |
Cisco 891 24x Integrated Services Router | All versions |
Cisco 891 Integrated Services Router | All versions |
Cisco 891w Integrated Services Router | All versions |
Cisco 892 Integrated Services Router | All versions |
Cisco 892f Cube Integrated Services Router | All versions |
Cisco 892w Integrated Services Router | All versions |
Cisco Cgr 1000 | All versions |
Cisco Cgr 1120 | All versions |
Cisco Cgr 1240 | All versions |
Cisco Ic3000 Industrial Compute Gateway | All versions |
Cisco Ie 4000 16gt4g E Industrial Ethernet Switch | All versions |
Cisco Ie 4000 16t4g E Industrial Ethernet Switch | All versions |
Cisco Ie 4000 4gc4gp4g E Industrial Ethernet Switch | All versions |
Cisco Ie 4000 4gs8gp4g E Industrial Ethernet Switch | All versions |
Cisco Ie 4000 4s8p4g E Industrial Ethernet Switch | All versions |
Cisco Ie 4000 4t4p4g E Industrial Ethernet Switch | All versions |
Cisco Ie 4000 4tc4g E Industrial Ethernet Switch | All versions |
Cisco Ie 4000 8gs4g E Industrial Ethernet Switch | All versions |
Cisco Ie 4000 8gt4g E Industrial Ethernet Switch | All versions |
Cisco Ie 4000 8gt8gp4g E Industrial Ethernet Switch | All versions |
Cisco Ie 4000 8s4g E Industrial Ethernet Switch | All versions |
Cisco Ie 4000 8t4g E Industrial Ethernet Switch | All versions |
Cisco Ie 4010 16s12p Industrial Ethernet Switch | All versions |
Cisco Ie 4010 4s24p Industrial Ethernet Switch | All versions |
Cisco Ir510 Wpan | All versions |
Related CWEs
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
References (4)
Source: psirt@cisco.com
Third Party Advisory
Source: psirt@cisco.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Timeline
No history available yet.