← Back

CVE-2022-20727

nvd nist
Published: Apr 15, 2022Modified: Nov 21, 2024

JSON object

Loading...
6.7
Vector
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Exploitability: 0.8 / Impact: 5.9
Source: NVD

Description

Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software. For more information about these vulnerabilities, see the Details section of this advisory.

Affected (214)

Cisco
5 products
Cgr1000 Compute Module
Ic3000 Industrial Compute Gateway
Ios
Ios Xe
Ir510 Operating System
Configuration A
214 vulnerable
Vulnerable SoftwareAffected Versions
Cgr1000 Compute Module
Before 1.15.0.1
Ic3000 Industrial Compute Gateway
Before 1.4.1
Cisco
Ios
Version 15.2(5)e1
Ios
Version 15.2(6)e0a
Ios
Version 15.2(6)e1
Ios
Version 15.2(6)e2a
Ios
Version 15.2(7)e0b
Ios
Version 15.2(7)e0s
Ios
Version 15.2(7)e
Ios
Version 15.6(1)t1
Ios
Version 15.6(1)t2
Ios
Version 15.6(1)t3
Ios
Version 15.6(2)t0a
Ios
Version 15.6(2)t1
Ios
Version 15.6(2)t2
Ios
Version 15.6(2)t3
Ios
Version 15.6(2)t
Ios
Version 15.6(3)m0a
Ios
Version 15.6(3)m1
Ios
Version 15.6(3)m1a
Ios
Version 15.6(3)m1b
Ios
Version 15.6(3)m2
Ios
Version 15.6(3)m2a
Ios
Version 15.6(3)m3
Ios
Version 15.6(3)m3a
Ios
Version 15.6(3)m4
Ios
Version 15.6(3)m5
Ios
Version 15.6(3)m6
Ios
Version 15.6(3)m6a
Ios
Version 15.6(3)m6b
Ios
Version 15.6(3)m7
Ios
Version 15.6(3)m8
Ios
Version 15.6(3)m9
Ios
Version 15.6(3)m
Ios
Version 15.7(3)m0a
Ios
Version 15.7(3)m1
Ios
Version 15.7(3)m2
Ios
Version 15.7(3)m3
Ios
Version 15.7(3)m4
Ios
Version 15.7(3)m4a
Ios
Version 15.7(3)m4b
Ios
Version 15.7(3)m5
Ios
Version 15.7(3)m6
Ios
Version 15.7(3)m7
Ios
Version 15.7(3)m8
Ios
Version 15.7(3)m9
Ios
Version 15.7(3)m
Ios
Version 15.8(3)m0a
Ios
Version 15.8(3)m0b
Ios
Version 15.8(3)m1
Ios
Version 15.8(3)m1a
Ios
Version 15.8(3)m2
Ios
Version 15.8(3)m2a
Ios
Version 15.8(3)m3
Ios
Version 15.8(3)m3a
Ios
Version 15.8(3)m3b
Ios
Version 15.8(3)m4
Ios
Version 15.8(3)m5
Ios
Version 15.8(3)m6
Ios
Version 15.8(3)m7
Ios
Version 15.8(3)m
Ios
Version 15.9(3)m0a
Ios
Version 15.9(3)m1
Ios
Version 15.9(3)m2
Ios
Version 15.9(3)m2a
Ios
Version 15.9(3)m3
Ios
Version 15.9(3)m3a
Ios
Version 15.9(3)m3b
Ios
Version 15.9(3)m4
Ios
Version 15.9(3)m4a
Ios
Version 15.9(3)m
Cisco
Ios Xe
Version 16.10.1
Ios Xe
Version 16.10.1a
Ios Xe
Version 16.10.1b
Ios Xe
Version 16.10.1c
Ios Xe
Version 16.10.1d
Ios Xe
Version 16.10.1e
Ios Xe
Version 16.10.1f
Ios Xe
Version 16.10.1g
Ios Xe
Version 16.10.1s
Ios Xe
Version 16.10.2
Ios Xe
Version 16.10.3
Ios Xe
Version 16.11.1
Ios Xe
Version 16.11.1a
Ios Xe
Version 16.11.1b
Ios Xe
Version 16.11.1c
Ios Xe
Version 16.11.1s
Ios Xe
Version 16.11.2
Ios Xe
Version 16.12.1
Ios Xe
Version 16.12.1a
Ios Xe
Version 16.12.1c
Ios Xe
Version 16.12.1s
Ios Xe
Version 16.12.1t
Ios Xe
Version 16.12.1w
Ios Xe
Version 16.12.1x
Ios Xe
Version 16.12.1y
Ios Xe
Version 16.12.2
Ios Xe
Version 16.12.2a
Ios Xe
Version 16.12.2s
Ios Xe
Version 16.12.2t
Ios Xe
Version 16.12.3
Ios Xe
Version 16.12.3a
Ios Xe
Version 16.12.3s
Ios Xe
Version 16.12.4
Ios Xe
Version 16.12.4a
Ios Xe
Version 16.12.5
Ios Xe
Version 16.12.5a
Ios Xe
Version 16.3.10
Ios Xe
Version 16.3.11
Ios Xe
Version 16.3.1
Ios Xe
Version 16.3.1a
Ios Xe
Version 16.3.2
Ios Xe
Version 16.3.3
Ios Xe
Version 16.3.4
Ios Xe
Version 16.3.5
Ios Xe
Version 16.3.5b
Ios Xe
Version 16.3.6
Ios Xe
Version 16.3.7
Ios Xe
Version 16.3.8
Ios Xe
Version 16.3.9
Ios Xe
Version 16.4.1
Ios Xe
Version 16.4.2
Ios Xe
Version 16.4.3
Ios Xe
Version 16.5.1
Ios Xe
Version 16.5.1a
Ios Xe
Version 16.5.1b
Ios Xe
Version 16.5.2
Ios Xe
Version 16.5.3
Ios Xe
Version 16.6.10
Ios Xe
Version 16.6.1
Ios Xe
Version 16.6.2
Ios Xe
Version 16.6.3
Ios Xe
Version 16.6.4
Ios Xe
Version 16.6.4a
Ios Xe
Version 16.6.4s
Ios Xe
Version 16.6.5
Ios Xe
Version 16.6.5a
Ios Xe
Version 16.6.5b
Ios Xe
Version 16.6.6
Ios Xe
Version 16.6.7
Ios Xe
Version 16.6.7a
Ios Xe
Version 16.6.8
Ios Xe
Version 16.6.9
Ios Xe
Version 16.7.1
Ios Xe
Version 16.7.1a
Ios Xe
Version 16.7.1b
Ios Xe
Version 16.7.2
Ios Xe
Version 16.7.3
Ios Xe
Version 16.7.4
Ios Xe
Version 16.8.1
Ios Xe
Version 16.8.1a
Ios Xe
Version 16.8.1b
Ios Xe
Version 16.8.1c
Ios Xe
Version 16.8.1d
Ios Xe
Version 16.8.1e
Ios Xe
Version 16.8.1s
Ios Xe
Version 16.8.2
Ios Xe
Version 16.8.3
Ios Xe
Version 16.9.1
Ios Xe
Version 16.9.1a
Ios Xe
Version 16.9.1b
Ios Xe
Version 16.9.1c
Ios Xe
Version 16.9.1d
Ios Xe
Version 16.9.1s
Ios Xe
Version 16.9.2
Ios Xe
Version 16.9.2a
Ios Xe
Version 16.9.2s
Ios Xe
Version 16.9.3
Ios Xe
Version 16.9.3a
Ios Xe
Version 16.9.3h
Ios Xe
Version 16.9.3s
Ios Xe
Version 16.9.4
Ios Xe
Version 16.9.4c
Ios Xe
Version 16.9.5
Ios Xe
Version 16.9.5f
Ios Xe
Version 16.9.6
Ios Xe
Version 16.9.7
Ios Xe
Version 16.9.8
Ios Xe
Version 17.1.1
Ios Xe
Version 17.1.1a
Ios Xe
Version 17.1.1s
Ios Xe
Version 17.1.1t
Ios Xe
Version 17.1.2
Ios Xe
Version 17.1.3
Ios Xe
Version 17.2.1
Ios Xe
Version 17.2.1a
Ios Xe
Version 17.2.1r
Ios Xe
Version 17.2.1v
Ios Xe
Version 17.2.2
Ios Xe
Version 17.2.3
Ios Xe
Version 17.3.1
Ios Xe
Version 17.3.1a
Ios Xe
Version 17.3.1w
Ios Xe
Version 17.3.1x
Ios Xe
Version 17.3.1z
Ios Xe
Version 17.3.2
Ios Xe
Version 17.3.2a
Ios Xe
Version 17.3.3
Ios Xe
Version 17.3.3a
Ios Xe
Version 17.3.4
Ios Xe
Version 17.3.4a
Ios Xe
Version 17.3.4b
Ios Xe
Version 17.3.4c
Ios Xe
Version 17.4.1
Ios Xe
Version 17.4.1a
Ios Xe
Version 17.4.1b
Ios Xe
Version 17.4.1c
Ios Xe
Version 17.4.2
Ios Xe
Version 17.4.2a
Ios Xe
Version 17.5.1
Ios Xe
Version 17.5.1a
Ios Xe
Version 17.6.1
Ios Xe
Version 17.6.1a
Ir510 Operating System
Before 6.5.9

Related CWEs

CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

References (2)

Source: psirt@cisco.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.