CVE-2022-20855
6.7
Vector
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Exploitability: 0.8 / Impact: 5.9
Source: NVD
Description
A vulnerability in the self-healing functionality of Cisco IOS XE Software for Embedded Wireless Controllers on Catalyst Access Points could allow an authenticated, local attacker to escape the restricted controller shell and execute arbitrary commands on the underlying operating system of the access point. This vulnerability is due to improper checks throughout the restart of certain system processes. An attacker could exploit this vulnerability by logging on to an affected device and executing certain CLI commands. A successful exploit could allow the attacker to execute arbitrary commands on the underlying OS as root. To successfully exploit this vulnerability, an attacker would need valid credentials for a privilege level 15 user of the wireless controller.
Affected (1)
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Version 17.6.1 |
| Running on/with | Platform Versions |
|---|---|
Cisco Catalyst 9105 | All versions |
Cisco Catalyst 9105axi | All versions |
Cisco Catalyst 9105axw | All versions |
Cisco Catalyst 9115 | All versions |
Cisco Catalyst 9115 Ap | All versions |
Cisco Catalyst 9115axe | All versions |
Cisco Catalyst 9115axi | All versions |
Cisco Catalyst 9117 | All versions |
Cisco Catalyst 9117 Ap | All versions |
Cisco Catalyst 9117axi | All versions |
Cisco Catalyst 9120 | All versions |
Cisco Catalyst 9120 Ap | All versions |
Cisco Catalyst 9120axe | All versions |
Cisco Catalyst 9120axi | All versions |
Cisco Catalyst 9120axp | All versions |
Cisco Catalyst 9124 | All versions |
Cisco Catalyst 9124axd | All versions |
Cisco Catalyst 9124axi | All versions |
Cisco Catalyst 9130 | All versions |
Cisco Catalyst 9130 Ap | All versions |
Cisco Catalyst 9130axe | All versions |
Cisco Catalyst 9130axi | All versions |
Cisco Catalyst 9800 | All versions |
Cisco Catalyst 9800 40 | All versions |
Cisco Catalyst 9800 80 | All versions |
Cisco Catalyst 9800 Cl | All versions |
Cisco Catalyst 9800 L | All versions |
Cisco Catalyst 9800 L C | All versions |
Cisco Catalyst 9800 L F | All versions |
Related CWEs
CWE-266
Incorrect Privilege Assignment
A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
References (2)
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ewc-priv-esc-nderYLtK
Source: psirt@cisco.com
Vendor Advisory
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ewc-priv-esc-nderYLtK
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Timeline
No history available yet.