7.2
CVE-2022-20677
- EPSS 0.16%
- Published 15.04.2022 15:15:12
- Last modified 21.11.2024 06:43:17
- Source psirt@cisco.com
- Teams watchlist Login
- Open Login
Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software. For more information about these vulnerabilities, see the Details section of this advisory.
Data is provided by the National Vulnerability Database (NVD)
Cisco ≫ Ios Version17.6.1
Cisco ≫ 1100-4g Integrated Services Router Version-
Cisco ≫ 1100-6g Integrated Services Router Version-
Cisco ≫ 1101 Integrated Services Router Version-
Cisco ≫ 1109 Integrated Services Router Version-
Cisco ≫ 1111x Integrated Services Router Version-
Cisco ≫ 111x Integrated Services Router Version-
Cisco ≫ 1120 Integrated Services Router Version-
Cisco ≫ 1131 Integrated Services Router Version-
Cisco ≫ 1160 Integrated Services Router Version-
Cisco ≫ 4221 Integrated Services Router Version-
Cisco ≫ 8101-32fh Version-
Cisco ≫ 8101-32h Version-
Cisco ≫ 8102-64h Version-
Cisco ≫ 8201 Version-
Cisco ≫ 8201-32fh Version-
Cisco ≫ 8202 Version-
Cisco ≫ 8800 Version-
Cisco ≫ Asr 1001-x Version-
Cisco ≫ Asr 1002-hx Version-
Cisco ≫ Asr 1006-x Version-
Cisco ≫ Asr 1009-x Version-
Cisco ≫ Asr 900 Version-
Cisco ≫ Asr 9000v-v2 Version-
Cisco ≫ Asr 9001 Version-
Cisco ≫ Asr 9006 Version-
Cisco ≫ Asr 9010 Version-
Cisco ≫ Asr 9901 Version-
Cisco ≫ Asr 9902 Version-
Cisco ≫ Asr 9903 Version-
Cisco ≫ Asr 9904 Version-
Cisco ≫ Asr 9906 Version-
Cisco ≫ Asr 9910 Version-
Cisco ≫ Asr 9912 Version-
Cisco ≫ Asr 9922 Version-
Cisco ≫ Catalyst 3650 Version-
Cisco ≫ Catalyst 3850 Version-
Cisco ≫ Catalyst 8200 Version-
Cisco ≫ Catalyst 8300 Version-
Cisco ≫ Catalyst 8500 Version-
Cisco ≫ Catalyst 8500l Version-
Cisco ≫ Catalyst 9200 Version-
Cisco ≫ Catalyst 9300 Version-
Cisco ≫ Catalyst 9400 Version-
Cisco ≫ Catalyst 9500 Version-
Cisco ≫ Catalyst 9500h Version-
Cisco ≫ Catalyst 9600 Version-
Cisco ≫ Catalyst 9800 Version-
Cisco ≫ Catalyst 9800-40 Version-
Cisco ≫ Catalyst 9800-80 Version-
Cisco ≫ Catalyst 9800-cl Version-
Cisco ≫ Catalyst 9800-l Version-
Cisco ≫ Catalyst Cg418-e Version-
Cisco ≫ Catalyst Cg522-e Version-
Cisco ≫ Catalyst Ess9300 Version-
Cisco ≫ Catalyst Ie3200 Version-
Cisco ≫ Catalyst Ie3300 Version-
Cisco ≫ Catalyst Ie3400 Version-
Cisco ≫ Catalyst Ie9300 Version-
Cisco ≫ Cloud Services Router 1000v Version-
Cisco ≫ Esr3300 Version-
Cisco ≫ Esr6300 Version-
Cisco ≫ 1100-6g Integrated Services Router Version-
Cisco ≫ 1101 Integrated Services Router Version-
Cisco ≫ 1109 Integrated Services Router Version-
Cisco ≫ 1111x Integrated Services Router Version-
Cisco ≫ 111x Integrated Services Router Version-
Cisco ≫ 1120 Integrated Services Router Version-
Cisco ≫ 1131 Integrated Services Router Version-
Cisco ≫ 1160 Integrated Services Router Version-
Cisco ≫ 4221 Integrated Services Router Version-
Cisco ≫ 8101-32fh Version-
Cisco ≫ 8101-32h Version-
Cisco ≫ 8102-64h Version-
Cisco ≫ 8201 Version-
Cisco ≫ 8201-32fh Version-
Cisco ≫ 8202 Version-
Cisco ≫ 8800 Version-
Cisco ≫ Asr 1001-x Version-
Cisco ≫ Asr 1002-hx Version-
Cisco ≫ Asr 1006-x Version-
Cisco ≫ Asr 1009-x Version-
Cisco ≫ Asr 900 Version-
Cisco ≫ Asr 9000v-v2 Version-
Cisco ≫ Asr 9001 Version-
Cisco ≫ Asr 9006 Version-
Cisco ≫ Asr 9010 Version-
Cisco ≫ Asr 9901 Version-
Cisco ≫ Asr 9902 Version-
Cisco ≫ Asr 9903 Version-
Cisco ≫ Asr 9904 Version-
Cisco ≫ Asr 9906 Version-
Cisco ≫ Asr 9910 Version-
Cisco ≫ Asr 9912 Version-
Cisco ≫ Asr 9922 Version-
Cisco ≫ Catalyst 3650 Version-
Cisco ≫ Catalyst 3850 Version-
Cisco ≫ Catalyst 8200 Version-
Cisco ≫ Catalyst 8300 Version-
Cisco ≫ Catalyst 8500 Version-
Cisco ≫ Catalyst 8500l Version-
Cisco ≫ Catalyst 9200 Version-
Cisco ≫ Catalyst 9300 Version-
Cisco ≫ Catalyst 9400 Version-
Cisco ≫ Catalyst 9500 Version-
Cisco ≫ Catalyst 9500h Version-
Cisco ≫ Catalyst 9600 Version-
Cisco ≫ Catalyst 9800 Version-
Cisco ≫ Catalyst 9800-40 Version-
Cisco ≫ Catalyst 9800-80 Version-
Cisco ≫ Catalyst 9800-cl Version-
Cisco ≫ Catalyst 9800-l Version-
Cisco ≫ Catalyst Cg418-e Version-
Cisco ≫ Catalyst Cg522-e Version-
Cisco ≫ Catalyst Ess9300 Version-
Cisco ≫ Catalyst Ie3200 Version-
Cisco ≫ Catalyst Ie3300 Version-
Cisco ≫ Catalyst Ie3400 Version-
Cisco ≫ Catalyst Ie9300 Version-
Cisco ≫ Cloud Services Router 1000v Version-
Cisco ≫ Esr3300 Version-
Cisco ≫ Esr6300 Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.16% | 0.375 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 6.7 | 0.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 7.2 | 3.9 | 10 |
AV:L/AC:L/Au:N/C:C/I:C/A:C
|
| psirt@cisco.com | 5.5 | 1.2 | 4.2 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:N
|
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
CWE-326 Inadequate Encryption Strength
The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.