7.9
CVE-2022-20855
- EPSS 0.18%
- Veröffentlicht 30.09.2022 19:15:12
- Zuletzt bearbeitet 21.11.2024 06:43:41
- Quelle psirt@cisco.com
- Teams Watchlist Login
- Unerledigt Login
A vulnerability in the self-healing functionality of Cisco IOS XE Software for Embedded Wireless Controllers on Catalyst Access Points could allow an authenticated, local attacker to escape the restricted controller shell and execute arbitrary commands on the underlying operating system of the access point. This vulnerability is due to improper checks throughout the restart of certain system processes. An attacker could exploit this vulnerability by logging on to an affected device and executing certain CLI commands. A successful exploit could allow the attacker to execute arbitrary commands on the underlying OS as root. To successfully exploit this vulnerability, an attacker would need valid credentials for a privilege level 15 user of the wireless controller.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Cisco ≫ Ios Xe Version17.6.1
Cisco ≫ Catalyst 9105 Version-
Cisco ≫ Catalyst 9105axi Version-
Cisco ≫ Catalyst 9105axw Version-
Cisco ≫ Catalyst 9115 Version-
Cisco ≫ Catalyst 9115 Ap Version-
Cisco ≫ Catalyst 9115axe Version-
Cisco ≫ Catalyst 9115axi Version-
Cisco ≫ Catalyst 9117 Version-
Cisco ≫ Catalyst 9117 Ap Version-
Cisco ≫ Catalyst 9117axi Version-
Cisco ≫ Catalyst 9120 Version-
Cisco ≫ Catalyst 9120 Ap Version-
Cisco ≫ Catalyst 9120axe Version-
Cisco ≫ Catalyst 9120axi Version-
Cisco ≫ Catalyst 9120axp Version-
Cisco ≫ Catalyst 9124 Version-
Cisco ≫ Catalyst 9124axd Version-
Cisco ≫ Catalyst 9124axi Version-
Cisco ≫ Catalyst 9130 Version-
Cisco ≫ Catalyst 9130 Ap Version-
Cisco ≫ Catalyst 9130axe Version-
Cisco ≫ Catalyst 9130axi Version-
Cisco ≫ Catalyst 9800 Version-
Cisco ≫ Catalyst 9800-40 Version-
Cisco ≫ Catalyst 9800-80 Version-
Cisco ≫ Catalyst 9800-cl Version-
Cisco ≫ Catalyst 9800-l Version-
Cisco ≫ Catalyst 9800-l-c Version-
Cisco ≫ Catalyst 9800-l-f Version-
Cisco ≫ Catalyst 9105axi Version-
Cisco ≫ Catalyst 9105axw Version-
Cisco ≫ Catalyst 9115 Version-
Cisco ≫ Catalyst 9115 Ap Version-
Cisco ≫ Catalyst 9115axe Version-
Cisco ≫ Catalyst 9115axi Version-
Cisco ≫ Catalyst 9117 Version-
Cisco ≫ Catalyst 9117 Ap Version-
Cisco ≫ Catalyst 9117axi Version-
Cisco ≫ Catalyst 9120 Version-
Cisco ≫ Catalyst 9120 Ap Version-
Cisco ≫ Catalyst 9120axe Version-
Cisco ≫ Catalyst 9120axi Version-
Cisco ≫ Catalyst 9120axp Version-
Cisco ≫ Catalyst 9124 Version-
Cisco ≫ Catalyst 9124axd Version-
Cisco ≫ Catalyst 9124axi Version-
Cisco ≫ Catalyst 9130 Version-
Cisco ≫ Catalyst 9130 Ap Version-
Cisco ≫ Catalyst 9130axe Version-
Cisco ≫ Catalyst 9130axi Version-
Cisco ≫ Catalyst 9800 Version-
Cisco ≫ Catalyst 9800-40 Version-
Cisco ≫ Catalyst 9800-80 Version-
Cisco ≫ Catalyst 9800-cl Version-
Cisco ≫ Catalyst 9800-l Version-
Cisco ≫ Catalyst 9800-l-c Version-
Cisco ≫ Catalyst 9800-l-f Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.18% | 0.403 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.7 | 0.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
|
| psirt@cisco.com | 7.9 | 1.5 | 5.8 |
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N
|
CWE-266 Incorrect Privilege Assignment
A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.