CVE-2022-20677

Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software. For more information about these vulnerabilities, see the Details section of this advisory.

CVSS v3 5.5 MEDIUM
CVSS v2.0 7.2 HIGH

5.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.2 / Impact : 4.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

7.2^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 3.9 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iox-yuXQ6hFj	Vendor Advisory
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iox-yuXQ6hFj	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:cisco:ios:17.6.1:*:*:*:*:*:*:*

OR	cpe:2.3:h:cisco:1100-4g_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:1100-6g_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:1101_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:1109_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:1111x_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:111x_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:1120_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:1131_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:1160_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:4221_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:8101-32fh:-:::::::*
	cpe:2.3:h:cisco:8101-32h:-:::::::*
	cpe:2.3:h:cisco:8102-64h:-:::::::*
	cpe:2.3:h:cisco:8201:-:::::::*
	cpe:2.3:h:cisco:8201-32fh:-:::::::*
	cpe:2.3:h:cisco:8202:-:::::::*
	cpe:2.3:h:cisco:8800:-:::::::*
	cpe:2.3:h:cisco:asr_1001-x:-:::::::*
	cpe:2.3:h:cisco:asr_1002-hx:-:::::::*
	cpe:2.3:h:cisco:asr_1006-x:-:::::::*
	cpe:2.3:h:cisco:asr_1009-x:-:::::::*
	cpe:2.3:h:cisco:asr_900:-:::::::*
	cpe:2.3:h:cisco:asr_9000v-v2:-:::::::*
	cpe:2.3:h:cisco:asr_9001:-:::::::*
	cpe:2.3:h:cisco:asr_9006:-:::::::*
	cpe:2.3:h:cisco:asr_9010:-:::::::*
	cpe:2.3:h:cisco:asr_9901:-:::::::*
	cpe:2.3:h:cisco:asr_9902:-:::::::*
	cpe:2.3:h:cisco:asr_9903:-:::::::*
	cpe:2.3:h:cisco:asr_9904:-:::::::*
	cpe:2.3:h:cisco:asr_9906:-:::::::*
	cpe:2.3:h:cisco:asr_9910:-:::::::*
	cpe:2.3:h:cisco:asr_9912:-:::::::*
	cpe:2.3:h:cisco:asr_9922:-:::::::*
	cpe:2.3:h:cisco:catalyst_3650:-:::::::*
	cpe:2.3:h:cisco:catalyst_3850:-:::::::*
	cpe:2.3:h:cisco:catalyst_8200:-:::::::*
	cpe:2.3:h:cisco:catalyst_8300:-:::::::*
	cpe:2.3:h:cisco:catalyst_8500:-:::::::*
	cpe:2.3:h:cisco:catalyst_8500l:-:::::::*
	cpe:2.3:h:cisco:catalyst_9200:-:::::::*
	cpe:2.3:h:cisco:catalyst_9300:-:::::::*
	cpe:2.3:h:cisco:catalyst_9400:-:::::::*
	cpe:2.3:h:cisco:catalyst_9500:-:::::::*
	cpe:2.3:h:cisco:catalyst_9500h:-:::::::*
	cpe:2.3:h:cisco:catalyst_9600:-:::::::*
	cpe:2.3:h:cisco:catalyst_9800:-:::::::*
	cpe:2.3:h:cisco:catalyst_9800-40:-:::::::*
	cpe:2.3:h:cisco:catalyst_9800-80:-:::::::*
	cpe:2.3:h:cisco:catalyst_9800-cl:-:::::::*
	cpe:2.3:h:cisco:catalyst_9800-l:-:::::::*
	cpe:2.3:h:cisco:catalyst_cg418-e:-:::::::*
	cpe:2.3:h:cisco:catalyst_cg522-e:-:::::::*
	cpe:2.3:h:cisco:catalyst_ess9300:-:::::::*
	cpe:2.3:h:cisco:catalyst_ie3200:-:::::::*
	cpe:2.3:h:cisco:catalyst_ie3300:-:::::::*
	cpe:2.3:h:cisco:catalyst_ie3400:-:::::::*
	cpe:2.3:h:cisco:catalyst_ie9300:-:::::::*
	cpe:2.3:h:cisco:cloud_services_router_1000v:-:::::::*
	cpe:2.3:h:cisco:esr3300:-:::::::*
	cpe:2.3:h:cisco:esr6300:-:::::::*

History

21 Nov 2024, 06:43

Type	Values Removed	Values Added
CVSS	v2 : ~~7.2~~ v3 : ~~6.7~~	v2 : 7.2 v3 : 5.5
References	~~() https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iox-yuXQ6hFj - Vendor Advisory~~	() https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iox-yuXQ6hFj - Vendor Advisory

22 May 2023, 18:57

Type	Values Removed	Values Added
CPE	cpe:2.3:h:cisco:isr_1101:-:::::::* cpe:2.3:h:cisco:isr_1120:-:::::::* cpe:2.3:h:cisco:isr_1111x:-:::::::* cpe:2.3:h:cisco:isr_1100-4g:-:::::::* cpe:2.3:h:cisco:isr_1100-6g:-:::::::* cpe:2.3:h:cisco:isr_1160:-:::::::* cpe:2.3:h:cisco:isr_4221:-:::::::* cpe:2.3:h:cisco:isr_111x:-:::::::* cpe:2.3:h:cisco:isr_1131:-:::::::* cpe:2.3:h:cisco:isr_1109:-:::::::*	cpe:2.3:h:cisco:4221_integrated_services_router:-:::::::* cpe:2.3:h:cisco:1160_integrated_services_router:-:::::::* cpe:2.3:h:cisco:1131_integrated_services_router:-:::::::* cpe:2.3:h:cisco:1109_integrated_services_router:-:::::::* cpe:2.3:h:cisco:1100-6g_integrated_services_router:-:::::::* cpe:2.3:h:cisco:1120_integrated_services_router:-:::::::* cpe:2.3:h:cisco:1111x_integrated_services_router:-:::::::* cpe:2.3:h:cisco:111x_integrated_services_router:-:::::::* cpe:2.3:h:cisco:1101_integrated_services_router:-:::::::* cpe:2.3:h:cisco:1100-4g_integrated_services_router:-:::::::*

25 Apr 2022, 15:06

Type	Values Removed	Values Added
CWE		CWE-326
References	~~(CISCO) https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iox-yuXQ6hFj -~~	(CISCO) https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iox-yuXQ6hFj - Vendor Advisory
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : 7.2 v3 : 6.7
CPE		cpe:2.3:h:cisco:catalyst_ie3200:-:::::::* cpe:2.3:h:cisco:isr_1100-4g:-:::::::* cpe:2.3:h:cisco:catalyst_cg418-e:-:::::::* cpe:2.3:h:cisco:8201-32fh:-:::::::* cpe:2.3:h:cisco:catalyst_8500l:-:::::::* cpe:2.3:h:cisco:catalyst_9800:-:::::::* cpe:2.3:h:cisco:asr_9912:-:::::::* cpe:2.3:h:cisco:catalyst_9800-l:-:::::::* cpe:2.3:h:cisco:8202:-:::::::* cpe:2.3:h:cisco:catalyst_9800-cl:-:::::::* cpe:2.3:h:cisco:isr_1111x:-:::::::* cpe:2.3:h:cisco:asr_9910:-:::::::* cpe:2.3:h:cisco:catalyst_9200:-:::::::* cpe:2.3:h:cisco:8102-64h:-:::::::* cpe:2.3:h:cisco:asr_9001:-:::::::* cpe:2.3:h:cisco:cloud_services_router_1000v:-:::::::* cpe:2.3:h:cisco:asr_1009-x:-:::::::* cpe:2.3:h:cisco:catalyst_9300:-:::::::* cpe:2.3:h:cisco:8101-32h:-:::::::* cpe:2.3:h:cisco:esr6300:-:::::::* cpe:2.3:h:cisco:catalyst_9500:-:::::::* cpe:2.3:h:cisco:catalyst_9500h:-:::::::* cpe:2.3:h:cisco:asr_1001-x:-:::::::* cpe:2.3:h:cisco:catalyst_ie3300:-:::::::* cpe:2.3:h:cisco:8101-32fh:-:::::::* cpe:2.3:h:cisco:asr_9902:-:::::::* cpe:2.3:h:cisco:catalyst_9600:-:::::::* cpe:2.3:h:cisco:isr_1101:-:::::::* cpe:2.3:h:cisco:isr_1109:-:::::::* cpe:2.3:h:cisco:asr_900:-:::::::* cpe:2.3:h:cisco:catalyst_8300:-:::::::* cpe:2.3:h:cisco:esr3300:-:::::::* cpe:2.3:h:cisco:asr_1006-x:-:::::::* cpe:2.3:h:cisco:catalyst_8500:-:::::::* cpe:2.3:h:cisco:catalyst_ie9300:-:::::::* cpe:2.3:h:cisco:isr_1160:-:::::::* cpe:2.3:h:cisco:asr_1002-hx:-:::::::* cpe:2.3:h:cisco:catalyst_9400:-:::::::* cpe:2.3:h:cisco:isr_1120:-:::::::* cpe:2.3:h:cisco:asr_9901:-:::::::* cpe:2.3:h:cisco:8201:-:::::::* cpe:2.3:h:cisco:asr_9000v-v2:-:::::::* cpe:2.3:h:cisco:isr_1131:-:::::::* cpe:2.3:o:cisco:ios:17.6.1:::::::* cpe:2.3:h:cisco:8800:-:::::::* cpe:2.3:h:cisco:isr_111x:-:::::::* cpe:2.3:h:cisco:asr_9906:-:::::::* cpe:2.3:h:cisco:asr_9010:-:::::::* cpe:2.3:h:cisco:catalyst_8200:-:::::::* cpe:2.3:h:cisco:catalyst_3650:-:::::::* cpe:2.3:h:cisco:catalyst_ie3400:-:::::::* cpe:2.3:h:cisco:asr_9922:-:::::::* cpe:2.3:h:cisco:catalyst_cg522-e:-:::::::* cpe:2.3:h:cisco:isr_4221:-:::::::* cpe:2.3:h:cisco:asr_9006:-:::::::* cpe:2.3:h:cisco:catalyst_ess9300:-:::::::* cpe:2.3:h:cisco:asr_9903:-:::::::* cpe:2.3:h:cisco:catalyst_3850:-:::::::* cpe:2.3:h:cisco:catalyst_9800-40:-:::::::* cpe:2.3:h:cisco:asr_9904:-:::::::* cpe:2.3:h:cisco:isr_1100-6g:-:::::::* cpe:2.3:h:cisco:catalyst_9800-80:-:::::::*

15 Apr 2022, 15:22

Type	Values Removed	Values Added
New CVE

Information

Published : 2022-04-15 15:15

Updated : 2024-11-21 06:43

NVD link : CVE-2022-20677

Mitre link : CVE-2022-20677

CVE.ORG link : CVE-2022-20677

JSON object : View

Products Affected

cisco

catalyst_8500l
esr6300
asr_1009-x
catalyst_cg522-e
catalyst_ie3300
1160_integrated_services_router
esr3300
catalyst_9400
catalyst_9800-80
catalyst_9800-40
111x_integrated_services_router
asr_9010
catalyst_3850
asr_9001
catalyst_9800-l
asr_900
catalyst_ie3200
asr_9901
8201-32fh
asr_9903
catalyst_9300
asr_9904
1120_integrated_services_router
1131_integrated_services_router
asr_1002-hx
catalyst_8500
catalyst_9800
catalyst_9800-cl
8202
asr_9906
catalyst_9200
asr_9902
catalyst_ess9300
asr_9910
catalyst_8300
asr_1001-x
catalyst_3650
catalyst_9500h
catalyst_ie9300
asr_9006
4221_integrated_services_router
ios
1109_integrated_services_router
asr_9000v-v2
1101_integrated_services_router
catalyst_9600
8800
8101-32fh
8102-64h
1100-6g_integrated_services_router
catalyst_cg418-e
asr_9922
8101-32h
asr_9912
catalyst_9500
cloud_services_router_1000v
asr_1006-x
8201
catalyst_ie3400
1111x_integrated_services_router
1100-4g_integrated_services_router
catalyst_8200

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CWE-326

Inadequate Encryption Strength

5.5 /10