A vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated, remote attacker to perform an injection attack against an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted input to the web UI API. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with root privileges. To exploit this vulnerability, an attacker must have valid Administrator privileges on the affected device.
References
| Link | Resource |
|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webui-cmdinj-Gje47EMn | Vendor Advisory |
Configurations
Configuration 1 (hide)
| AND |
|
History
22 May 2023, 18:57
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:h:cisco:isr_1101:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:isr_1111x-8p:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:isr_4351:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:isr_1000:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:isr_1109-4p:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:isr_1109:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:isr_1100:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:isr_4321:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:isr_4000:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:isr_1160:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:isr_4331:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:isr_1109-2p:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:isr_1120:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:isr_1111x:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:isr_1100-6g:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:isr_4221:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:isr_4451-x:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:isr_1131:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:isr_111x:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:isr_4461:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:isr_1100-4g:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:isr_1100-4p:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:isr_4431:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:isr_1101-4p:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:isr_4451:-:*:*:*:*:*:*:* |
cpe:2.3:h:cisco:4451_integrated_services_router:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:1131_integrated_services_router:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:4331_integrated_services_router:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:1120_integrated_services_router:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:1109-2p_integrated_services_router:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:4431_integrated_services_router:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:1100-8p_integrated_services_router:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:4221_integrated_services_router:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:1160_integrated_services_router:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:1101-4p_integrated_services_router:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:4461_integrated_services_router:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:1111x_integrated_services_router:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:111x_integrated_services_router:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:1111x-8p_integrated_services_router:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:4000_integrated_services_router:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:1100-4g_integrated_services_router:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:1100_integrated_services_router:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:1109_integrated_services_router:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:1100-6g_integrated_services_router:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:1000_integrated_services_router:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:4451-x_integrated_services_router:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:1109-4p_integrated_services_router:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:4321_integrated_services_router:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:1100-4p_integrated_services_router:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:4351_integrated_services_router:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:1101_integrated_services_router:-:*:*:*:*:*:*:* |
27 Oct 2022, 15:47
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2022-09-30 19:15
Updated : 2024-02-04 22:51
NVD link : CVE-2022-20851
Mitre link : CVE-2022-20851
CVE.ORG link : CVE-2022-20851
JSON object : View
Products Affected
cisco
- 4351_integrated_services_router
- 8804
- catalyst_3650-48ts-s
- 1000_integrated_services_router
- 4461_integrated_services_router
- catalyst_3650-12x48fd-e
- catalyst_3850-32xs-e
- catalyst_9300-24s-a
- catalyst_9400_supervisor_engine-1
- catalyst_3650-48fqm-e
- catalyst_9300l-48p-4g-e
- catalyst_9300lm
- catalyst_3650-48fq
- catalyst_9300-48t-e
- catalyst_9300
- asr_1004
- catalyst_3650-24pdm-e
- catalyst_3850-48p-s
- catalyst_3650-12x48uz
- catalyst_3650-48ps-s
- catalyst_3650-48pd-l
- catalyst_9300l-24t-4g-e
- catalyst_3650-24ts-l
- catalyst_3650-24ts-s
- catalyst_8200
- catalyst_9300-24s-e
- 1109_integrated_services_router
- asr_1002_fixed_router
- catalyst_9300l-24p-4g-a
- catalyst_3850-48u-e
- catalyst_3650-24pd-s
- catalyst_3650-48fd-s
- catalyst_3850-12x48u
- catalyst_3650-48pq-l
- catalyst_3850-24p-s
- catalyst_3850
- catalyst_3850-48xs-f-s
- catalyst_9410r
- catalyst_9300l-24t-4x-e
- catalyst_3650-12x48uq
- catalyst_3650-24ps-s
- catalyst_3650-48pq-s
- catalyst_3850-24u
- catalyst_8510csr
- catalyst_3850-48f-l
- catalyst_9300l
- catalyst_3650-12x48uz-l
- catalyst_3650-24pd
- catalyst_3650-24pdm-s
- catalyst_3850-48p-e
- catalyst_9300-24p-e
- catalyst_3850-24pw-s
- catalyst_3850-48f-s
- catalyst_3650-48tq-e
- catalyst_3650-12x48uq-l
- asr_1001-hx
- catalyst_3650-12x48uz-s
- catalyst_3650-8x24uq-l
- catalyst_3850-16xs-e
- catalyst_9500h
- catalyst_9800-80
- 8808
- catalyst_9300l-48t-4g-a
- catalyst_3650-48fqm-s
- catalyst_9800-l-c
- 8800_12-slot
- catalyst_9300-48p-e
- catalyst_8540csr
- catalyst_3650-48fs-l
- 1100-6g_integrated_services_router
- asr_1002-x_r
- 8800_4-slot
- catalyst_3650-48pd-s
- catalyst_3850-48xs-e
- catalyst_3650-48pq-e
- catalyst_9800-40
- asr_1013
- catalyst_9800-cl
- catalyst_9300-24u-e
- catalyst_9407r
- catalyst_3650-48ps-l
- catalyst_3650-48td-s
- catalyst_9200l
- catalyst_9300l-24t-4g-a
- catalyst_8540msr
- catalyst_9200
- 4331_integrated_services_router
- catalyst_3850-48pw-s
- 4431_integrated_services_router
- catalyst_8300-1n1s-4t2x
- catalyst_3850-24xu-s
- asr_1006-x
- catalyst_3850-12xs-s
- 8201
- catalyst_3650-48fq-e
- catalyst_3650-48fs-e
- catalyst_3850-12s-s
- 1109-4p_integrated_services_router
- catalyst_9300-48uxm-a
- catalyst_3850-24xs-e
- asr_1002-hx
- catalyst_9200cx
- 8800_8-slot
- catalyst_8300-1n1s-6t
- ios_xe
- asr_1006
- asr_1001
- catalyst_8500-4qc
- catalyst_9300-48u-e
- catalyst_9300-48un-a
- catalyst_9300l-48t-4g-e
- 1109-2p_integrated_services_router
- catalyst_3650-12x48uz-e
- catalyst_3850-24u-l
- catalyst_8300-2n2s-4t2x
- catalyst_3650-12x48uq-s
- catalyst_3650-48ts-l
- catalyst_3850-48f-e
- 8101-32h
- catalyst_3650-48fd-e
- catalyst_9300l-24p-4x-e
- catalyst_8510msr
- catalyst_8300
- 4451-x_integrated_services_router
- 1100-4g_integrated_services_router
- catalyst_3850-48t-l
- 8800_18-slot
- catalyst_3650
- catalyst_9600x
- 8202
- catalyst_3850-24s-e
- catalyst_3850-nm-2-40g
- catalyst_9300-48uxm-e
- catalyst_9800
- catalyst_3650-8x24pd-s
- 8101-32fh
- catalyst_3850-12s-e
- catalyst_9800-l-f
- catalyst_9300-48t-a
- catalyst_9300-48un-e
- catalyst_3650-12x48fd-s
- catalyst_3650-48fq-l
- 4451_integrated_services_router
- catalyst_3850-24s-s
- catalyst_3850-24u-e
- catalyst_9400
- catalyst_3650-12x48ur-l
- catalyst_3650-48fq-s
- catalyst_8300-2n2s-6t
- catalyst_3650-8x24uq
- catalyst_3850-48xs-s
- asr_1002
- catalyst_9300l-48p-4x-e
- catalyst_3850-48u-l
- 8812
- asr_1002-x
- 8831
- catalyst_3650-12x48ur-e
- 1101_integrated_services_router
- catalyst_9300-24ux-a
- catalyst_3650-24ts-e
- catalyst_9300-48s-a
- catalyst_9300l-24p-4g-e
- catalyst_3850-24xu-e
- catalyst_9300-48u-a
- catalyst_9300l-48t-4x-a
- catalyst_3650-24td-s
- catalyst_3850-48p-l
- catalyst_3650-48td-l
- asr_1023
- catalyst_3650-24pdm
- catalyst_3650-48tq-l
- catalyst_9500
- catalyst_9300-48p-a
- catalyst_3850-24t-s
- catalyst_3650-8x24pd-l
- catalyst_3650-24td-l
- catalyst_3850-48t-s
- 8201-32fh
- catalyst_9300-48s-e
- catalyst_3650-12x48ur
- catalyst_3650-24ps-e
- catalyst_9300l_stack
- catalyst_3850-48t-e
- 1120_integrated_services_router
- catalyst_3850-24p-l
- asr_1001-hx_r
- catalyst_3650-48pd-e
- catalyst_9600_supervisor_engine-1
- asr_1009-x
- catalyst_3850-24xu
- 1111x_integrated_services_router
- 4000_integrated_services_router
- catalyst_3650-48tq-s
- catalyst_3650-8x24pd-e
- catalyst_3850-24p-e
- catalyst_9300-24ux-e
- catalyst_3650-24ps-l
- catalyst_3850-24xs
- catalyst_9300l-48p-4g-a
- catalyst_9300l-48p-4x-a
- catalyst_3650-24pd-e
- catalyst_3650-8x24uq-e
- catalyst_3850-24t-l
- asr_1000-x
- catalyst_3650-48td-e
- catalyst_3650-12x48uq-e
- catalyst_3850-24t-e
- catalyst_3850-48xs-f-e
- catalyst_8500
- catalyst_8500l
- 1100-8p_integrated_services_router
- catalyst_3650-24td-e
- catalyst_3850-48xs
- catalyst_3650-8x24uq-s
- catalyst_3650-48ps-e
- catalyst_9300l-48t-4x-e
- asr_1001-x
- catalyst_3650-48fs-s
- 1100_integrated_services_router
- catalyst_3650-48fqm
- catalyst_3650-48fqm-l
- catalyst_3850-16xs-s
- catalyst_9300-24t-a
- catalyst_9300l-24p-4x-a
- catalyst_3850-nm-8-10g
- 1160_integrated_services_router
- 1111x-8p_integrated_services_router
- 1100-4p_integrated_services_router
- catalyst_9300-24u-a
- 1101-4p_integrated_services_router
- 4221_integrated_services_router
- catalyst_3650-48ts-e
- catalyst_3650-48fd-l
- catalyst_3650-24pd-l
- catalyst_3650-12x48ur-s
- catalyst_3850-24xu-l
- 8818
- asr_1002-hx_r
- catalyst_3650-12x48fd-l
- 8102-64h
- asr_1001-x_r
- 4321_integrated_services_router
- catalyst_3850-32xs-s
- catalyst_9300x
- 1131_integrated_services_router
- catalyst_3650-24pdm-l
- catalyst_3850-24u-s
- catalyst_9300l-24t-4x-a
- catalyst_9300-24t-e
- 111x_integrated_services_router
- catalyst_3850-48u
- catalyst_9300-24p-a
- catalyst_9600
- catalyst_3850-48u-s
- catalyst_3850-24xs-s
- catalyst_9800-l
- catalyst_3850-12xs-e
- asr_1000-esp100