Versio.io

CVE-2022-20650

Common vulnerabilities & exposures (CVE)

CVE databaseCVE database blogpostRelease & EoL database
 
Published at: - 23-02-2022 07:15
Last modified: - 08-03-2022 05:04
Total changes: - 3

Description

A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an authenticated, remote attacker to execute arbitrary commands with root privileges. The vulnerability is due to insufficient input validation of user supplied data that is sent to the NX-API. An attacker could exploit this vulnerability by sending a crafted HTTP POST request to the NX-API of an affected device. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the underlying operating system. Note: The NX-API feature is disabled by default.

Common Vulnerability Scoring System (CVSS)

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Low
Attack complexity
Network
Attack vector
High
Availability
High
Confidentiality
High
Integrity
Low
Privileges required
Unchanged
Scope
None
User interaction
8.8
Base score
2.8
5.9
Exploitability score
Impact score
 

Verification logic

OR
AND
OR
vendor=cisco AND product=nx-os AND version=10.2\(1.72\)
OR
vendor=cisco AND product=n9k-c9316d-gx AND version=-
vendor=cisco AND product=n9k-c9332d-gx2b AND version=-
vendor=cisco AND product=n9k-c9348d-gx2a AND version=-
vendor=cisco AND product=n9k-c93600cd-gx AND version=-
vendor=cisco AND product=n9k-c9364d-gx2a AND version=-
vendor=cisco AND product=nexus_3048 AND version=-
vendor=cisco AND product=nexus_31108pc-v AND version=-
vendor=cisco AND product=nexus_31108tc-v AND version=-
vendor=cisco AND product=nexus_31128pq AND version=-
vendor=cisco AND product=nexus_3132c-z AND version=-
vendor=cisco AND product=nexus_3132q-v AND version=-
vendor=cisco AND product=nexus_3132q-x AND version=-
vendor=cisco AND product=nexus_3132q-xl AND version=-
vendor=cisco AND product=nexus_3164q AND version=-
vendor=cisco AND product=nexus_3172pq AND version=-
vendor=cisco AND product=nexus_3172pq-xl AND version=-
vendor=cisco AND product=nexus_3172tq-xl AND version=-
vendor=cisco AND product=nexus_3232c AND version=-
vendor=cisco AND product=nexus_3264c-e AND version=-
vendor=cisco AND product=nexus_3264q AND version=-
vendor=cisco AND product=nexus_3408-s AND version=-
vendor=cisco AND product=nexus_34180yc AND version=-
vendor=cisco AND product=nexus_3432d-s AND version=-
vendor=cisco AND product=nexus_3464c AND version=-
vendor=cisco AND product=nexus_3524-x AND version=-
vendor=cisco AND product=nexus_3524-xl AND version=-
vendor=cisco AND product=nexus_3548-x AND version=-
vendor=cisco AND product=nexus_3548-xl AND version=-
vendor=cisco AND product=nexus_36180yc-r AND version=-
vendor=cisco AND product=nexus_3636c-r AND version=-
vendor=cisco AND product=nexus_92160yc-x AND version=-
vendor=cisco AND product=nexus_92300yc AND version=-
vendor=cisco AND product=nexus_92304qc AND version=-
vendor=cisco AND product=nexus_92348gc-x AND version=-
vendor=cisco AND product=nexus_9236c AND version=-
vendor=cisco AND product=nexus_9272q AND version=-
vendor=cisco AND product=nexus_93108tc-ex AND version=-
vendor=cisco AND product=nexus_93108tc-fx AND version=-
vendor=cisco AND product=nexus_93108tc-fx3p AND version=-
vendor=cisco AND product=nexus_93120tx AND version=-
vendor=cisco AND product=nexus_93180yc-ex AND version=-
vendor=cisco AND product=nexus_93180yc-fx AND version=-
vendor=cisco AND product=nexus_93180yc-fx3 AND version=-
vendor=cisco AND product=nexus_93216tc-fx2 AND version=-
vendor=cisco AND product=nexus_93240yc-fx2 AND version=-
vendor=cisco AND product=nexus_9332c AND version=-
vendor=cisco AND product=nexus_93360yc-fx2 AND version=-
vendor=cisco AND product=nexus_9336c-fx2 AND version=-
vendor=cisco AND product=nexus_9336c-fx2-e AND version=-
vendor=cisco AND product=nexus_9348gc-fxp AND version=-
vendor=cisco AND product=nexus_9364c AND version=-
vendor=cisco AND product=nexus_9364c-gx AND version=-
vendor=cisco AND product=nexus_9504_switch AND version=-
vendor=cisco AND product=nexus_9508_switch AND version=-
vendor=cisco AND product=nexus_9516_switch AND version=-
AND
OR
vendor=cisco AND product=nx-os AND version=7.3\(8\)n1\(0.4\)
OR
vendor=cisco AND product=nexus_5548p AND version=-
vendor=cisco AND product=nexus_5548up AND version=-
vendor=cisco AND product=nexus_5596t AND version=-
vendor=cisco AND product=nexus_5596up AND version=-
vendor=cisco AND product=nexus_56128p AND version=-
vendor=cisco AND product=nexus_5672up AND version=-
vendor=cisco AND product=nexus_5672up-16g AND version=-
vendor=cisco AND product=nexus_6000 AND version=-
vendor=cisco AND product=nexus_6001 AND version=-
vendor=cisco AND product=nexus_6004 AND version=-
 

Reference

 


Keywords

NVD

 

CVE-2022-20650

 

CVE

 

Common vulnerabilities & exposures

 

CVSS

 

Common vulnerability scoring system

 

Security

 

Vulnerabilities

 

Exposures

 

We use cookies to ensure that we give you the best experience on our website. Read privacy policies for more information.