CVE-2022-20677

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 15-04-2022 05:15

Last modified: - 25-04-2022 05:06

Total changes: - 2

Description

Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software. For more information about these vulnerabilities, see the Details section of this advisory.

Common Vulnerability Scoring System (CVSS)

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Low

Attack complexity

Local

Attack vector

High

Availability

High

Confidentiality

High

Integrity

High

Privileges required

Unchanged

Scope

None

User interaction

6.7

Base score

0.8

5.9

Exploitability score

Impact score

Verification logic

AND

vendor=cisco AND product=ios AND version=17.6.1

vendor=cisco AND product=8101-32fh AND version=-

vendor=cisco AND product=8101-32h AND version=-

vendor=cisco AND product=8102-64h AND version=-

vendor=cisco AND product=8201 AND version=-

vendor=cisco AND product=8201-32fh AND version=-

vendor=cisco AND product=8202 AND version=-

vendor=cisco AND product=8800 AND version=-

vendor=cisco AND product=asr_1001-x AND version=-

vendor=cisco AND product=asr_1002-hx AND version=-

vendor=cisco AND product=asr_1006-x AND version=-

vendor=cisco AND product=asr_1009-x AND version=-

vendor=cisco AND product=asr_900 AND version=-

vendor=cisco AND product=asr_9000v-v2 AND version=-

vendor=cisco AND product=asr_9001 AND version=-

vendor=cisco AND product=asr_9006 AND version=-

vendor=cisco AND product=asr_9010 AND version=-

vendor=cisco AND product=asr_9901 AND version=-

vendor=cisco AND product=asr_9902 AND version=-

vendor=cisco AND product=asr_9903 AND version=-

vendor=cisco AND product=asr_9904 AND version=-

vendor=cisco AND product=asr_9906 AND version=-

vendor=cisco AND product=asr_9910 AND version=-

vendor=cisco AND product=asr_9912 AND version=-

vendor=cisco AND product=asr_9922 AND version=-

vendor=cisco AND product=catalyst_3650 AND version=-

vendor=cisco AND product=catalyst_3850 AND version=-

vendor=cisco AND product=catalyst_8200 AND version=-

vendor=cisco AND product=catalyst_8300 AND version=-

vendor=cisco AND product=catalyst_8500 AND version=-

vendor=cisco AND product=catalyst_8500l AND version=-

vendor=cisco AND product=catalyst_9200 AND version=-

vendor=cisco AND product=catalyst_9300 AND version=-

vendor=cisco AND product=catalyst_9400 AND version=-

vendor=cisco AND product=catalyst_9500 AND version=-

vendor=cisco AND product=catalyst_9500h AND version=-

vendor=cisco AND product=catalyst_9600 AND version=-

vendor=cisco AND product=catalyst_9800 AND version=-

vendor=cisco AND product=catalyst_9800-40 AND version=-

vendor=cisco AND product=catalyst_9800-80 AND version=-

vendor=cisco AND product=catalyst_9800-cl AND version=-

vendor=cisco AND product=catalyst_9800-l AND version=-

vendor=cisco AND product=catalyst_cg418-e AND version=-

vendor=cisco AND product=catalyst_cg522-e AND version=-

vendor=cisco AND product=catalyst_ess9300 AND version=-

vendor=cisco AND product=catalyst_ie3200 AND version=-

vendor=cisco AND product=catalyst_ie3300 AND version=-

vendor=cisco AND product=catalyst_ie3400 AND version=-

vendor=cisco AND product=catalyst_ie9300 AND version=-

vendor=cisco AND product=cloud_services_router_1000v AND version=-

vendor=cisco AND product=esr3300 AND version=-

vendor=cisco AND product=esr6300 AND version=-

vendor=cisco AND product=isr_1100-4g AND version=-

vendor=cisco AND product=isr_1100-6g AND version=-

vendor=cisco AND product=isr_1101 AND version=-

vendor=cisco AND product=isr_1109 AND version=-

vendor=cisco AND product=isr_1111x AND version=-

vendor=cisco AND product=isr_111x AND version=-

vendor=cisco AND product=isr_1120 AND version=-

vendor=cisco AND product=isr_1131 AND version=-

vendor=cisco AND product=isr_1160 AND version=-

vendor=cisco AND product=isr_4221 AND version=-

Reference

20220413 Cisco IOx Application Hosting Environment Vulnerabilities-Vendor Advisory

Keywords

CVE-2022-20677

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2022-20677

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures