CVE-2022-20677

Published Apr 15, 2022
Last updated 3 months ago
CVSS medium 5.5
Overview

Description: Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software. For more information about these vulnerabilities, see the Details section of this advisory.
Source: ykramarz@cisco.com
NVD status: Modified
Risk scores

CVSS 3.1

Type: Primary
Base score: 6.7
Impact score: 5.9
Exploitability score: 0.8
Vector string: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Severity: MEDIUM
CVSS 2.0

Type: Primary
Base score: 7.2
Impact score: 10
Exploitability score: 3.9
Vector string: AV:L/AC:L/Au:N/C:C/I:C/A:C
Weaknesses

ykramarz@cisco.com: CWE-22
nvd@nist.gov: CWE-326
Hype score: Not currently trending
Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:cisco:ios:17.6.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "25FA8E21-9A5D-494C-92BF-42F1F4D2DCAA"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:cisco:1100-4g_integrated_services_router:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "0F77CD6A-83DA-4F31-A128-AD6DAECD623B"
          },
          {
            "criteria": "cpe:2.3:h:cisco:1100-6g_integrated_services_router:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "2B68B363-3C57-4E95-8B13-0F9B59D551F7"
          },
          {
            "criteria": "cpe:2.3:h:cisco:1101_integrated_services_router:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "5EB8A757-7888-4AC2-BE44-B89DB83C6C77"
          },
          {
            "criteria": "cpe:2.3:h:cisco:1109_integrated_services_router:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "B80890A8-E3D3-462C-B125-9E9BC6525B02"
          },
          {
            "criteria": "cpe:2.3:h:cisco:1111x_integrated_services_router:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "0547E196-5991-4C33-823A-342542E9DFD3"
          },
          {
            "criteria": "cpe:2.3:h:cisco:111x_integrated_services_router:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "802CBFC1-8A2F-4BF7-A1D3-00622C33BE16"
          },
          {
            "criteria": "cpe:2.3:h:cisco:1120_integrated_services_router:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "7AFE0FC1-EEBC-42F0-88B0-4AF5B76DDD97"
          },
          {
            "criteria": "cpe:2.3:h:cisco:1131_integrated_services_router:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "F3F374DC-B9F7-4515-A064-01BB436CA984"
          },
          {
            "criteria": "cpe:2.3:h:cisco:1160_integrated_services_router:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "D916389F-54DB-44CB-91DD-7CE3C7059350"
          },
          {
            "criteria": "cpe:2.3:h:cisco:4221_integrated_services_router:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "6C8AED7C-DDA3-4C29-BB95-6518C02C551A"
          },
          {
            "criteria": "cpe:2.3:h:cisco:8101-32fh:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "E055F58F-F9FB-4B27-841E-61ECAB5F42B8"
          },
          {
            "criteria": "cpe:2.3:h:cisco:8101-32h:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "2B832863-E366-46ED-BC35-838762F0CE29"
          },
          {
            "criteria": "cpe:2.3:h:cisco:8102-64h:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "A3C3DDAC-7D0F-4D1D-9632-F001F2EB5D34"
          },
          {
            "criteria": "cpe:2.3:h:cisco:8201:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "3D8E7FFF-82A8-4ECB-BA0C-CBF0C2FDA3A3"
          },
          {
            "criteria": "cpe:2.3:h:cisco:8201-32fh:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "528BE0D3-E5ED-4836-B0D8-0C8508C5BDD7"
          },
          {
            "criteria": "cpe:2.3:h:cisco:8202:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "87DC4C2F-01C5-4D89-8D79-E5D28EDAD0F2"
          },
          {
            "criteria": "cpe:2.3:h:cisco:8800:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "E899BDC3-03A0-4ED7-8C36-7BC247A344A8"
          },
          {
            "criteria": "cpe:2.3:h:cisco:asr_1001-x:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "09C913FF-63D5-43FB-8B39-598EF436BA5A"
          },
          {
            "criteria": "cpe:2.3:h:cisco:asr_1002-hx:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "CD2794BD-C8CE-46EF-9857-1723FCF04E46"
          },
          {
            "criteria": "cpe:2.3:h:cisco:asr_1006-x:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "DE7401B7-094C-46EB-9869-2F0372E8B26B"
          },
          {
            "criteria": "cpe:2.3:h:cisco:asr_1009-x:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "8D8A72FD-D8B0-45B5-8FAD-6D8395BB218A"
          },
          {
            "criteria": "cpe:2.3:h:cisco:asr_900:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "EA873342-542E-4FC8-9C22-B5A43F9F3E9D"
          },
          {
            "criteria": "cpe:2.3:h:cisco:asr_9000v-v2:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "DB91BE23-C710-473F-8E43-0E0DE760F8AD"
          },
          {
            "criteria": "cpe:2.3:h:cisco:asr_9001:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "324C97E6-1810-404F-9F45-6240F99FF039"
          },
          {
            "criteria": "cpe:2.3:h:cisco:asr_9006:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "57EB55BB-41B7-40A1-B6F5-142FE8AB4C16"
          },
          {
            "criteria": "cpe:2.3:h:cisco:asr_9010:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "433F4A82-04A4-4EAA-8C19-F7581DCD8D29"
          },
          {
            "criteria": "cpe:2.3:h:cisco:asr_9901:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "2D5E60AB-94FF-448A-89D8-5D2197E21C74"
          },
          {
            "criteria": "cpe:2.3:h:cisco:asr_9902:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "91474DBC-FB31-4DDF-96C5-311FA1D53A74"
          },
          {
            "criteria": "cpe:2.3:h:cisco:asr_9903:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "FA241214-2F05-4360-9B50-385355E29CF4"
          },
          {
            "criteria": "cpe:2.3:h:cisco:asr_9904:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "A93212A4-50AB-42E7-89A4-5FBBAEA050C3"
          },
          {
            "criteria": "cpe:2.3:h:cisco:asr_9906:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "EDA53A61-98B3-458C-8893-61CD7D6B1E48"
          },
          {
            "criteria": "cpe:2.3:h:cisco:asr_9910:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "F396564E-B477-4A27-A189-CEB737552E25"
          },
          {
            "criteria": "cpe:2.3:h:cisco:asr_9912:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "5445CC54-ACFB-4070-AF26-F91FEAA85181"
          },
          {
            "criteria": "cpe:2.3:h:cisco:asr_9922:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "D7AA58E5-D7E1-48CF-93FF-C60EB85B2BC7"
          },
          {
            "criteria": "cpe:2.3:h:cisco:catalyst_3650:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "7814FA61-CAF1-46DE-9D84-CEBE6480EA03"
          },
          {
            "criteria": "cpe:2.3:h:cisco:catalyst_3850:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "005F5347-A5E6-4954-ACAB-E4DF29119724"
          },
          {
            "criteria": "cpe:2.3:h:cisco:catalyst_8200:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "EE9EABE0-5FB0-4277-A389-87732E750B7C"
          },
          {
            "criteria": "cpe:2.3:h:cisco:catalyst_8300:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "72BBF8E8-7AD9-46B8-8B02-F0DB1F95E1CD"
          },
          {
            "criteria": "cpe:2.3:h:cisco:catalyst_8500:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "7A82CE19-C3C4-4FAD-A1B3-AB91EDB61591"
          },
          {
            "criteria": "cpe:2.3:h:cisco:catalyst_8500l:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "04AB61E9-0148-495E-BD21-64D52DE60A6C"
          },
          {
            "criteria": "cpe:2.3:h:cisco:catalyst_9200:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "FC4A5C56-0D08-4423-AEBD-33EDF172FCF9"
          },
          {
            "criteria": "cpe:2.3:h:cisco:catalyst_9300:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "0972076B-5C87-44B3-90EC-4C200B89318A"
          },
          {
            "criteria": "cpe:2.3:h:cisco:catalyst_9400:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "737F22AB-C5A9-4A18-BA3D-38A222491397"
          },
          {
            "criteria": "cpe:2.3:h:cisco:catalyst_9500:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "176ACF88-6112-4179-8492-50C50577B300"
          },
          {
            "criteria": "cpe:2.3:h:cisco:catalyst_9500h:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "D07FC868-0B38-4F24-BA40-87966FF80AB7"
          },
          {
            "criteria": "cpe:2.3:h:cisco:catalyst_9600:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "C19A801D-02D7-40B0-88E8-FE7BA8630E60"
          },
          {
            "criteria": "cpe:2.3:h:cisco:catalyst_9800:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "A48E6CF0-7A3B-4D11-8D02-0CD38F2420E9"
          },
          {
            "criteria": "cpe:2.3:h:cisco:catalyst_9800-40:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "1B9ED0E5-CB20-4106-9CF2-8EB587B33543"
          },
          {
            "criteria": "cpe:2.3:h:cisco:catalyst_9800-80:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "2B0E620C-8E09-4F7C-A326-26013173B993"
          },
          {
            "criteria": "cpe:2.3:h:cisco:catalyst_9800-cl:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "FF93F1C8-669F-4ECB-8D81-ECDA7B550175"
          },
          {
            "criteria": "cpe:2.3:h:cisco:catalyst_9800-l:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "2E0BA345-B7D7-4975-9199-4DC7875BBFD0"
          },
          {
            "criteria": "cpe:2.3:h:cisco:catalyst_cg418-e:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "25CE5302-0BA9-4155-A68B-3CD735F64A9F"
          },
          {
            "criteria": "cpe:2.3:h:cisco:catalyst_cg522-e:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "405B9D5D-09E9-48D9-A164-04A6DCE41482"
          },
          {
            "criteria": "cpe:2.3:h:cisco:catalyst_ess9300:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "9A80AB4A-A121-4777-BD99-62D658A3DE22"
          },
          {
            "criteria": "cpe:2.3:h:cisco:catalyst_ie3200:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "EACA55A5-4E73-4187-96BE-08E04F2C7659"
          },
          {
            "criteria": "cpe:2.3:h:cisco:catalyst_ie3300:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "8E31CB8F-60FF-4D03-BE8C-824ECE967797"
          },
          {
            "criteria": "cpe:2.3:h:cisco:catalyst_ie3400:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "9A8E319D-5AE5-4074-9DAF-4B65F3B3CEE5"
          },
          {
            "criteria": "cpe:2.3:h:cisco:catalyst_ie9300:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "8DF0025D-8DE1-437D-9A4E-72C3AC6B46CD"
          },
          {
            "criteria": "cpe:2.3:h:cisco:cloud_services_router_1000v:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "4CCB8270-A01D-40A6-BF4B-26BAF65E68F3"
          },
          {
            "criteria": "cpe:2.3:h:cisco:esr3300:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "D07773DC-24E0-4651-A98B-9CD54419F4D1"
          },
          {
            "criteria": "cpe:2.3:h:cisco:esr6300:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "44D19136-4ECB-437F-BA8A-E2FE35A39BF9"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]
Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References
