Lucene search

[email protected]CVE-2022-20693

HistoryApr 15, 2022 - 3:15 p.m.

CVE-2022-20693

2022-04-1515:15:12

CWE-78

CWE-74

[email protected]

web.nvd.nist.gov

933

cisco

ios xe

software

vulnerability

web ui

injection attack

nvd

cve-2022-20693

9 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

7.2 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

51.2%

JSON

A vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated, remote attacker to perform an injection attack against an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted input to the web UI API. A successful exploit could allow the attacker to inject commands to the underlying operating system with root privileges.

Affected configurations

NVD

Node

ciscoios_xeMatch3.15.1xbs

ciscoios_xeMatch3.15.2xbs

ciscoios_xeMatch16.12.1

ciscoios_xeMatch16.12.1a

ciscoios_xeMatch16.12.1c

ciscoios_xeMatch16.12.1s

ciscoios_xeMatch16.12.1t

ciscoios_xeMatch16.12.1w

ciscoios_xeMatch16.12.1x

ciscoios_xeMatch16.12.1y

ciscoios_xeMatch16.12.1z

ciscoios_xeMatch16.12.1z1

ciscoios_xeMatch16.12.1z2

ciscoios_xeMatch16.12.2

ciscoios_xeMatch16.12.2a

ciscoios_xeMatch16.12.2s

ciscoios_xeMatch16.12.2t

ciscoios_xeMatch16.12.3

ciscoios_xeMatch16.12.3a

ciscoios_xeMatch16.12.3s

ciscoios_xeMatch16.12.4

ciscoios_xeMatch16.12.4a

ciscoios_xeMatch16.12.5

ciscoios_xeMatch16.12.5a

ciscoios_xeMatch16.12.5b

ciscoios_xeMatch16.12.6

ciscoios_xeMatch16.12.6a

ciscoios_xeMatch17.1.1

ciscoios_xeMatch17.1.1a

ciscoios_xeMatch17.1.1s

ciscoios_xeMatch17.1.1t

ciscoios_xeMatch17.1.2

ciscoios_xeMatch17.1.3

ciscoios_xeMatch17.2.1

ciscoios_xeMatch17.2.1a

ciscoios_xeMatch17.2.1r

ciscoios_xeMatch17.2.1v

ciscoios_xeMatch17.2.2

ciscoios_xeMatch17.2.3

ciscoios_xeMatch17.3.1

ciscoios_xeMatch17.3.1a

ciscoios_xeMatch17.3.1w

ciscoios_xeMatch17.3.1x

ciscoios_xeMatch17.3.1z

ciscoios_xeMatch17.3.2

ciscoios_xeMatch17.3.2a

ciscoios_xeMatch17.3.3

ciscoios_xeMatch17.3.3a

ciscoios_xeMatch17.3.4

ciscoios_xeMatch17.3.4a

ciscoios_xeMatch17.3.4b

ciscoios_xeMatch17.3.4c

ciscoios_xeMatch17.4.1

ciscoios_xeMatch17.4.1a

ciscoios_xeMatch17.4.1b

ciscoios_xeMatch17.4.1c

ciscoios_xeMatch17.4.2

ciscoios_xeMatch17.4.2a

ciscoios_xeMatch17.5.1

ciscoios_xeMatch17.5.1a

ciscoios_xeMatch17.6.1

ciscoios_xeMatch17.6.1a

ciscoios_xeMatch17.6.1w

CPENameOperatorVersion
cisco:ios_xecisco ios xeeq3.15.1xbs
cisco:ios_xecisco ios xeeq3.15.2xbs
cisco:ios_xecisco ios xeeq16.12.1
cisco:ios_xecisco ios xeeq16.12.1a
cisco:ios_xecisco ios xeeq16.12.1c
cisco:ios_xecisco ios xeeq16.12.1s
cisco:ios_xecisco ios xeeq16.12.1t
cisco:ios_xecisco ios xeeq16.12.1w
cisco:ios_xecisco ios xeeq16.12.1x
cisco:ios_xecisco ios xeeq16.12.1y

CPE	Name	Operator	Version
cisco:ios_xe	cisco ios xe	eq	3.15.1xbs
cisco:ios_xe	cisco ios xe	eq	3.15.2xbs
cisco:ios_xe	cisco ios xe	eq	16.12.1
cisco:ios_xe	cisco ios xe	eq	16.12.1a
cisco:ios_xe	cisco ios xe	eq	16.12.1c
cisco:ios_xe	cisco ios xe	eq	16.12.1s
cisco:ios_xe	cisco ios xe	eq	16.12.1t
cisco:ios_xe	cisco ios xe	eq	16.12.1w
cisco:ios_xe	cisco ios xe	eq	16.12.1x
cisco:ios_xe	cisco ios xe	eq	16.12.1y

Rows per page:

1-10 of 631

CNA Affected

[
  {
    "product": "Cisco IOS XE Software ",
    "vendor": "Cisco",
    "versions": [
      {
        "status": "affected",
        "version": "n/a"
      }
    ]
  }
]

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webuiapi-inj-Nyrq92Od

9 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

7.2 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

51.2%

JSON

Related for CVE-2022-20693

cvelist1 prion1 cisco1 nvd1