Lucene search

[email protected]CVE-2022-20855

HistorySep 30, 2022 - 7:15 p.m.

CVE-2022-20855

2022-09-3019:15:12

CWE-78

CWE-266

[email protected]

web.nvd.nist.gov

cve-2022-20855

cisco

ios xe software

vulnerability

security

nvd

access point

7.9 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N

0.0004 Low

EPSS

Percentile

5.2%

JSON

A vulnerability in the self-healing functionality of Cisco IOS XE Software for Embedded Wireless Controllers on Catalyst Access Points could allow an authenticated, local attacker to escape the restricted controller shell and execute arbitrary commands on the underlying operating system of the access point. This vulnerability is due to improper checks throughout the restart of certain system processes. An attacker could exploit this vulnerability by logging on to an affected device and executing certain CLI commands. A successful exploit could allow the attacker to execute arbitrary commands on the underlying OS as root. To successfully exploit this vulnerability, an attacker would need valid credentials for a privilege level 15 user of the wireless controller.

Affected configurations

NVD

Node

ciscoios_xeMatch17.6.1

AND

ciscocatalyst_9105Match-

ciscocatalyst_9105axiMatch-

ciscocatalyst_9105axwMatch-

ciscocatalyst_9115Match-

ciscocatalyst_9115_apMatch-

ciscocatalyst_9115axeMatch-

ciscocatalyst_9115axiMatch-

ciscocatalyst_9117Match-

ciscocatalyst_9117_apMatch-

ciscocatalyst_9117axiMatch-

ciscocatalyst_9120Match-

ciscocatalyst_9120_apMatch-

ciscocatalyst_9120axeMatch-

ciscocatalyst_9120axiMatch-

ciscocatalyst_9120axpMatch-

ciscocatalyst_9124Match-

ciscocatalyst_9124axdMatch-

ciscocatalyst_9124axiMatch-

ciscocatalyst_9130Match-

ciscocatalyst_9130_apMatch-

ciscocatalyst_9130axeMatch-

ciscocatalyst_9130axiMatch-

ciscocatalyst_9800Match-

ciscocatalyst_9800-40Match-

ciscocatalyst_9800-80Match-

ciscocatalyst_9800-clMatch-

ciscocatalyst_9800-lMatch-

ciscocatalyst_9800-l-cMatch-

ciscocatalyst_9800-l-fMatch-

CPENameOperatorVersion
cisco:ios_xecisco ios xeeq17.6.1

CPE	Name	Operator	Version
cisco:ios_xe	cisco ios xe	eq	17.6.1

CNA Affected

[
  {
    "product": "Cisco IOS XE Software ",
    "vendor": "Cisco",
    "versions": [
      {
        "status": "affected",
        "version": "n/a"
      }
    ]
  }
]