CVE-2022-20652

Name of the Vulnerable Software and Affected Versions Cisco Tetration (affected versions not specified)

Description The issue is related to insufficient input validation in the web-based management interface and API subsystem, allowing an authenticated, remote attacker to inject arbitrary commands with root-level privileges on the underlying operating system. This can be achieved by submitting a crafted HTTP message to the affected system. The attacker needs valid administrator-level credentials to exploit this issue.

Recommendations To resolve the issue, apply the software updates released by Cisco that address this vulnerability. At the moment, there is no information about additional mitigation measures or workarounds that address this vulnerability.