PT-2022-1963 · Cisco · Cisco Staros

Arthur Vidineyev

Published

2022-03-02

Updated

2022-04-14

CVE-2022-20665

CVSS v2.0

7.2

High

Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Cisco StarOS (affected versions not specified)

Description A vulnerability in the CLI of Cisco StarOS could allow an authenticated, local attacker to elevate privileges on an affected device. This issue is due to insufficient input validation of CLI commands. An attacker could exploit this vulnerability by sending crafted commands to the CLI, potentially allowing the execution of arbitrary code with the privileges of the root user. To exploit this vulnerability, an attacker would need to have valid administrative credentials on an affected device.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-77

Related Identifiers

BDU:2022-01523

CVE-2022-20665

Affected Products

Cisco Staros

PT-2022-1963 · Cisco · Cisco Staros

CVE-2022-20665

Weakness Enumeration

Related Identifiers

Affected Products

References · 8