CVE-2022-20677

Name of the Vulnerable Software and Affected Versions Cisco IOx (affected versions not specified)

Description The issue exists due to incorrect restriction of a directory path name with limited access. An attacker could inject arbitrary commands into the underlying host operating system, execute arbitrary code on the host, install applications without authentication, or conduct a cross-site scripting (XSS) attack against a user of the affected software.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.