CVE-2022-20718

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Cisco IOx (affected versions not specified)

Description The issue allows an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software. This is due to incorrect restriction of the directory path name with limited access.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Path traversal

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22CWE-78

Related Identifiers

BDU:2022-02486

CVE-2022-20718

GHSA-PX2C-Q384-5WXC

Affected Products

Cisco Iox

Cisco Ios Xe

CVE-2022-20718

Weakness Enumeration

Related Identifiers

Affected Products

References · 9