CVE-2022-20725

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:C/A:N

Name of the Vulnerable Software and Affected Versions Cisco IOx (affected versions not specified)

Description The issue exists due to inadequate protection of the web page structure in the Cisco IOx application hosting environment on multiple Cisco platforms. This could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Path traversal

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22CWE-79

Related Identifiers

BDU:2022-03208

CVE-2022-20725

GHSA-Q2V9-QPMG-4QC4

Affected Products

Cisco Iox

Cisco Ios

Cisco Ios Xe

CVE-2022-20725

Weakness Enumeration

Related Identifiers

Affected Products

References · 9