CVE-2022-20724

CVSS v2.0

7.6

High

Vector

AV:N/AC:H/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Cisco IOx (affected versions not specified)

Description Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software. The vulnerability is caused by errors in synchronization when using a shared resource.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Path traversal

Race Condition

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22CWE-362

Related Identifiers

BDU:2022-03408

CVE-2022-20724

GHSA-XR7H-WJGG-H3RP

Affected Products

Cisco Iox

Cisco Ios

Cisco Ios Xe

CVE-2022-20724

Weakness Enumeration

Related Identifiers

Affected Products

References · 9