PT-2022-3875 · Cisco · Cisco Iox+1

Cyrille Chatras

Published

2022-04-13

Updated

2024-03-04

CVE-2022-20720

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Cisco IOx (affected versions not specified)

Description The issue allows an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software. This is due to incorrect restriction of the directory path name with limited access. Exploitation may allow a remote attacker to read or write arbitrary files in the system by sending a specially crafted HTTP request.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Path traversal

Link Following

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22CWE-59

Related Identifiers

BDU:2022-04679

CVE-2022-20720

GHSA-4QMQ-RFW6-F2X2

Affected Products

Cisco Iox

Cisco Ios Xe

PT-2022-3875 · Cisco · Cisco Iox+1

CVE-2022-20720

Weakness Enumeration

Related Identifiers

Affected Products

References · 8