PT-2022-4325 · Cisco · Cisco Ios Xe

Published

2022-04-13

Updated

2023-07-24

CVE-2022-20693

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Cisco IOS XE Software (affected versions not specified)

Description A vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated, remote attacker to perform an injection attack against an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted input to the web UI API. A successful exploit could allow the attacker to inject commands to the underlying operating system with root privileges.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Special Elements Injection

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-74CWE-78

Related Identifiers

BDU:2022-05183

CVE-2022-20693

Affected Products

Cisco Ios Xe

PT-2022-4325 · Cisco · Cisco Ios Xe

CVE-2022-20693

Weakness Enumeration

Related Identifiers

Affected Products

References · 6