CVE-2022-20851

Name of the Vulnerable Software and Affected Versions Cisco IOS XE Software (affected versions not specified)

Description The issue exists due to insufficient input validation in the web UI feature of Cisco IOS XE Software, allowing an authenticated, remote attacker to perform an injection attack against an affected device. An attacker could exploit this by sending crafted input to the web UI API, potentially executing arbitrary commands on the underlying operating system with root privileges. The attacker must have valid Administrator privileges on the affected device to exploit this issue.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.