CVE-2022-20650OS Command Injection in Cisco Nx-os Software

CWE-78OS Command Injection4 documents4 sources
Severity
8.8HIGHNVD
EPSS
9.8%
top 7.04%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Nx-os SoftwareCisco Nx-os
Timeline
PublishedFeb 23
Latest updateFeb 24

Description

A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an authenticated, remote attacker to execute arbitrary commands with root privileges. The vulnerability is due to insufficient input validation of user supplied data that is sent to the NX-API. An attacker could exploit this vulnerability by sending a crafted HTTP POST request to the NX-API of an affected device. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the underly

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

NVDcisco/nx-os10.2\(1.72\), 7.3\(8\)n1\(0.4\)+1

🔴Vulnerability Details

2
GHSA
GHSA-3hrp-jhgv-872c: A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an authenticated, remote attacker to execute arbitrary commands with root pr2022-02-24
CVEList
Cisco NX-OS Software NX-API Command Injection Vulnerability2022-02-23

📋Vendor Advisories

1
Cisco
Cisco NX-OS Software NX-API Command Injection Vulnerability2022-02-23
CVE-2022-20650 — OS Command Injection in Cisco | cvebase