CVE-2022-20665 — Command Injection in Cisco Staros

CWE-77 — Command Injection4 documents4 sources

Severity

6.7MEDIUMNVD

CNA6.0

EPSS

0.2%

top 64.10%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Staros Cisco ASR 5000 Series Software

Timeline

PublishedApr 6

Latest updateApr 7

Description

A vulnerability in the CLI of Cisco StarOS could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerability is due to insufficient input validation of CLI commands. An attacker could exploit this vulnerability by sending crafted commands to the CLI. A successful exploit could allow the attacker to execute arbitrary code with the privileges of the root user. To exploit this vulnerability, an attacker would need to have valid administrative credentials o…

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages2 packages

▶NVDcisco/staros21.23.0 — 21.23.n7+1

▶CVEListV5cisco/cisco_asr_5000_series_softwaren/a

🔴Vulnerability Details

GHSA

GHSA-mf37-5pqc-748x: A vulnerability in the CLI of Cisco StarOS could allow an authenticated, local attacker to elevate privileges on an affected device↗2022-04-07

▶

CVEList

Cisco StarOS Command Injection Vulnerability↗2022-04-06

▶

📋Vendor Advisories

Cisco

Cisco StarOS Command Injection Vulnerability↗2022-03-02

▶