CVE-2022-20721

CWE-22Path TraversalCWE-250CWE-77Command Injection4 documents4 sources
Severity
4.9MEDIUM
EPSS
0.6%
top 31.95%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Cisco IOSCisco IOS XE
Timeline
PublishedApr 15
Latest updateApr 16

Description

Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software. For more information about these vulnerabilities, see the Details section of this advisory.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:NExploitability: 1.2 | Impact: 4.2

Affected Packages2 packages

NVDcisco/ios_xe142 versions+141
CVEListV5cisco/cisco_iosn/a

🔴Vulnerability Details

2
GHSA
GHSA-7xxw-22f3-9pq3: Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary comm2022-04-16
CVEList
Cisco IOx Application Hosting Environment Vulnerabilities2022-04-15

📋Vendor Advisories

1
Cisco
Cisco IOx Application Hosting Environment Vulnerabilities2022-04-13
CVE-2022-20721 (MEDIUM CVSS 4.9) | Multiple vulnerabilities in the Cis | cvebase.io