CVE-2022-20727

CVE Database · CVE-2022-20727

CVE-2022-20727

· MEDIUMModified

CVSS v3.1

5.5

EPSS

1.01%

Published

Apr 15, 2022

Modified

Nov 21, 2024

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software. For more information about these vulnerabilities, see the Details section of this advisory.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:N

Weaknesses (CWE)

CWE-22CWE-22

Affected Products (214)

cisco · cgr1000_compute_module (up to 1.15.0.1)vulnerable

cisco · ic3000_industrial_compute_gateway (up to 1.4.1)vulnerable

cisco · ir510_operating_system (up to 6.5.9)vulnerable

cisco · iosvulnerable

cisco · ios

References (2)

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iox-yuXQ6hFj

Vendor Advisory

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iox-yuXQ6hFj

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs