All the vulnerabilites related to cisco - 807_industrial_integrated_services_router
Vulnerability from fkie_nvd
Published
2022-04-15 15:15
Modified
2024-11-21 06:43
Severity ?
5.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:N
4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Summary
Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software. For more information about these vulnerabilities, see the Details section of this advisory.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:cgr1000_compute_module:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EBD4C0D6-AB7B-48B5-B1BD-8EBAEAC51524",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:ic3000_industrial_compute_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6E9AF42D-A861-4585-8FA6-28BD3623681E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:ir510_operating_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A90577A5-5077-4A3C-87D8-63A77B7FBE30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:15.2\\(5\\)e1:*:*:*:*:*:*:*",
"matchCriteriaId": "E027FB12-862F-413E-AA2B-4BBD90AE3650",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:15.2\\(5\\)e2c:*:*:*:*:*:*:*",
"matchCriteriaId": "E7131776-5DEB-4B96-8483-B81B538E24FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:15.2\\(6\\)e0a:*:*:*:*:*:*:*",
"matchCriteriaId": "C5B78669-3B28-4F1D-993D-85282A7D0E96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:15.2\\(6\\)e1:*:*:*:*:*:*:*",
"matchCriteriaId": "D3C73A3A-4B84-476F-AC3C-81DCB527E29A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:15.2\\(6\\)e2a:*:*:*:*:*:*:*",
"matchCriteriaId": "1758F264-96F9-4EE9-9CA9-AD5407885547",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:15.2\\(7\\)e:*:*:*:*:*:*:*",
"matchCriteriaId": "6437E689-A049-4D48-AB7A-49CA7EBDE8B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:15.2\\(7\\)e0b:*:*:*:*:*:*:*",
"matchCriteriaId": "A4C12918-E5BB-465E-9DA4-06B7351DD805",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:15.2\\(7\\)e0s:*:*:*:*:*:*:*",
"matchCriteriaId": "4862C453-8BD7-4D53-B2D6-CE3E44A4915A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:15.6\\(1\\)t1:*:*:*:*:*:*:*",
"matchCriteriaId": "EF662E36-0831-4892-850F-844B0E0B54DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:15.6\\(1\\)t2:*:*:*:*:*:*:*",
"matchCriteriaId": "1E71F49D-E405-4AB4-9188-DA7B338DFD7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:15.6\\(1\\)t3:*:*:*:*:*:*:*",
"matchCriteriaId": "204B0A52-F6AB-406B-B46D-E92F2D7D87F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:15.6\\(2\\)t:*:*:*:*:*:*:*",
"matchCriteriaId": "09578DDF-5D13-47C1-9BD1-A1A8B9B0C87D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:15.6\\(2\\)t0a:*:*:*:*:*:*:*",
"matchCriteriaId": "6DDCF08B-3A61-4B3D-BF35-ABB5F11EA7E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:15.6\\(2\\)t1:*:*:*:*:*:*:*",
"matchCriteriaId": "5BBF8B70-DFBE-4F6E-83F0-171F03E97606",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:15.6\\(2\\)t2:*:*:*:*:*:*:*",
"matchCriteriaId": "CA55D660-66C6-4278-8C27-25DB2712CC1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:15.6\\(2\\)t3:*:*:*:*:*:*:*",
"matchCriteriaId": "5609B342-D98E-4850-A0FE-810699A80A1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:15.6\\(3\\)m:*:*:*:*:*:*:*",
"matchCriteriaId": "8320F23D-F6BE-405B-B645-1CEB984E8267",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:15.6\\(3\\)m0a:*:*:*:*:*:*:*",
"matchCriteriaId": "4CE2670E-8C17-448D-A5BD-5A4FBCAEC35A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:15.6\\(3\\)m1:*:*:*:*:*:*:*",
"matchCriteriaId": "C7C5C705-6A8C-4834-9D24-CFE26A232C15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:15.6\\(3\\)m1a:*:*:*:*:*:*:*",
"matchCriteriaId": "691BA27E-77AB-4A30-916D-3BB916B05298",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:15.6\\(3\\)m1b:*:*:*:*:*:*:*",
"matchCriteriaId": "CC270E40-CABA-44B4-B4DD-E9C47A97770B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:15.6\\(3\\)m2:*:*:*:*:*:*:*",
"matchCriteriaId": "EC1DB8C1-7F7D-4562-A317-87E925CAD524",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:15.6\\(3\\)m2a:*:*:*:*:*:*:*",
"matchCriteriaId": "1A1887D9-E339-4DC6-BE24-A5FF15438B2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:15.6\\(3\\)m3:*:*:*:*:*:*:*",
"matchCriteriaId": "8AB2645F-C3BF-458F-9D07-6D66E1953730",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:15.6\\(3\\)m3a:*:*:*:*:*:*:*",
"matchCriteriaId": "1B2303A3-CAF1-4DBA-BB6E-F205C23DCE6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:15.6\\(3\\)m4:*:*:*:*:*:*:*",
"matchCriteriaId": "686FD45C-7722-4D98-A6D7-C36CAC56A4AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:15.6\\(3\\)m5:*:*:*:*:*:*:*",
"matchCriteriaId": "871E33AC-B469-47BA-9317-DC9E3E9BF5C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:15.6\\(3\\)m6:*:*:*:*:*:*:*",
"matchCriteriaId": "C4091CAC-BFAA-404C-A827-4DA9EADDF621",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:15.6\\(3\\)m6a:*:*:*:*:*:*:*",
"matchCriteriaId": "E0DA9FCA-4166-4084-96AF-E82CC4A4DB25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:15.6\\(3\\)m6b:*:*:*:*:*:*:*",
"matchCriteriaId": "369A99E0-3451-41D1-8C56-5352EA689950",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:15.6\\(3\\)m7:*:*:*:*:*:*:*",
"matchCriteriaId": "33D4A7FA-E4E0-49C2-97FD-A547A1612F75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:15.6\\(3\\)m8:*:*:*:*:*:*:*",
"matchCriteriaId": "DA0B918F-A28C-4B5A-A566-6E588B4F6696",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:15.6\\(3\\)m9:*:*:*:*:*:*:*",
"matchCriteriaId": "436114F2-D906-4469-99C4-10B75253B3D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:15.7\\(3\\)m:*:*:*:*:*:*:*",
"matchCriteriaId": "9C8A00BF-4522-467B-A96E-5C33623DCA2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:15.7\\(3\\)m0a:*:*:*:*:*:*:*",
"matchCriteriaId": "D2A434E7-B27C-4663-BE83-39A650D22D26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:15.7\\(3\\)m1:*:*:*:*:*:*:*",
"matchCriteriaId": "47C106CF-CBD3-4630-8E77-EDB1643F97E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:15.7\\(3\\)m2:*:*:*:*:*:*:*",
"matchCriteriaId": "A1DB7943-5CE1-44F6-B093-5EA65BF71A59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:15.7\\(3\\)m3:*:*:*:*:*:*:*",
"matchCriteriaId": "64404B00-4956-47B8-ACDB-88E365E97212",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:15.7\\(3\\)m4:*:*:*:*:*:*:*",
"matchCriteriaId": "6FE6A696-5CBC-4552-A54E-55C21BC74D7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:15.7\\(3\\)m4a:*:*:*:*:*:*:*",
"matchCriteriaId": "41237041-1D82-4C6C-BF48-ECEDF9DB08C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:15.7\\(3\\)m4b:*:*:*:*:*:*:*",
"matchCriteriaId": "CAB72CA3-088E-4EFE-BE1C-190C64101851",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:15.7\\(3\\)m5:*:*:*:*:*:*:*",
"matchCriteriaId": "FA584AC4-96AB-4026-84DF-F44F3B97F7E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:15.7\\(3\\)m6:*:*:*:*:*:*:*",
"matchCriteriaId": "22EB41FD-4DE2-4753-A18C-C877B81B51D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:15.7\\(3\\)m7:*:*:*:*:*:*:*",
"matchCriteriaId": "158EDE62-04C9-471B-B243-309D49583E67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:15.7\\(3\\)m8:*:*:*:*:*:*:*",
"matchCriteriaId": "D8609F10-2B43-4BDC-AAF1-80D589910EF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:15.7\\(3\\)m9:*:*:*:*:*:*:*",
"matchCriteriaId": "270A1FF4-8541-4026-AE2D-7D500DC401E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:15.8\\(3\\)m:*:*:*:*:*:*:*",
"matchCriteriaId": "5A58C01B-459E-432F-A49F-68EC45EE6E14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:15.8\\(3\\)m0a:*:*:*:*:*:*:*",
"matchCriteriaId": "D8DFE673-9A5E-4369-A7BB-3DE7F8E503C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:15.8\\(3\\)m0b:*:*:*:*:*:*:*",
"matchCriteriaId": "4125EE35-ED52-4350-A4CE-E90EA8ED6BAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:15.8\\(3\\)m1:*:*:*:*:*:*:*",
"matchCriteriaId": "56AD5BA0-4D08-4A92-88BE-60AF29BC35CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:15.8\\(3\\)m1a:*:*:*:*:*:*:*",
"matchCriteriaId": "2881C5EA-0AC7-4074-A4FD-9FA33E3F60A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:15.8\\(3\\)m2:*:*:*:*:*:*:*",
"matchCriteriaId": "198FF520-7631-49D9-B8A8-2E64F6237CC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:15.8\\(3\\)m2a:*:*:*:*:*:*:*",
"matchCriteriaId": "94E067E8-552B-4691-9F6A-C5E8766287BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:15.8\\(3\\)m3:*:*:*:*:*:*:*",
"matchCriteriaId": "3C4162EC-90DE-4194-8ABC-55CCB8C24FF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:15.8\\(3\\)m3a:*:*:*:*:*:*:*",
"matchCriteriaId": "405CC56E-574F-4983-B492-C8811FAF06E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:15.8\\(3\\)m3b:*:*:*:*:*:*:*",
"matchCriteriaId": "B1829074-66F9-4B3B-A084-B88D838CFC44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:15.8\\(3\\)m4:*:*:*:*:*:*:*",
"matchCriteriaId": "6715A135-61A7-4E56-948D-8A8D5F7C98C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:15.8\\(3\\)m5:*:*:*:*:*:*:*",
"matchCriteriaId": "4C836C26-DBC1-42CB-9B73-9F248D4F2B6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:15.8\\(3\\)m6:*:*:*:*:*:*:*",
"matchCriteriaId": "B2CC4602-D1F5-4843-991A-2903C8336251",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:15.8\\(3\\)m7:*:*:*:*:*:*:*",
"matchCriteriaId": "7BCCD64D-D73C-45FE-B49C-F79E23431B37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:15.9\\(3\\)m:*:*:*:*:*:*:*",
"matchCriteriaId": "EEFE8A85-7F63-4E4C-A3FE-7B7E27AD1DF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:15.9\\(3\\)m0a:*:*:*:*:*:*:*",
"matchCriteriaId": "0807458A-2453-4575-AE19-0DE15E04B88C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:15.9\\(3\\)m1:*:*:*:*:*:*:*",
"matchCriteriaId": "9BA0A0E0-A9D8-4FC3-88BD-FA0E7290A9A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:15.9\\(3\\)m2:*:*:*:*:*:*:*",
"matchCriteriaId": "6A1AF57E-79E9-40F2-817A-5E7D2760F1E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:15.9\\(3\\)m2a:*:*:*:*:*:*:*",
"matchCriteriaId": "BEF9CEA3-054B-4469-A10F-DFCB9057E5E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:15.9\\(3\\)m3:*:*:*:*:*:*:*",
"matchCriteriaId": "B8313597-49A9-4918-B8D5-8E53C5C9AFAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:15.9\\(3\\)m3a:*:*:*:*:*:*:*",
"matchCriteriaId": "31D6B0E4-92F1-42FD-92DA-887D3D38CEBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:15.9\\(3\\)m3b:*:*:*:*:*:*:*",
"matchCriteriaId": "13C6DA27-2445-4850-B0EF-82EE8C01C0B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:15.9\\(3\\)m4:*:*:*:*:*:*:*",
"matchCriteriaId": "63BEFCC8-CC04-4C41-B31A-BF01E40FA1AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:15.9\\(3\\)m4a:*:*:*:*:*:*:*",
"matchCriteriaId": "F0E473CF-FE4B-4DBE-9EBE-337AE415FA4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xe:16.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "296636F1-9242-429B-8472-90352C056106",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xe:16.3.1a:*:*:*:*:*:*:*",
"matchCriteriaId": "77993343-0394-413F-ABF9-C1215E9AD800",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xe:16.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "283971DD-DD58-4A76-AC2A-F316534ED416",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xe:16.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A8F324A5-4830-482E-A684-AB3B6594CEAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xe:16.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E8120196-8648-49D0-8262-CD4C9C90C37A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xe:16.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "33E7CCE2-C685-4019-9B55-B3BECB3E5F76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xe:16.3.5b:*:*:*:*:*:*:*",
"matchCriteriaId": "0699DD6E-BA74-4814-93AB-300329C9D032",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xe:16.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C2E2D781-2684-45F1-AC52-636572A0DCA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xe:16.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "479FB47B-AF2E-4FCB-8DE0-400BF325666C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xe:16.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "DF2B4C78-5C31-4F3D-9639-305E15576E79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xe:16.3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "2C09F0A2-B21F-40ED-A6A8-9A29D6E1C6A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xe:16.3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "32BA13F4-EF9C-4368-B8B1-9FD9FAF5CEFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xe:16.3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "13CB889F-B064-4CAC-99AC-903745ACA566",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xe:16.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "77E8AF15-AB46-4EAB-8872-8C55E8601599",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xe:16.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "957318BE-55D4-4585-AA52-C813301D01C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xe:16.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8F11B703-8A0F-47ED-AA70-951FF78B94A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xe:16.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FE7B2557-821D-4E05-B5C3-67192573D97D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xe:16.5.1a:*:*:*:*:*:*:*",
"matchCriteriaId": "5EE6EC32-51E4-43A3-BFB9-A0D842D08E87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xe:16.5.1b:*:*:*:*:*:*:*",
"matchCriteriaId": "187F699A-AF2F-42B0-B855-27413140C384",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xe:16.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7E0B905E-4D92-4FD6-B2FF-41FF1F59A948",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xe:16.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "62EDEC28-661E-42EF-88F0-F62D0220D2E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xe:16.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F821EBD7-91E2-4460-BFAF-18482CF6CB8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xe:16.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E36D2D24-8F63-46DE-AC5F-8DE33332EBC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xe:16.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C9B825E6-5929-4890-BDBA-4CF4BD2314C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xe:16.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "65020120-491D-46CD-8C73-974B6F4C11E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xe:16.6.4a:*:*:*:*:*:*:*",
"matchCriteriaId": "7ADDCD0A-6168-45A0-A885-76CC70FE2FC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xe:16.6.4s:*:*:*:*:*:*:*",
"matchCriteriaId": "3F35C623-6043-43A6-BBAA-478E185480CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xe:16.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D83E34F4-F4DD-49CC-9C95-93F9D4D26B42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xe:16.6.5a:*:*:*:*:*:*:*",
"matchCriteriaId": "D2833EAE-94C8-4279-A244-DDB6E2D15DC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xe:16.6.5b:*:*:*:*:*:*:*",
"matchCriteriaId": "4B688E46-5BAD-4DEC-8B13-B184B141B169",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xe:16.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "8C8F50DB-3A80-4D89-9F7B-86766D37338B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xe:16.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "DBFC70A2-87BC-4898-BCF3-57F7B1DD5F10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xe:16.6.7a:*:*:*:*:*:*:*",
"matchCriteriaId": "3F13F583-F645-4DF0-A075-B4F19D71D128",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xe:16.6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "CB8DA556-ABF3-48D0-95B8-E57DBE1B5A09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xe:16.6.9:*:*:*:*:*:*:*",
"matchCriteriaId": "01B53828-C520-4845-9C14-6C7D50EAA3A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xe:16.6.10:*:*:*:*:*:*:*",
"matchCriteriaId": "20F23DB7-6F8E-470A-9B43-0ACEEF331C38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xe:16.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "623BF701-ADC9-4F24-93C5-043A6A7FEF5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xe:16.7.1a:*:*:*:*:*:*:*",
"matchCriteriaId": "E5311FBE-12BF-41AC-B8C6-D86007834863",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xe:16.7.1b:*:*:*:*:*:*:*",
"matchCriteriaId": "52FB055E-72F9-4CB7-A51D-BF096BD1A55D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xe:16.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0FBD681F-7969-42BE-A47E-7C287755DCB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xe:16.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "98255E6F-3056-487D-9157-403836EFB9D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xe:16.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "521ACFB0-4FB2-44DB-AD7B-C27F9059DE66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xe:16.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "57D4F634-03D5-4D9F-901C-7E9CE45F2F38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xe:16.8.1a:*:*:*:*:*:*:*",
"matchCriteriaId": "4463A1D1-E169-4F0B-91B2-FA126BB444CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xe:16.8.1b:*:*:*:*:*:*:*",
"matchCriteriaId": "D97F69C3-CAA6-491C-A0B6-6DC12B5AB472",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xe:16.8.1c:*:*:*:*:*:*:*",
"matchCriteriaId": "CDD58C58-1B0C-4A71-8C02-F555CEF9C253",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xe:16.8.1d:*:*:*:*:*:*:*",
"matchCriteriaId": "96852D16-AF50-4C70-B125-D2349E6765D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xe:16.8.1e:*:*:*:*:*:*:*",
"matchCriteriaId": "A15B882A-BA60-4932-A55E-F4A798B30EEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xe:16.8.1s:*:*:*:*:*:*:*",
"matchCriteriaId": "5C9C585C-A6EC-4385-B915-046C110BF95F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xe:16.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5EC2EE60-4A07-4D92-B9BC-BF07CF4F2BE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xe:16.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "47DBE4ED-1CD8-4134-9B33-17A91F44F17B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xe:16.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "119A964D-ABC8-424D-8097-85B832A833BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xe:16.9.1a:*:*:*:*:*:*:*",
"matchCriteriaId": "0375BF9E-D04B-4E5B-9051-536806ECA44E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xe:16.9.1b:*:*:*:*:*:*:*",
"matchCriteriaId": "2266E5A2-B3F6-4389-B8E2-42CB845EC7F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xe:16.9.1c:*:*:*:*:*:*:*",
"matchCriteriaId": "012A6CF7-9104-4882-9C95-E6D4458AB778",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xe:16.9.1d:*:*:*:*:*:*:*",
"matchCriteriaId": "5AF5214D-9257-498F-A3EB-C4EC18E2FEB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xe:16.9.1s:*:*:*:*:*:*:*",
"matchCriteriaId": "78DE7780-4E8B-4BB6-BDEB-58032EC65851",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xe:16.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F29CEE37-4044-4A3C-9685-C9C021FD346A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xe:16.9.2a:*:*:*:*:*:*:*",
"matchCriteriaId": "3DC5BB06-100F-42C9-8CEB-CC47FD26DDF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xe:16.9.2s:*:*:*:*:*:*:*",
"matchCriteriaId": "5292764A-7D1C-4E04-86EF-809CB68EDD25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xe:16.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E1FDA817-3A50-4B9E-8F4E-F613BDB3E9EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xe:16.9.3a:*:*:*:*:*:*:*",
"matchCriteriaId": "1E16D266-108F-4F8A-998D-F1CA25F2EAAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xe:16.9.3h:*:*:*:*:*:*:*",
"matchCriteriaId": "F84AE35F-D016-4B8F-8FE2-C2ACB200DFED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xe:16.9.3s:*:*:*:*:*:*:*",
"matchCriteriaId": "41D55481-C80E-4400-9C3D-9F6B1F7F13CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xe:16.9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E4BF9829-F80E-4837-A420-39B291C4E17B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xe:16.9.4c:*:*:*:*:*:*:*",
"matchCriteriaId": "D07F9539-CFBE-46F7-9F5E-93A68169797D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xe:16.9.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F5AB80E7-0714-44ED-9671-12C877B36A1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xe:16.9.5f:*:*:*:*:*:*:*",
"matchCriteriaId": "10182B94-6831-461E-B0FC-9476EAB6EBEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xe:16.9.6:*:*:*:*:*:*:*",
"matchCriteriaId": "961F8312-31B9-44E7-8858-EF8E2134F447",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xe:16.9.7:*:*:*:*:*:*:*",
"matchCriteriaId": "3D62EE1B-9A59-406C-B7DF-91B495F3ECFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xe:16.9.8:*:*:*:*:*:*:*",
"matchCriteriaId": "79CF8D4E-F82A-469C-A8C2-0C203A800A05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xe:16.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DB6BD18B-B9BD-452F-986E-16A6668E46B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xe:16.10.1a:*:*:*:*:*:*:*",
"matchCriteriaId": "D136D2BC-FFB5-4912-A3B1-BD96148CB9A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xe:16.10.1b:*:*:*:*:*:*:*",
"matchCriteriaId": "A22256FE-431C-4AD9-9E7F-7EAC2D81B1B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xe:16.10.1c:*:*:*:*:*:*:*",
"matchCriteriaId": "5CD5B3AB-27C2-4055-A3B7-0112D089FDA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xe:16.10.1d:*:*:*:*:*:*:*",
"matchCriteriaId": "04081A51-E08F-4114-9276-584E836181D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xe:16.10.1e:*:*:*:*:*:*:*",
"matchCriteriaId": "ADED0D82-2A4D-4235-BFAC-5EE2D862B652",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xe:16.10.1f:*:*:*:*:*:*:*",
"matchCriteriaId": "62A46516-CEB7-48D4-879B-341963A1FA31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xe:16.10.1g:*:*:*:*:*:*:*",
"matchCriteriaId": "D6EF98FA-6DF9-4935-9639-143E08462BC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xe:16.10.1s:*:*:*:*:*:*:*",
"matchCriteriaId": "763664F5-E6CD-4936-B2F8-C5E2D5EA7BB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xe:16.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0A443E93-6C4B-4F86-BA7C-7C2A929E795A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xe:16.10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6ECEDD9D-6517-44BA-A95F-D1D5488C0E41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xe:16.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E91F8704-6DAD-474A-84EA-04E4AF7BB9B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xe:16.11.1a:*:*:*:*:*:*:*",
"matchCriteriaId": "314C7763-A64D-4023-9F3F-9A821AE4151F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xe:16.11.1b:*:*:*:*:*:*:*",
"matchCriteriaId": "5820D71D-FC93-45AA-BC58-A26A1A39C936",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xe:16.11.1c:*:*:*:*:*:*:*",
"matchCriteriaId": "FC1C85DD-69CC-4AA8-B219-651D57FC3506",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xe:16.11.1s:*:*:*:*:*:*:*",
"matchCriteriaId": "DB26AE0F-85D8-4EAB-B9BD-457DD81FF0FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xe:16.11.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B53E377A-0296-4D7A-B97C-576B0026543D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xe:16.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C98DED36-D4B5-48D6-964E-EEEE97936700",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xe:16.12.1a:*:*:*:*:*:*:*",
"matchCriteriaId": "CD98C9E8-3EA6-4160-970D-37C389576516",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xe:16.12.1c:*:*:*:*:*:*:*",
"matchCriteriaId": "C8BEFEDA-B01A-480B-B03D-7ED5D08E4B67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xe:16.12.1s:*:*:*:*:*:*:*",
"matchCriteriaId": "9027A528-2588-4C06-810B-5BB313FE4323",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xe:16.12.1t:*:*:*:*:*:*:*",
"matchCriteriaId": "7745ED34-D59D-49CC-B174-96BCA03B3374",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xe:16.12.1w:*:*:*:*:*:*:*",
"matchCriteriaId": "19AF4CF3-6E79-4EA3-974D-CD451A192BA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xe:16.12.1x:*:*:*:*:*:*:*",
"matchCriteriaId": "313BD54C-073C-4F27-82D5-C99EFC3A20F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xe:16.12.1y:*:*:*:*:*:*:*",
"matchCriteriaId": "93B96E01-3777-4C33-9225-577B469A6CE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xe:16.12.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E5019B59-508E-40B0-9C92-2C26F58E2FBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xe:16.12.2a:*:*:*:*:*:*:*",
"matchCriteriaId": "443D78BA-A3DA-4D1F-A4DF-2F426DC6B841",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xe:16.12.2s:*:*:*:*:*:*:*",
"matchCriteriaId": "1986DB1F-AD0A-42FE-8EC8-F18BA1AD4F99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xe:16.12.2t:*:*:*:*:*:*:*",
"matchCriteriaId": "3C6FB4DC-814D-49D2-BBE2-3861AE985A1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xe:16.12.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D5750264-2990-4942-85F4-DB9746C5CA2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xe:16.12.3a:*:*:*:*:*:*:*",
"matchCriteriaId": "02352FD8-2A7B-41BD-9E4A-F312ABFDF3EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xe:16.12.3s:*:*:*:*:*:*:*",
"matchCriteriaId": "B9173AD6-6658-4267-AAA7-D50D0B657528",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xe:16.12.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7F02EE9D-45B1-43D6-B05D-6FF19472216B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xe:16.12.4a:*:*:*:*:*:*:*",
"matchCriteriaId": "1C1DBBCD-4C5A-43BB-8FB0-6F1AF99ED0D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xe:16.12.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8FCB9440-F470-45D1-AAFA-01FB5D76B600",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xe:16.12.5a:*:*:*:*:*:*:*",
"matchCriteriaId": "3F66ECFE-B631-47AE-995F-024A4E586A85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xe:17.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E306B09C-CB48-4067-B60C-5F738555EEAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xe:17.1.1a:*:*:*:*:*:*:*",
"matchCriteriaId": "CD446C51-E713-4E46-8328-0A0477D140D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xe:17.1.1s:*:*:*:*:*:*:*",
"matchCriteriaId": "4FF0DD16-D76A-45EA-B01A-20C71AEFA3B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xe:17.1.1t:*:*:*:*:*:*:*",
"matchCriteriaId": "4BDD0CEC-4A19-438D-B2A1-8664A1D8F3C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xe:17.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "89369318-2E83-489F-B872-5F2E247BBF8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xe:17.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8B4D4659-A304-459F-8AB3-ED6D84B44C0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xe:17.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4B7EE7C7-D6C1-4C35-8C80-EAF3FC7E7EFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xe:17.2.1a:*:*:*:*:*:*:*",
"matchCriteriaId": "B51FA707-8DB1-4596-9122-D4BFEF17F400",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xe:17.2.1r:*:*:*:*:*:*:*",
"matchCriteriaId": "C04DF35A-1B6F-420A-8D84-74EB41BF3700",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xe:17.2.1v:*:*:*:*:*:*:*",
"matchCriteriaId": "211CC9B2-6108-4C50-AB31-DC527C43053E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xe:17.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "75CCB5F1-27F5-4FF9-8389-0A9ABCF7F070",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xe:17.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "08DCCBA3-82D2-4444-B5D3-E5FC58D024F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xe:17.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "128F95D7-E49F-4B36-8F47-823C0298449E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xe:17.3.1a:*:*:*:*:*:*:*",
"matchCriteriaId": "E21B3881-37E9-4C00-9336-12C9C28D1B61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xe:17.3.1w:*:*:*:*:*:*:*",
"matchCriteriaId": "E54599DB-A85E-4EEA-9985-2CBF90E28A08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xe:17.3.1x:*:*:*:*:*:*:*",
"matchCriteriaId": "4046C325-7EDB-4C95-AA98-541BEC8F9E0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xe:17.3.1z:*:*:*:*:*:*:*",
"matchCriteriaId": "E5B70A3D-CBE1-4218-A7B4-F85741A57BD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xe:17.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2B270A04-9961-4E99-806B-441CD674AFBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xe:17.3.2a:*:*:*:*:*:*:*",
"matchCriteriaId": "1360069D-0358-4746-8C3F-44C2A40988D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xe:17.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C5DD2403-113B-4100-8BD4-90E1927E6648",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xe:17.3.3a:*:*:*:*:*:*:*",
"matchCriteriaId": "A35FFA44-9A59-4C20-9D86-C40B68BD5F77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xe:17.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DAF73937-BCE2-4BEF-B4B0-83212DA4A6C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xe:17.3.4a:*:*:*:*:*:*:*",
"matchCriteriaId": "2DDB1E60-C2A9-4570-BE80-F3D478A53738",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xe:17.3.4b:*:*:*:*:*:*:*",
"matchCriteriaId": "9841799A-87E2-46AE-807A-824981EAB35A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xe:17.3.4c:*:*:*:*:*:*:*",
"matchCriteriaId": "0CEF022B-271F-4017-B74B-82748D5EBA01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xe:17.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5A6B707B-4543-41F1-83DF-49A93BF56FB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xe:17.4.1a:*:*:*:*:*:*:*",
"matchCriteriaId": "DC8F611B-D347-4A21-90E6-56CF4D8A35A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xe:17.4.1b:*:*:*:*:*:*:*",
"matchCriteriaId": "D9A92CE4-B4B0-4C14-AE11-8DFE511406F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xe:17.4.1c:*:*:*:*:*:*:*",
"matchCriteriaId": "298C82F9-79A6-4DB7-8432-8B3A6DA39620",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xe:17.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "274E3E6F-4280-4EAE-B102-1BE57FE1F1D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xe:17.4.2a:*:*:*:*:*:*:*",
"matchCriteriaId": "46B52A51-51DB-4A12-AB1D-8D9605226599",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xe:17.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "938B0720-8CA7-43BA-9708-5CE9EC7A565A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xe:17.5.1a:*:*:*:*:*:*:*",
"matchCriteriaId": "D4BE7166-DBD3-4CE6-A14A-725FE896B85E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xe:17.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4DE62C4B-7C06-4907-BADE-416C1618D2D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xe:17.6.1a:*:*:*:*:*:*:*",
"matchCriteriaId": "0C60DF3F-DBD9-4BBF-812E-4BB0C47BDF3C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:800m_integrated_services_router:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9E9F9D3C-8221-4C79-97A3-9FEA81DE977F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:807_industrial_integrated_services_router:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0EEA0369-B5B1-41FD-98EE-F7F4EAB9863D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:812_3g_integrated_services_router:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5A0EEEB5-8305-4A57-9904-D81551FB6A81",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:812_cifi_integrated_services_router:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E8D371C4-7034-4675-931D-E6A208FD901C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:819_hardened_dual_radio_802.11n_wifi_integrated_services_router:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FAF3EFC2-EF88-47E6-B174-7561A19FB543",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:819_hardened_integrated_services_router:-:*:*:*:*:*:*:*",
"matchCriteriaId": "30FCD835-282D-440A-833D-771F6EC7A93D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:829_industrial_integrated_services_router:-:*:*:*:*:*:*:*",
"matchCriteriaId": "398D63B0-F15B-409B-AFBC-DE6C94FAF815",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:860vae-w_integrated_services_router:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4C9C511D-7D5E-4758-A335-70019EBD9F8C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:861_integrated_services_router:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E109E908-78B9-44ED-8719-B057057C2185",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:861w_integrated_services_router:-:*:*:*:*:*:*:*",
"matchCriteriaId": "31F8D515-3D54-459F-8CE7-FFA91439C0D3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:866vae_integrated_services_router:-:*:*:*:*:*:*:*",
"matchCriteriaId": "510B60EF-AA4D-469F-8EEF-133F354DDF55",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:867_integrated_services_router:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EF7E6C9E-326B-42EF-86D4-4FB2C13E2BA4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:867vae_integrated_services_router:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8D562373-BD3F-4690-928F-9FE0325A3379",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:880-voice_integrated_services_router:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EB62165B-6CA9-4DD8-8A36-B658F61FF9EF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:880_3g_integrated_services_router:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8A2F1852-8ADC-42E0-8D05-961A733523D1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:881-cube_integrated_services_router:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DA5ACE25-8C18-49B0-AFFC-17CB30F61930",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:881_3g_integrated_services_router:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AB6E4CF5-D944-4281-94E5-72BC5437BC62",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:881_integrated_services_router:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CFB6E8CC-89B8-490A-BFCF-FA9D55543B21",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:881w_integrated_services_router:-:*:*:*:*:*:*:*",
"matchCriteriaId": "480629DC-DA23-4A9E-B90F-E8AB894C9353",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:886_integrated_services_router:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BCEBDDE6-0EA0-4C2B-9A04-87236312A269",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:886va-cube_integrated_services_router:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4D3EA60A-1BA9-43E8-AF81-914846C26CC1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:886va-w_integrated_services_router:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FA7C5306-B810-4036-A241-7178F48ABE8E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:886va_integrated_services_router:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5413C7E7-F55C-4158-ABDF-2D8844B96680",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:886vag_3g_integrated_services_router:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A6745ADF-DCE3-42C3-A548-F9E44AEE88CC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:887_integrated_services_router:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FEFD38B2-348F-4EF2-A9B7-40A9AA5FF511",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:887v_integrated_services_router:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A4F9EA2E-9EE7-4F68-9765-C78F85624F2D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:887va-cube_integrated_services_router:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1563AC8D-4E4D-4126-8C5D-84B449AAEF57",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:887va-w_integrated_services_router:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B3945CCD-E6F5-412D-9935-160BCD664B10",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:887va_integrated_services_router:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B0C23393-F7BB-4BA9-81A5-C298D84EBF0B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:887vag_3g_integrated_services_router:-:*:*:*:*:*:*:*",
"matchCriteriaId": "61B623C2-D81B-430B-9FD2-E2764EE94809",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:887vam-w_integrated_services_router:-:*:*:*:*:*:*:*",
"matchCriteriaId": "828E07F6-1E92-4990-AEBC-DBFE4B5B2DE4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:887vamg_3g_integrated_services_router:-:*:*:*:*:*:*:*",
"matchCriteriaId": "08B77C60-06E0-47FF-8CD4-35FE5C60FF95",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:888-cube_integrated_services_router:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7E97DA13-D485-42BE-A0E9-F40A0C823735",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:888_integrated_services_router:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E984A1EA-728A-4663-8494-1787AB5D93C1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:888e-cube_integrated_services_router:-:*:*:*:*:*:*:*",
"matchCriteriaId": "35D9B6C7-A707-41CD-953F-5773FB3F7685",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:888e_integrated_services_router:-:*:*:*:*:*:*:*",
"matchCriteriaId": "716E154A-5586-4F58-8203-EC8256E00BAD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:888eg_3g_integrated_services_router:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7CC0F79A-52CA-46A6-9C6A-0596718053E7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:888w_integrated_services_router:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8054E665-E4DA-4453-A34B-830B69D273A7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:891-24x_integrated_services_router:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BEA480B3-25E2-4B05-9F46-417B696789B4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:891_integrated_services_router:-:*:*:*:*:*:*:*",
"matchCriteriaId": "526558F9-C72D-4DDA-B0DF-CAF7B97E30C1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:891w_integrated_services_router:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B4B9D069-85C0-4299-BCAF-441A2D6227BF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:892_integrated_services_router:-:*:*:*:*:*:*:*",
"matchCriteriaId": "53AFBDFF-3D83-4685-82EE-A9EA4DC09241",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:892f-cube_integrated_services_router:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AB4AF464-B247-40CF-A2B5-1B278303418B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:892w_integrated_services_router:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D674C533-304A-42A4-97EE-1CA39908E888",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:cgr_1000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6D4F35B7-7A47-45B7-967C-AB749BE346AA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:cgr_1120:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1119E8B9-53A3-4724-9EEB-F4A35F9F59E1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:cgr_1240:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4089B3FB-EC0D-408D-A75E-942E23BECB72",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ic3000_industrial_compute_gateway:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0B1DEE8B-C9B3-4E45-BBBD-C3DF2A61C349",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ie-4000-16gt4g-e_industrial_ethernet_switch:-:*:*:*:*:*:*:*",
"matchCriteriaId": "45EC8751-C17A-4F75-B88A-5778E2496462",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ie-4000-16t4g-e_industrial_ethernet_switch:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0C52B1C4-A42A-42AC-ABB3-F2B289F47B8B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ie-4000-4gc4gp4g-e_industrial_ethernet_switch:-:*:*:*:*:*:*:*",
"matchCriteriaId": "19155C80-7068-4E3A-88EA-9F90C1B14ABC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ie-4000-4gs8gp4g-e_industrial_ethernet_switch:-:*:*:*:*:*:*:*",
"matchCriteriaId": "64234EBB-B47D-4B2A-A46D-2AA234E0ECC8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ie-4000-4s8p4g-e_industrial_ethernet_switch:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5C4975AA-722F-43AB-A762-88D5A00FC7EC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ie-4000-4t4p4g-e_industrial_ethernet_switch:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A76C5B3B-03FF-47C0-88B1-A5AB932D02DF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ie-4000-4tc4g-e_industrial_ethernet_switch:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BA64B716-2D79-4B4E-8007-C4575AA68E8B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ie-4000-8gs4g-e_industrial_ethernet_switch:-:*:*:*:*:*:*:*",
"matchCriteriaId": "763B3611-7EE1-455F-96C7-0A2E83D22AF1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ie-4000-8gt4g-e_industrial_ethernet_switch:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9F2D391F-27DE-48E6-9AA3-36A8C672A6AB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ie-4000-8gt8gp4g-e_industrial_ethernet_switch:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3DE4E5E0-F7E8-43BC-9AFC-159D6B2B4344",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ie-4000-8s4g-e_industrial_ethernet_switch:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0BBAC7B1-693D-40F8-90BB-6290E3DCD5A2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ie-4000-8t4g-e_industrial_ethernet_switch:-:*:*:*:*:*:*:*",
"matchCriteriaId": "43AF8063-E30D-411B-9CEC-25E336E5E4E4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ie-4010-16s12p_industrial_ethernet_switch:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3A359421-6CD3-43E0-94FC-20C76756C7EC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ie-4010-4s24p_industrial_ethernet_switch:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F0F9DF32-3E0B-47FA-912A-FCE948BA768E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ir510_wpan:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D29EAD2C-C9A3-4129-8C4F-1C0963826FA4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software. For more information about these vulnerabilities, see the Details section of this advisory."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades en el entorno de alojamiento de aplicaciones Cisco IOx en varias plataformas de Cisco podr\u00edan permitir a un atacante inyectar comandos arbitrarios en el sistema operativo anfitri\u00f3n subyacente, ejecutar c\u00f3digo arbitrario en el sistema operativo anfitri\u00f3n subyacente, instalar aplicaciones sin ser autenticado o conducir un ataque de tipo cross-site scripting (XSS) contra un usuario del software afectado. Para m\u00e1s informaci\u00f3n sobre estas vulnerabilidades, consulte la secci\u00f3n Details de este aviso"
}
],
"id": "CVE-2022-20725",
"lastModified": "2024-11-21T06:43:25.270",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 4.2,
"source": "ykramarz@cisco.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-04-15T15:15:13.510",
"references": [
{
"source": "ykramarz@cisco.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/orangecertcc/security-research/security/advisories/GHSA-q2v9-qpmg-4qc4"
},
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iox-yuXQ6hFj"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/orangecertcc/security-research/security/advisories/GHSA-q2v9-qpmg-4qc4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iox-yuXQ6hFj"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "ykramarz@cisco.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-09-24 18:15
Modified
2024-11-21 05:31
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
Summary
A vulnerability in the implementation of the Low Power, Wide Area (LPWA) subsystem of Cisco IOS Software for Cisco 800 Series Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) could allow an unauthenticated, remote attacker to gain unauthorized read access to sensitive data or cause a denial of service (DoS) condition. The vulnerability is due to a lack of input and validation checking mechanisms for virtual-LPWA (VLPWA) protocol modem messages. An attacker could exploit this vulnerability by supplying crafted packets to an affected device. A successful exploit could allow the attacker to gain unauthorized read access to sensitive data or cause the VLPWA interface of the affected device to shut down, resulting in DoS condition.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ios:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B6230A85-30D2-4934-A8A0-11499B7B09F8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:1120_connected_grid_router:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6835F8AD-B55D-4B57-B3B5-0095E309B2B3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:1240_connected_grid_router:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1AB6ACAE-8C89-48F6-95BA-DE32F4F81FE6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:807_industrial_integrated_services_router:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0EEA0369-B5B1-41FD-98EE-F7F4EAB9863D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:809_industrial_integrated_services_router:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EF4558F1-B87C-439F-AF8F-C19AACAB80E0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:829_industrial_integrated_services_router:-:*:*:*:*:*:*:*",
"matchCriteriaId": "398D63B0-F15B-409B-AFBC-DE6C94FAF815",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the implementation of the Low Power, Wide Area (LPWA) subsystem of Cisco IOS Software for Cisco 800 Series Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) could allow an unauthenticated, remote attacker to gain unauthorized read access to sensitive data or cause a denial of service (DoS) condition. The vulnerability is due to a lack of input and validation checking mechanisms for virtual-LPWA (VLPWA) protocol modem messages. An attacker could exploit this vulnerability by supplying crafted packets to an affected device. A successful exploit could allow the attacker to gain unauthorized read access to sensitive data or cause the VLPWA interface of the affected device to shut down, resulting in DoS condition."
},
{
"lang": "es",
"value": "Una vulnerabilidad en la implementaci\u00f3n del subsistema Low Power, Wide Area (LPWA) de Cisco IOS Software para Cisco 800 Series Industrial Integrated Services Routers (Industrial ISRs) y Cisco 1000 Series Connected Grid Routers (CGR1000), podr\u00eda permitir a un atacante remoto no autenticado conseguir acceso de lectura no autorizado a datos confidenciales o causar una condici\u00f3n de denegaci\u00f3n de servicio (DoS).\u0026#xa0;La vulnerabilidad es debido a la falta de mecanismos de comprobaci\u00f3n de entrada para mensajes de m\u00f3dem de protocolo virtual-LPWA (VLPWA).\u0026#xa0;Un atacante podr\u00eda explotar esta vulnerabilidad mediante el suministro de paquetes dise\u00f1ados hacia un dispositivo afectado.\u0026#xa0;Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir al atacante conseguir acceso de lectura no autorizado a datos confidenciales o hacer que la interfaz VLPWA del dispositivo afectado se apague, resultando una condici\u00f3n DoS."
}
],
"id": "CVE-2020-3426",
"lastModified": "2024-11-21T05:31:02.753",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "ykramarz@cisco.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-09-24T18:15:19.290",
"references": [
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-lpwa-access-cXsD7PRA"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-lpwa-access-cXsD7PRA"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "ykramarz@cisco.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-02-12 04:15
Modified
2024-11-21 07:40
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability in the Cisco IOx application hosting environment could allow an authenticated, remote attacker to execute arbitrary commands as root on the underlying host operating system. This vulnerability is due to incomplete sanitization of parameters that are passed in for activation of an application. An attacker could exploit this vulnerability by deploying and activating an application in the Cisco IOx application hosting environment with a crafted activation payload file. A successful exploit could allow the attacker to execute arbitrary commands as root on the underlying host operating system.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ic3000_industrial_compute_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C0123C40-42E9-4DA1-A333-1249D52FE05F",
"versionEndExcluding": "1.4.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:iox:-:*:*:*:*:*:*:*",
"matchCriteriaId": "41E74F18-C63E-4A10-99C2-51907E199BC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xe:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9F708D7F-6673-489E-9B2D-796AF552D7A2",
"versionEndExcluding": "17.6.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xe:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D9FC38B1-5F12-496F-8843-F119DB2D684C",
"versionEndExcluding": "17.9.2",
"versionStartIncluding": "17.9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios_xe:17.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FC868609-83CD-4FBA-A842-18CD4F07D8D4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:cgr1240_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F343CE69-D1C6-4CB3-97CF-AC480FA6802D",
"versionEndExcluding": "1.16.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:cgr1240:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D1FE609C-8021-48C8-AF15-F176D82A9B23",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:cgr1000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F17050EB-5D47-4287-A2E7-518A811157A7",
"versionEndExcluding": "1.16.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:cgr1000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3A7C73AA-7DBA-43BD-819B-1CA5228CFB0B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ir510_wpan_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF8D8F3-C04A-4A32-B7DF-7649506B83D1",
"versionEndExcluding": "1.10.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ir510_wpan:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D29EAD2C-C9A3-4129-8C4F-1C0963826FA4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:829_industrial_integrated_services_router_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "94A8B23B-89DC-4BD2-AC3B-E73169F42F6C",
"versionEndExcluding": "15.9\\(3\\)",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:829_industrial_integrated_services_router_firmware:15.9\\(3\\)m:*:*:*:*:*:*:*",
"matchCriteriaId": "C0E5C422-7131-49C5-B05C-11CDC97373BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:829_industrial_integrated_services_router_firmware:15.9\\(3\\)m1:*:*:*:*:*:*:*",
"matchCriteriaId": "313940F2-909D-4BAB-BC1C-CA9419F4E9A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:829_industrial_integrated_services_router_firmware:15.9\\(3\\)m2:*:*:*:*:*:*:*",
"matchCriteriaId": "887AA4F7-7A63-4FAF-89E9-B992FF8C0F46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:829_industrial_integrated_services_router_firmware:15.9\\(3\\)m2a:*:*:*:*:*:*:*",
"matchCriteriaId": "F1EEADC2-0938-48F8-8ED4-7A2643B6BAE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:829_industrial_integrated_services_router_firmware:15.9\\(3\\)m3:*:*:*:*:*:*:*",
"matchCriteriaId": "A79FD2A7-F49F-40CA-B721-AD222DD16CA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:829_industrial_integrated_services_router_firmware:15.9\\(3\\)m4:*:*:*:*:*:*:*",
"matchCriteriaId": "CE95BEF3-E236-4B08-A3C5-210A094AB41E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:829_industrial_integrated_services_router_firmware:15.9\\(3\\)m4a:*:*:*:*:*:*:*",
"matchCriteriaId": "4D097582-7C84-4899-93C4-B16692A41302",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:829_industrial_integrated_services_router_firmware:15.9\\(3\\)m5:*:*:*:*:*:*:*",
"matchCriteriaId": "86891B33-4B66-48C1-933B-75187404B129",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:829_industrial_integrated_services_router_firmware:15.9\\(3\\)m6a:*:*:*:*:*:*:*",
"matchCriteriaId": "372E3DB5-5296-4353-9A2B-0A8040F07BA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:829_industrial_integrated_services_router_firmware:15.9\\(3\\)m6b:*:*:*:*:*:*:*",
"matchCriteriaId": "20FCE500-AD08-40CE-8956-2997C9200B41",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:829_industrial_integrated_services_router:-:*:*:*:*:*:*:*",
"matchCriteriaId": "398D63B0-F15B-409B-AFBC-DE6C94FAF815",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:807_industrial_integrated_services_router_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8FB92E03-2956-4AC1-831F-152FCBA01092",
"versionEndExcluding": "15.9\\(3\\)",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:807_industrial_integrated_services_router_firmware:15.9\\(3\\)m:*:*:*:*:*:*:*",
"matchCriteriaId": "1FA00C2A-CFC0-498B-8EA7-989FA2B78A2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:807_industrial_integrated_services_router_firmware:15.9\\(3\\)m1:*:*:*:*:*:*:*",
"matchCriteriaId": "308D1626-255D-4266-B2E1-B6D34D7D8881",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:807_industrial_integrated_services_router_firmware:15.9\\(3\\)m2:*:*:*:*:*:*:*",
"matchCriteriaId": "FA3B170E-B248-4E9E-968B-A6320AAF3601",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:807_industrial_integrated_services_router_firmware:15.9\\(3\\)m2a:*:*:*:*:*:*:*",
"matchCriteriaId": "E20439B8-530E-4C49-AFBE-5AFAC95BA994",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:807_industrial_integrated_services_router_firmware:15.9\\(3\\)m3:*:*:*:*:*:*:*",
"matchCriteriaId": "BDA253BF-10DF-4819-A165-9E9049B14D74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:807_industrial_integrated_services_router_firmware:15.9\\(3\\)m4:*:*:*:*:*:*:*",
"matchCriteriaId": "4FA057DC-F9D9-4A96-9AAF-86303A4D21A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:807_industrial_integrated_services_router_firmware:15.9\\(3\\)m4a:*:*:*:*:*:*:*",
"matchCriteriaId": "7DF79F40-DA37-4A36-95BD-7FDD8D41783F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:807_industrial_integrated_services_router_firmware:15.9\\(3\\)m5:*:*:*:*:*:*:*",
"matchCriteriaId": "E0DB4FDC-3152-4144-A85B-920577D65BC5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:807_industrial_integrated_services_router_firmware:15.9\\(3\\)m6a:*:*:*:*:*:*:*",
"matchCriteriaId": "564BC14B-465D-4E3D-A37A-15ED0AE65AA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:807_industrial_integrated_services_router_firmware:15.9\\(3\\)m6b:*:*:*:*:*:*:*",
"matchCriteriaId": "5612E330-FA91-4DA5-9D74-4E262769E388",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:807_industrial_integrated_services_router:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0EEA0369-B5B1-41FD-98EE-F7F4EAB9863D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:809_industrial_integrated_services_router_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FF306339-36B4-4549-8C8D-C7530C575D9B",
"versionEndExcluding": "15.9\\(3\\)",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:809_industrial_integrated_services_router_firmware:15.9\\(3\\)m:*:*:*:*:*:*:*",
"matchCriteriaId": "AA50E936-DFBC-4B6A-9AE3-763CBD2EA2CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:809_industrial_integrated_services_router_firmware:15.9\\(3\\)m1:*:*:*:*:*:*:*",
"matchCriteriaId": "D8088D28-AA6B-4CA8-B120-9993D0C8035F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:809_industrial_integrated_services_router_firmware:15.9\\(3\\)m2:*:*:*:*:*:*:*",
"matchCriteriaId": "73D568BB-6646-4366-8D8F-87B829AC018F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:809_industrial_integrated_services_router_firmware:15.9\\(3\\)m2a:*:*:*:*:*:*:*",
"matchCriteriaId": "352566DD-EF2B-49A0-9CFF-3C67152DE403",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:809_industrial_integrated_services_router_firmware:15.9\\(3\\)m3:*:*:*:*:*:*:*",
"matchCriteriaId": "18E645F0-179C-43F4-9B12-2485B3C1924C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:809_industrial_integrated_services_router_firmware:15.9\\(3\\)m4:*:*:*:*:*:*:*",
"matchCriteriaId": "A0C1A3AB-E91B-4A59-8E49-C7E722A97F38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:809_industrial_integrated_services_router_firmware:15.9\\(3\\)m4a:*:*:*:*:*:*:*",
"matchCriteriaId": "E5D4FD9E-A505-4819-B57D-458A24C7E0AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:809_industrial_integrated_services_router_firmware:15.9\\(3\\)m5:*:*:*:*:*:*:*",
"matchCriteriaId": "A299F13E-02DD-490E-96F7-02BF7B21A46D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:809_industrial_integrated_services_router_firmware:15.9\\(3\\)m6a:*:*:*:*:*:*:*",
"matchCriteriaId": "ACD17542-1D24-4D1B-A123-B773BA66326E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:809_industrial_integrated_services_router_firmware:15.9\\(3\\)m6b:*:*:*:*:*:*:*",
"matchCriteriaId": "0D5F1604-4189-4585-8E94-0BD1F02A125C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:809_industrial_integrated_services_router:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EF4558F1-B87C-439F-AF8F-C19AACAB80E0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Cisco IOx application hosting environment could allow an authenticated, remote attacker to execute arbitrary commands as root on the underlying host operating system. This vulnerability is due to incomplete sanitization of parameters that are passed in for activation of an application. An attacker could exploit this vulnerability by deploying and activating an application in the Cisco IOx application hosting environment with a crafted activation payload file. A successful exploit could allow the attacker to execute arbitrary commands as root on the underlying host operating system."
}
],
"id": "CVE-2023-20076",
"lastModified": "2024-11-21T07:40:29.813",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "ykramarz@cisco.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-02-12T04:15:19.287",
"references": [
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iox-8whGn5dL"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iox-8whGn5dL"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-233"
}
],
"source": "ykramarz@cisco.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2022-20725
Vulnerability from cvelistv5
Published
2022-04-15 14:21
Modified
2024-11-06 16:23
Severity ?
EPSS score ?
Summary
Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software. For more information about these vulnerabilities, see the Details section of this advisory.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iox-yuXQ6hFj | vendor-advisory, x_refsource_CISCO | |
| https://github.com/orangecertcc/security-research/security/advisories/GHSA-q2v9-qpmg-4qc4 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T02:24:49.219Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20220413 Cisco IOx Application Hosting Environment Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iox-yuXQ6hFj"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/orangecertcc/security-research/security/advisories/GHSA-q2v9-qpmg-4qc4"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-20725",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-06T15:58:50.327949Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-06T16:23:50.620Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco IOS",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2022-04-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software. For more information about these vulnerabilities, see the Details section of this advisory."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-20T19:19:20",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20220413 Cisco IOx Application Hosting Environment Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iox-yuXQ6hFj"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/orangecertcc/security-research/security/advisories/GHSA-q2v9-qpmg-4qc4"
}
],
"source": {
"advisory": "cisco-sa-iox-yuXQ6hFj",
"defect": [
[
"CSCvx27640",
"CSCvy16608",
"CSCvy30903",
"CSCvy30957",
"CSCvy35913",
"CSCvy35914",
"CSCvy86583",
"CSCvy86598",
"CSCvy86602",
"CSCvy86603",
"CSCvy86604",
"CSCvy86608"
]
],
"discovery": "INTERNAL"
},
"title": "Cisco IOx Application Hosting Environment Vulnerabilities",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2022-04-13T16:00:00",
"ID": "CVE-2022-20725",
"STATE": "PUBLIC",
"TITLE": "Cisco IOx Application Hosting Environment Vulnerabilities"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco IOS",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software. For more information about these vulnerabilities, see the Details section of this advisory."
}
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"impact": {
"cvss": {
"baseScore": "5.5",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20220413 Cisco IOx Application Hosting Environment Vulnerabilities",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iox-yuXQ6hFj"
},
{
"name": "https://github.com/orangecertcc/security-research/security/advisories/GHSA-q2v9-qpmg-4qc4",
"refsource": "MISC",
"url": "https://github.com/orangecertcc/security-research/security/advisories/GHSA-q2v9-qpmg-4qc4"
}
]
},
"source": {
"advisory": "cisco-sa-iox-yuXQ6hFj",
"defect": [
[
"CSCvx27640",
"CSCvy16608",
"CSCvy30903",
"CSCvy30957",
"CSCvy35913",
"CSCvy35914",
"CSCvy86583",
"CSCvy86598",
"CSCvy86602",
"CSCvy86603",
"CSCvy86604",
"CSCvy86608"
]
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2022-20725",
"datePublished": "2022-04-15T14:21:02.732370Z",
"dateReserved": "2021-11-02T00:00:00",
"dateUpdated": "2024-11-06T16:23:50.620Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-3426
Vulnerability from cvelistv5
Published
2020-09-24 18:01
Modified
2024-11-13 17:56
Severity ?
EPSS score ?
Summary
A vulnerability in the implementation of the Low Power, Wide Area (LPWA) subsystem of Cisco IOS Software for Cisco 800 Series Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) could allow an unauthenticated, remote attacker to gain unauthorized read access to sensitive data or cause a denial of service (DoS) condition. The vulnerability is due to a lack of input and validation checking mechanisms for virtual-LPWA (VLPWA) protocol modem messages. An attacker could exploit this vulnerability by supplying crafted packets to an affected device. A successful exploit could allow the attacker to gain unauthorized read access to sensitive data or cause the VLPWA interface of the affected device to shut down, resulting in DoS condition.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-lpwa-access-cXsD7PRA | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Cisco | Cisco IOS 15.2(6)E4 |
Version: n/a |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T07:30:58.415Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20200924 Cisco IOS Software for Cisco Industrial Routers Virtual-LPWA Unauthorized Access Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-lpwa-access-cXsD7PRA"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-3426",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-13T17:12:43.554572Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-13T17:56:53.388Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco IOS 15.2(6)E4",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2020-09-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the implementation of the Low Power, Wide Area (LPWA) subsystem of Cisco IOS Software for Cisco 800 Series Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) could allow an unauthenticated, remote attacker to gain unauthorized read access to sensitive data or cause a denial of service (DoS) condition. The vulnerability is due to a lack of input and validation checking mechanisms for virtual-LPWA (VLPWA) protocol modem messages. An attacker could exploit this vulnerability by supplying crafted packets to an affected device. A successful exploit could allow the attacker to gain unauthorized read access to sensitive data or cause the VLPWA interface of the affected device to shut down, resulting in DoS condition."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-264",
"description": "CWE-264",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-24T18:01:14",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20200924 Cisco IOS Software for Cisco Industrial Routers Virtual-LPWA Unauthorized Access Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-lpwa-access-cXsD7PRA"
}
],
"source": {
"advisory": "cisco-sa-ios-lpwa-access-cXsD7PRA",
"defect": [
[
"CSCvr53526"
]
],
"discovery": "INTERNAL"
},
"title": "Cisco IOS Software for Cisco Industrial Routers Virtual-LPWA Unauthorized Access Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2020-09-24T16:00:00",
"ID": "CVE-2020-3426",
"STATE": "PUBLIC",
"TITLE": "Cisco IOS Software for Cisco Industrial Routers Virtual-LPWA Unauthorized Access Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco IOS 15.2(6)E4",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the implementation of the Low Power, Wide Area (LPWA) subsystem of Cisco IOS Software for Cisco 800 Series Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) could allow an unauthenticated, remote attacker to gain unauthorized read access to sensitive data or cause a denial of service (DoS) condition. The vulnerability is due to a lack of input and validation checking mechanisms for virtual-LPWA (VLPWA) protocol modem messages. An attacker could exploit this vulnerability by supplying crafted packets to an affected device. A successful exploit could allow the attacker to gain unauthorized read access to sensitive data or cause the VLPWA interface of the affected device to shut down, resulting in DoS condition."
}
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": {
"baseScore": "7.5",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-264"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20200924 Cisco IOS Software for Cisco Industrial Routers Virtual-LPWA Unauthorized Access Vulnerability",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-lpwa-access-cXsD7PRA"
}
]
},
"source": {
"advisory": "cisco-sa-ios-lpwa-access-cXsD7PRA",
"defect": [
[
"CSCvr53526"
]
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2020-3426",
"datePublished": "2020-09-24T18:01:14.219272Z",
"dateReserved": "2019-12-12T00:00:00",
"dateUpdated": "2024-11-13T17:56:53.388Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-20076
Vulnerability from cvelistv5
Published
2023-02-12 00:00
Modified
2024-10-28 16:34
Severity ?
EPSS score ?
Summary
A vulnerability in the Cisco IOx application hosting environment could allow an authenticated, remote attacker to execute arbitrary commands as root on the underlying host operating system. This vulnerability is due to incomplete sanitization of parameters that are passed in for activation of an application. An attacker could exploit this vulnerability by deploying and activating an application in the Cisco IOx application hosting environment with a crafted activation payload file. A successful exploit could allow the attacker to execute arbitrary commands as root on the underlying host operating system.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:57:35.567Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20230201 Cisco IOx Application Hosting Environment Command Injection Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iox-8whGn5dL"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-20076",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-28T16:19:27.545112Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-28T16:34:17.566Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco IOS ",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2023-02-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Cisco IOx application hosting environment could allow an authenticated, remote attacker to execute arbitrary commands as root on the underlying host operating system. This vulnerability is due to incomplete sanitization of parameters that are passed in for activation of an application. An attacker could exploit this vulnerability by deploying and activating an application in the Cisco IOx application hosting environment with a crafted activation payload file. A successful exploit could allow the attacker to execute arbitrary commands as root on the underlying host operating system."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that is described in this advisory. "
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-233",
"description": "CWE-233",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-05T00:00:00",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20230201 Cisco IOx Application Hosting Environment Command Injection Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iox-8whGn5dL"
}
],
"source": {
"advisory": "cisco-sa-iox-8whGn5dL",
"defect": [
[
"CSCwc66882"
]
],
"discovery": "INTERNAL"
},
"title": "Cisco IOx Application Hosting Environment Command Injection Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2023-20076",
"datePublished": "2023-02-12T00:00:00",
"dateReserved": "2022-10-27T00:00:00",
"dateUpdated": "2024-10-28T16:34:17.566Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}