All the vulnerabilites related to cisco - 8800
cve-2022-20677
Vulnerability from cvelistv5
Published
2022-04-15 14:16
Modified
2024-11-06 16:25
Severity ?
EPSS score ?
Summary
Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software. For more information about these vulnerabilities, see the Details section of this advisory.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iox-yuXQ6hFj | vendor-advisory, x_refsource_CISCO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T02:17:52.949Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20220413 Cisco IOx Application Hosting Environment Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iox-yuXQ6hFj"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-20677",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-06T15:58:59.031676Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-06T16:25:32.069Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco IOS",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2022-04-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software. For more information about these vulnerabilities, see the Details section of this advisory."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-15T14:16:46",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20220413 Cisco IOx Application Hosting Environment Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iox-yuXQ6hFj"
}
],
"source": {
"advisory": "cisco-sa-iox-yuXQ6hFj",
"defect": [
[
"CSCvx27640",
"CSCvy16608",
"CSCvy30903",
"CSCvy30957",
"CSCvy35913",
"CSCvy35914",
"CSCvy86583",
"CSCvy86598",
"CSCvy86602",
"CSCvy86603",
"CSCvy86604",
"CSCvy86608"
]
],
"discovery": "INTERNAL"
},
"title": "Cisco IOx Application Hosting Environment Vulnerabilities",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2022-04-13T16:00:00",
"ID": "CVE-2022-20677",
"STATE": "PUBLIC",
"TITLE": "Cisco IOx Application Hosting Environment Vulnerabilities"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco IOS",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software. For more information about these vulnerabilities, see the Details section of this advisory."
}
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"impact": {
"cvss": {
"baseScore": "5.5",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20220413 Cisco IOx Application Hosting Environment Vulnerabilities",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iox-yuXQ6hFj"
}
]
},
"source": {
"advisory": "cisco-sa-iox-yuXQ6hFj",
"defect": [
[
"CSCvx27640",
"CSCvy16608",
"CSCvy30903",
"CSCvy30957",
"CSCvy35913",
"CSCvy35914",
"CSCvy86583",
"CSCvy86598",
"CSCvy86602",
"CSCvy86603",
"CSCvy86604",
"CSCvy86608"
]
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2022-20677",
"datePublished": "2022-04-15T14:16:46.734986Z",
"dateReserved": "2021-11-02T00:00:00",
"dateUpdated": "2024-11-06T16:25:32.069Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2022-04-15 15:15
Modified
2024-11-21 06:43
Severity ?
5.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:N
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software. For more information about these vulnerabilities, see the Details section of this advisory.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ios:17.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "25FA8E21-9A5D-494C-92BF-42F1F4D2DCAA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:1100-4g_integrated_services_router:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0F77CD6A-83DA-4F31-A128-AD6DAECD623B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:1100-6g_integrated_services_router:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2B68B363-3C57-4E95-8B13-0F9B59D551F7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:1101_integrated_services_router:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5EB8A757-7888-4AC2-BE44-B89DB83C6C77",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:1109_integrated_services_router:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B80890A8-E3D3-462C-B125-9E9BC6525B02",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:1111x_integrated_services_router:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0547E196-5991-4C33-823A-342542E9DFD3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:111x_integrated_services_router:-:*:*:*:*:*:*:*",
"matchCriteriaId": "802CBFC1-8A2F-4BF7-A1D3-00622C33BE16",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:1120_integrated_services_router:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7AFE0FC1-EEBC-42F0-88B0-4AF5B76DDD97",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:1131_integrated_services_router:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F3F374DC-B9F7-4515-A064-01BB436CA984",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:1160_integrated_services_router:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D916389F-54DB-44CB-91DD-7CE3C7059350",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:4221_integrated_services_router:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6C8AED7C-DDA3-4C29-BB95-6518C02C551A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8101-32fh:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E055F58F-F9FB-4B27-841E-61ECAB5F42B8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8101-32h:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2B832863-E366-46ED-BC35-838762F0CE29",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8102-64h:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A3C3DDAC-7D0F-4D1D-9632-F001F2EB5D34",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8201:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3D8E7FFF-82A8-4ECB-BA0C-CBF0C2FDA3A3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8201-32fh:-:*:*:*:*:*:*:*",
"matchCriteriaId": "528BE0D3-E5ED-4836-B0D8-0C8508C5BDD7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8202:-:*:*:*:*:*:*:*",
"matchCriteriaId": "87DC4C2F-01C5-4D89-8D79-E5D28EDAD0F2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:8800:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E899BDC3-03A0-4ED7-8C36-7BC247A344A8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_1001-x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "09C913FF-63D5-43FB-8B39-598EF436BA5A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_1002-hx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CD2794BD-C8CE-46EF-9857-1723FCF04E46",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_1006-x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DE7401B7-094C-46EB-9869-2F0372E8B26B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_1009-x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8D8A72FD-D8B0-45B5-8FAD-6D8395BB218A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_900:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EA873342-542E-4FC8-9C22-B5A43F9F3E9D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9000v-v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DB91BE23-C710-473F-8E43-0E0DE760F8AD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9001:-:*:*:*:*:*:*:*",
"matchCriteriaId": "324C97E6-1810-404F-9F45-6240F99FF039",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9006:-:*:*:*:*:*:*:*",
"matchCriteriaId": "57EB55BB-41B7-40A1-B6F5-142FE8AB4C16",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9010:-:*:*:*:*:*:*:*",
"matchCriteriaId": "433F4A82-04A4-4EAA-8C19-F7581DCD8D29",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9901:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2D5E60AB-94FF-448A-89D8-5D2197E21C74",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9902:-:*:*:*:*:*:*:*",
"matchCriteriaId": "91474DBC-FB31-4DDF-96C5-311FA1D53A74",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9903:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FA241214-2F05-4360-9B50-385355E29CF4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9904:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A93212A4-50AB-42E7-89A4-5FBBAEA050C3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9906:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EDA53A61-98B3-458C-8893-61CD7D6B1E48",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9910:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F396564E-B477-4A27-A189-CEB737552E25",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9912:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5445CC54-ACFB-4070-AF26-F91FEAA85181",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:asr_9922:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D7AA58E5-D7E1-48CF-93FF-C60EB85B2BC7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:catalyst_3650:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7814FA61-CAF1-46DE-9D84-CEBE6480EA03",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:catalyst_3850:-:*:*:*:*:*:*:*",
"matchCriteriaId": "005F5347-A5E6-4954-ACAB-E4DF29119724",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:catalyst_8200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EE9EABE0-5FB0-4277-A389-87732E750B7C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:catalyst_8300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "72BBF8E8-7AD9-46B8-8B02-F0DB1F95E1CD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:catalyst_8500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7A82CE19-C3C4-4FAD-A1B3-AB91EDB61591",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:catalyst_8500l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "04AB61E9-0148-495E-BD21-64D52DE60A6C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:catalyst_9200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FC4A5C56-0D08-4423-AEBD-33EDF172FCF9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:catalyst_9300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0972076B-5C87-44B3-90EC-4C200B89318A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:catalyst_9400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "737F22AB-C5A9-4A18-BA3D-38A222491397",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:catalyst_9500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "176ACF88-6112-4179-8492-50C50577B300",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:catalyst_9500h:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D07FC868-0B38-4F24-BA40-87966FF80AB7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:catalyst_9600:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C19A801D-02D7-40B0-88E8-FE7BA8630E60",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:catalyst_9800:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A48E6CF0-7A3B-4D11-8D02-0CD38F2420E9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:catalyst_9800-40:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1B9ED0E5-CB20-4106-9CF2-8EB587B33543",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:catalyst_9800-80:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2B0E620C-8E09-4F7C-A326-26013173B993",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:catalyst_9800-cl:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FF93F1C8-669F-4ECB-8D81-ECDA7B550175",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:catalyst_9800-l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2E0BA345-B7D7-4975-9199-4DC7875BBFD0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:catalyst_cg418-e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "25CE5302-0BA9-4155-A68B-3CD735F64A9F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:catalyst_cg522-e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "405B9D5D-09E9-48D9-A164-04A6DCE41482",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:catalyst_ess9300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9A80AB4A-A121-4777-BD99-62D658A3DE22",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:catalyst_ie3200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EACA55A5-4E73-4187-96BE-08E04F2C7659",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:catalyst_ie3300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8E31CB8F-60FF-4D03-BE8C-824ECE967797",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:catalyst_ie3400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9A8E319D-5AE5-4074-9DAF-4B65F3B3CEE5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:catalyst_ie9300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8DF0025D-8DE1-437D-9A4E-72C3AC6B46CD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:cloud_services_router_1000v:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4CCB8270-A01D-40A6-BF4B-26BAF65E68F3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:esr3300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D07773DC-24E0-4651-A98B-9CD54419F4D1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:esr6300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "44D19136-4ECB-437F-BA8A-E2FE35A39BF9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software. For more information about these vulnerabilities, see the Details section of this advisory."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades en el entorno de alojamiento de aplicaciones Cisco IOx en varias plataformas de Cisco podr\u00edan permitir a un atacante inyectar comandos arbitrarios en el sistema operativo del host subyacente, ejecutar c\u00f3digo arbitrario en el sistema operativo del host subyacente, instalar aplicaciones sin estar autenticado o conducir un ataque de tipo cross-site scripting (XSS) contra un usuario del software afectado. Para m\u00e1s informaci\u00f3n sobre estas vulnerabilidades, consulte la secci\u00f3n Details de este aviso"
}
],
"id": "CVE-2022-20677",
"lastModified": "2024-11-21T06:43:17.923",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 4.2,
"source": "ykramarz@cisco.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-04-15T15:15:12.413",
"references": [
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iox-yuXQ6hFj"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iox-yuXQ6hFj"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "ykramarz@cisco.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-326"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}