FKIE_CVE-2022-20865

Vulnerability from fkie_nvd - Published: 2022-08-25 19:15 - Updated: 2024-11-21 06:43
Severity ?
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The attacker would need to have Administrator privileges on the device. This vulnerability is due to insufficient input validation of commands supplied by the user. An attacker could exploit this vulnerability by authenticating to a device and submitting crafted input to the affected command. A successful exploit could allow the attacker to execute commands on the underlying operating system with root privileges.
References
psirt@cisco.comhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fxos-cmdinj-TxcLNZNHVendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fxos-cmdinj-TxcLNZNHVendor Advisory
Impacted products
Vendor Product Version
cisco firepower_4110_firmware -
cisco firepower_4110 -
cisco firepower_4112_firmware -
cisco firepower_4112 -
cisco firepower_4115_firmware -
cisco firepower_4115 -
cisco firepower_4120_firmware -
cisco firepower_4120 -
cisco firepower_4125_firmware -
cisco firepower_4125 -
cisco firepower_4140_firmware -
cisco firepower_4140 -
cisco firepower_4145_firmware -
cisco firepower_4145 -
cisco firepower_4150_firmware -
cisco firepower_4150 -
cisco firepower_9300_sm-40_firmware -
cisco firepower_9300_sm-40 -
cisco firepower_9300_sm-48_firmware -
cisco firepower_9300_sm-48 -
cisco firepower_9300_sm-56_firmware -
cisco firepower_9300_sm-56 -
cisco firepower_9300_sm-56_x_3_firmware -
cisco firepower_9300_sm-56_x_3 -
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:firepower_4110_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6417E0C-87B6-4C3B-B8A5-FC1C232E188E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:firepower_4110:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A0CBC7F5-7767-43B6-9384-BE143FCDBD7F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:firepower_4112_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8848D88-7FE6-43C7-804A-0C4CD3914E8D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:firepower_4112:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "957D64EB-D60E-4775-B9A8-B21CA48ED3B1",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:firepower_4115_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E47E6035-3C82-4540-A582-0F6A3205AC8D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:firepower_4115:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A694AD51-9008-4AE6-8240-98B17AB527EE",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:firepower_4120_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C24A01DF-056B-456B-ACC7-D5C2940996B3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:firepower_4120:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "38AE6DC0-2B03-4D36-9856-42530312CC46",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:firepower_4125_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7F8C83C-935A-46A6-882F-0622E92568AC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:firepower_4125:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "71DCEF22-ED20-4330-8502-EC2DD4C9838F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:firepower_4140_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "24679CC8-00D9-4DD7-A47B-F8DEB7E2A735",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:firepower_4140:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3DB2822B-B752-4CD9-A178-934957E306B4",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:firepower_4145_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "265955A5-3285-4697-8E37-4D8F75C05E41",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:firepower_4145:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "81F4868A-6D62-479C-9C19-F9AABDBB6B24",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:firepower_4150_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "769776E9-4463-4F32-88FE-FA69C96D2070",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:firepower_4150:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "65378F3A-777C-4AE2-87FB-1E7402F9EA1B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:firepower_9300_sm-40_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D298677-4811-4B59-9BB5-EC4238C2D34D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:firepower_9300_sm-40:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C13CF29B-9308-452B-B7E0-9E818B5A6C1E",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:firepower_9300_sm-48_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7EDE0F62-6A72-4C31-92B4-C05076FED460",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:firepower_9300_sm-48:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "421D91C3-8AB3-45E1-9E55-13ED1A4A623E",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:firepower_9300_sm-56_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3168126C-C51A-4529-9186-54E107C722C2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:firepower_9300_sm-56:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D741945-8B0A-408D-A5FE-D5B38DC6D46A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:firepower_9300_sm-56_x_3_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7341633B-2D7F-42E4-A07E-41E19FB2D682",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:firepower_9300_sm-56_x_3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9308CA67-E949-4338-A890-22B3C4428D70",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The attacker would need to have Administrator privileges on the device. This vulnerability is due to insufficient input validation of commands supplied by the user. An attacker could exploit this vulnerability by authenticating to a device and submitting crafted input to the affected command. A successful exploit could allow the attacker to execute commands on the underlying operating system with root privileges."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en la CLI del software Cisco FXOS podr\u00eda permitir a un atacante local autenticado inyectar comandos arbitrarios que son ejecutados con privilegios de root. El atacante necesitar\u00eda tener privilegios de administrador en el dispositivo. Esta vulnerabilidad es debido a una comprobaci\u00f3n de entrada insuficiente de los comandos suministrados por el usuario. Un atacante podr\u00eda explotar esta vulnerabilidad al autenticarse en un dispositivo y enviando una entrada dise\u00f1ada para el comando afectado. Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir al atacante ejecutar comandos en el sistema operativo subyacente con privilegios de root."
    }
  ],
  "id": "CVE-2022-20865",
  "lastModified": "2024-11-21T06:43:42.747",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 6.7,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 0.8,
        "impactScore": 5.9,
        "source": "psirt@cisco.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 6.7,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 0.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-08-25T19:15:08.273",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fxos-cmdinj-TxcLNZNH"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fxos-cmdinj-TxcLNZNH"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-78"
        }
      ],
      "source": "psirt@cisco.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-78"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.