gsd-2022-20718
Vulnerability from gsd
Modified
2023-12-13 01:19
Details
Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software. For more information about these vulnerabilities, see the Details section of this advisory.
Aliases
Aliases



{
  "GSD": {
    "alias": "CVE-2022-20718",
    "description": "Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software. For more information about these vulnerabilities, see the Details section of this advisory.",
    "id": "GSD-2022-20718"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2022-20718"
      ],
      "details": "Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software. For more information about these vulnerabilities, see the Details section of this advisory.",
      "id": "GSD-2022-20718",
      "modified": "2023-12-13T01:19:16.661038Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@cisco.com",
        "DATE_PUBLIC": "2022-04-13T16:00:00",
        "ID": "CVE-2022-20718",
        "STATE": "PUBLIC",
        "TITLE": "Cisco IOx Application Hosting Environment Vulnerabilities"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Cisco IOS ",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Cisco"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software. For more information about these vulnerabilities, see the Details section of this advisory."
          }
        ]
      },
      "exploit": [
        {
          "lang": "eng",
          "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory. "
        }
      ],
      "impact": {
        "cvss": {
          "baseScore": "5.5",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:N ",
          "version": "3.0"
        }
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-22"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "20220413 Cisco IOx Application Hosting Environment Vulnerabilities",
            "refsource": "CISCO",
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iox-yuXQ6hFj"
          },
          {
            "name": "https://github.com/orangecertcc/security-research/security/advisories/GHSA-px2c-q384-5wxc",
            "refsource": "MISC",
            "url": "https://github.com/orangecertcc/security-research/security/advisories/GHSA-px2c-q384-5wxc"
          }
        ]
      },
      "source": {
        "advisory": "cisco-sa-iox-yuXQ6hFj",
        "defect": [
          [
            "CSCvx27640",
            "CSCvy16608",
            "CSCvy30903",
            "CSCvy30957",
            "CSCvy35913",
            "CSCvy35914",
            "CSCvy86583",
            "CSCvy86598",
            "CSCvy86602",
            "CSCvy86603",
            "CSCvy86604",
            "CSCvy86608"
          ]
        ],
        "discovery": "INTERNAL"
      }
    },
    "nvd.nist.gov": {
      "cve": {
        "configurations": [
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:o:cisco:ios_xe:16.3.1:*:*:*:*:*:*:*",
                    "matchCriteriaId": "296636F1-9242-429B-8472-90352C056106",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:cisco:ios_xe:16.3.1a:*:*:*:*:*:*:*",
                    "matchCriteriaId": "77993343-0394-413F-ABF9-C1215E9AD800",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:cisco:ios_xe:16.3.2:*:*:*:*:*:*:*",
                    "matchCriteriaId": "283971DD-DD58-4A76-AC2A-F316534ED416",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:cisco:ios_xe:16.3.3:*:*:*:*:*:*:*",
                    "matchCriteriaId": "A8F324A5-4830-482E-A684-AB3B6594CEAE",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:cisco:ios_xe:16.3.4:*:*:*:*:*:*:*",
                    "matchCriteriaId": "E8120196-8648-49D0-8262-CD4C9C90C37A",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:cisco:ios_xe:16.3.5:*:*:*:*:*:*:*",
                    "matchCriteriaId": "33E7CCE2-C685-4019-9B55-B3BECB3E5F76",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:cisco:ios_xe:16.3.5b:*:*:*:*:*:*:*",
                    "matchCriteriaId": "0699DD6E-BA74-4814-93AB-300329C9D032",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:cisco:ios_xe:16.3.6:*:*:*:*:*:*:*",
                    "matchCriteriaId": "C2E2D781-2684-45F1-AC52-636572A0DCA8",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:cisco:ios_xe:16.3.7:*:*:*:*:*:*:*",
                    "matchCriteriaId": "479FB47B-AF2E-4FCB-8DE0-400BF325666C",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:cisco:ios_xe:16.3.8:*:*:*:*:*:*:*",
                    "matchCriteriaId": "DF2B4C78-5C31-4F3D-9639-305E15576E79",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:cisco:ios_xe:16.3.9:*:*:*:*:*:*:*",
                    "matchCriteriaId": "2C09F0A2-B21F-40ED-A6A8-9A29D6E1C6A8",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:cisco:ios_xe:16.3.10:*:*:*:*:*:*:*",
                    "matchCriteriaId": "32BA13F4-EF9C-4368-B8B1-9FD9FAF5CEFF",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:cisco:ios_xe:16.3.11:*:*:*:*:*:*:*",
                    "matchCriteriaId": "13CB889F-B064-4CAC-99AC-903745ACA566",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:cisco:ios_xe:16.4.1:*:*:*:*:*:*:*",
                    "matchCriteriaId": "77E8AF15-AB46-4EAB-8872-8C55E8601599",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:cisco:ios_xe:16.4.2:*:*:*:*:*:*:*",
                    "matchCriteriaId": "957318BE-55D4-4585-AA52-C813301D01C3",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:cisco:ios_xe:16.4.3:*:*:*:*:*:*:*",
                    "matchCriteriaId": "8F11B703-8A0F-47ED-AA70-951FF78B94A4",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:cisco:ios_xe:16.5.1:*:*:*:*:*:*:*",
                    "matchCriteriaId": "FE7B2557-821D-4E05-B5C3-67192573D97D",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:cisco:ios_xe:16.5.1a:*:*:*:*:*:*:*",
                    "matchCriteriaId": "5EE6EC32-51E4-43A3-BFB9-A0D842D08E87",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:cisco:ios_xe:16.5.1b:*:*:*:*:*:*:*",
                    "matchCriteriaId": "187F699A-AF2F-42B0-B855-27413140C384",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:cisco:ios_xe:16.5.2:*:*:*:*:*:*:*",
                    "matchCriteriaId": "7E0B905E-4D92-4FD6-B2FF-41FF1F59A948",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:cisco:ios_xe:16.5.3:*:*:*:*:*:*:*",
                    "matchCriteriaId": "62EDEC28-661E-42EF-88F0-F62D0220D2E5",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:cisco:ios_xe:16.6.1:*:*:*:*:*:*:*",
                    "matchCriteriaId": "F821EBD7-91E2-4460-BFAF-18482CF6CB8C",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:cisco:ios_xe:16.6.2:*:*:*:*:*:*:*",
                    "matchCriteriaId": "E36D2D24-8F63-46DE-AC5F-8DE33332EBC6",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:cisco:ios_xe:16.6.3:*:*:*:*:*:*:*",
                    "matchCriteriaId": "C9B825E6-5929-4890-BDBA-4CF4BD2314C9",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:cisco:ios_xe:16.6.4:*:*:*:*:*:*:*",
                    "matchCriteriaId": "65020120-491D-46CD-8C73-974B6F4C11E6",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:cisco:ios_xe:16.6.4a:*:*:*:*:*:*:*",
                    "matchCriteriaId": "7ADDCD0A-6168-45A0-A885-76CC70FE2FC7",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:cisco:ios_xe:16.6.4s:*:*:*:*:*:*:*",
                    "matchCriteriaId": "3F35C623-6043-43A6-BBAA-478E185480CF",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:cisco:ios_xe:16.6.5:*:*:*:*:*:*:*",
                    "matchCriteriaId": "D83E34F4-F4DD-49CC-9C95-93F9D4D26B42",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:cisco:ios_xe:16.6.5a:*:*:*:*:*:*:*",
                    "matchCriteriaId": "D2833EAE-94C8-4279-A244-DDB6E2D15DC2",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:cisco:ios_xe:16.6.5b:*:*:*:*:*:*:*",
                    "matchCriteriaId": "4B688E46-5BAD-4DEC-8B13-B184B141B169",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:cisco:ios_xe:16.6.6:*:*:*:*:*:*:*",
                    "matchCriteriaId": "8C8F50DB-3A80-4D89-9F7B-86766D37338B",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:cisco:ios_xe:16.6.7:*:*:*:*:*:*:*",
                    "matchCriteriaId": "DBFC70A2-87BC-4898-BCF3-57F7B1DD5F10",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:cisco:ios_xe:16.6.7a:*:*:*:*:*:*:*",
                    "matchCriteriaId": "3F13F583-F645-4DF0-A075-B4F19D71D128",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:cisco:ios_xe:16.6.8:*:*:*:*:*:*:*",
                    "matchCriteriaId": "CB8DA556-ABF3-48D0-95B8-E57DBE1B5A09",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:cisco:ios_xe:16.6.9:*:*:*:*:*:*:*",
                    "matchCriteriaId": "01B53828-C520-4845-9C14-6C7D50EAA3A8",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:cisco:ios_xe:16.6.10:*:*:*:*:*:*:*",
                    "matchCriteriaId": "20F23DB7-6F8E-470A-9B43-0ACEEF331C38",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:cisco:ios_xe:16.7.1:*:*:*:*:*:*:*",
                    "matchCriteriaId": "623BF701-ADC9-4F24-93C5-043A6A7FEF5F",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:cisco:ios_xe:16.7.1a:*:*:*:*:*:*:*",
                    "matchCriteriaId": "E5311FBE-12BF-41AC-B8C6-D86007834863",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:cisco:ios_xe:16.7.1b:*:*:*:*:*:*:*",
                    "matchCriteriaId": "52FB055E-72F9-4CB7-A51D-BF096BD1A55D",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:cisco:ios_xe:16.7.2:*:*:*:*:*:*:*",
                    "matchCriteriaId": "0FBD681F-7969-42BE-A47E-7C287755DCB5",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:cisco:ios_xe:16.7.3:*:*:*:*:*:*:*",
                    "matchCriteriaId": "98255E6F-3056-487D-9157-403836EFB9D3",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:cisco:ios_xe:16.7.4:*:*:*:*:*:*:*",
                    "matchCriteriaId": "521ACFB0-4FB2-44DB-AD7B-C27F9059DE66",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:cisco:ios_xe:16.8.1:*:*:*:*:*:*:*",
                    "matchCriteriaId": "57D4F634-03D5-4D9F-901C-7E9CE45F2F38",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:cisco:ios_xe:16.8.1a:*:*:*:*:*:*:*",
                    "matchCriteriaId": "4463A1D1-E169-4F0B-91B2-FA126BB444CB",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:cisco:ios_xe:16.8.1b:*:*:*:*:*:*:*",
                    "matchCriteriaId": "D97F69C3-CAA6-491C-A0B6-6DC12B5AB472",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:cisco:ios_xe:16.8.1c:*:*:*:*:*:*:*",
                    "matchCriteriaId": "CDD58C58-1B0C-4A71-8C02-F555CEF9C253",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:cisco:ios_xe:16.8.1d:*:*:*:*:*:*:*",
                    "matchCriteriaId": "96852D16-AF50-4C70-B125-D2349E6765D7",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:cisco:ios_xe:16.8.1e:*:*:*:*:*:*:*",
                    "matchCriteriaId": "A15B882A-BA60-4932-A55E-F4A798B30EEB",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:cisco:ios_xe:16.8.1s:*:*:*:*:*:*:*",
                    "matchCriteriaId": "5C9C585C-A6EC-4385-B915-046C110BF95F",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:cisco:ios_xe:16.8.2:*:*:*:*:*:*:*",
                    "matchCriteriaId": "5EC2EE60-4A07-4D92-B9BC-BF07CF4F2BE9",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:cisco:ios_xe:16.8.3:*:*:*:*:*:*:*",
                    "matchCriteriaId": "47DBE4ED-1CD8-4134-9B33-17A91F44F17B",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:cisco:ios_xe:16.9.1:*:*:*:*:*:*:*",
                    "matchCriteriaId": "119A964D-ABC8-424D-8097-85B832A833BD",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:cisco:ios_xe:16.9.1a:*:*:*:*:*:*:*",
                    "matchCriteriaId": "0375BF9E-D04B-4E5B-9051-536806ECA44E",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:cisco:ios_xe:16.9.1b:*:*:*:*:*:*:*",
                    "matchCriteriaId": "2266E5A2-B3F6-4389-B8E2-42CB845EC7F9",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:cisco:ios_xe:16.9.1c:*:*:*:*:*:*:*",
                    "matchCriteriaId": "012A6CF7-9104-4882-9C95-E6D4458AB778",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:cisco:ios_xe:16.9.1d:*:*:*:*:*:*:*",
                    "matchCriteriaId": "5AF5214D-9257-498F-A3EB-C4EC18E2FEB2",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:cisco:ios_xe:16.9.1s:*:*:*:*:*:*:*",
                    "matchCriteriaId": "78DE7780-4E8B-4BB6-BDEB-58032EC65851",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:cisco:ios_xe:16.9.2:*:*:*:*:*:*:*",
                    "matchCriteriaId": "F29CEE37-4044-4A3C-9685-C9C021FD346A",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:cisco:ios_xe:16.9.2a:*:*:*:*:*:*:*",
                    "matchCriteriaId": "3DC5BB06-100F-42C9-8CEB-CC47FD26DDF3",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:cisco:ios_xe:16.9.2s:*:*:*:*:*:*:*",
                    "matchCriteriaId": "5292764A-7D1C-4E04-86EF-809CB68EDD25",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:cisco:ios_xe:16.9.3:*:*:*:*:*:*:*",
                    "matchCriteriaId": "E1FDA817-3A50-4B9E-8F4E-F613BDB3E9EE",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:cisco:ios_xe:16.9.3a:*:*:*:*:*:*:*",
                    "matchCriteriaId": "1E16D266-108F-4F8A-998D-F1CA25F2EAAD",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:cisco:ios_xe:16.9.3h:*:*:*:*:*:*:*",
                    "matchCriteriaId": "F84AE35F-D016-4B8F-8FE2-C2ACB200DFED",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:cisco:ios_xe:16.9.3s:*:*:*:*:*:*:*",
                    "matchCriteriaId": "41D55481-C80E-4400-9C3D-9F6B1F7F13CE",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:cisco:ios_xe:16.9.4:*:*:*:*:*:*:*",
                    "matchCriteriaId": "E4BF9829-F80E-4837-A420-39B291C4E17B",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:cisco:ios_xe:16.9.4c:*:*:*:*:*:*:*",
                    "matchCriteriaId": "D07F9539-CFBE-46F7-9F5E-93A68169797D",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:cisco:ios_xe:16.9.5:*:*:*:*:*:*:*",
                    "matchCriteriaId": "F5AB80E7-0714-44ED-9671-12C877B36A1E",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:cisco:ios_xe:16.9.5f:*:*:*:*:*:*:*",
                    "matchCriteriaId": "10182B94-6831-461E-B0FC-9476EAB6EBEF",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:cisco:ios_xe:16.9.6:*:*:*:*:*:*:*",
                    "matchCriteriaId": "961F8312-31B9-44E7-8858-EF8E2134F447",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:cisco:ios_xe:16.9.7:*:*:*:*:*:*:*",
                    "matchCriteriaId": "3D62EE1B-9A59-406C-B7DF-91B495F3ECFE",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:cisco:ios_xe:16.9.8:*:*:*:*:*:*:*",
                    "matchCriteriaId": "79CF8D4E-F82A-469C-A8C2-0C203A800A05",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:cisco:ios_xe:16.10.1:*:*:*:*:*:*:*",
                    "matchCriteriaId": "DB6BD18B-B9BD-452F-986E-16A6668E46B6",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:cisco:ios_xe:16.10.1a:*:*:*:*:*:*:*",
                    "matchCriteriaId": "D136D2BC-FFB5-4912-A3B1-BD96148CB9A5",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:cisco:ios_xe:16.10.1b:*:*:*:*:*:*:*",
                    "matchCriteriaId": "A22256FE-431C-4AD9-9E7F-7EAC2D81B1B7",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:cisco:ios_xe:16.10.1c:*:*:*:*:*:*:*",
                    "matchCriteriaId": "5CD5B3AB-27C2-4055-A3B7-0112D089FDA4",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:cisco:ios_xe:16.10.1d:*:*:*:*:*:*:*",
                    "matchCriteriaId": "04081A51-E08F-4114-9276-584E836181D3",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:cisco:ios_xe:16.10.1e:*:*:*:*:*:*:*",
                    "matchCriteriaId": "ADED0D82-2A4D-4235-BFAC-5EE2D862B652",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:cisco:ios_xe:16.10.1f:*:*:*:*:*:*:*",
                    "matchCriteriaId": "62A46516-CEB7-48D4-879B-341963A1FA31",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:cisco:ios_xe:16.10.1g:*:*:*:*:*:*:*",
                    "matchCriteriaId": "D6EF98FA-6DF9-4935-9639-143E08462BC4",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:cisco:ios_xe:16.10.1s:*:*:*:*:*:*:*",
                    "matchCriteriaId": "763664F5-E6CD-4936-B2F8-C5E2D5EA7BB6",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:cisco:ios_xe:16.10.2:*:*:*:*:*:*:*",
                    "matchCriteriaId": "0A443E93-6C4B-4F86-BA7C-7C2A929E795A",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:cisco:ios_xe:16.10.3:*:*:*:*:*:*:*",
                    "matchCriteriaId": "6ECEDD9D-6517-44BA-A95F-D1D5488C0E41",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:cisco:ios_xe:16.11.1:*:*:*:*:*:*:*",
                    "matchCriteriaId": "E91F8704-6DAD-474A-84EA-04E4AF7BB9B1",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:cisco:ios_xe:16.11.1a:*:*:*:*:*:*:*",
                    "matchCriteriaId": "314C7763-A64D-4023-9F3F-9A821AE4151F",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:cisco:ios_xe:16.11.1b:*:*:*:*:*:*:*",
                    "matchCriteriaId": "5820D71D-FC93-45AA-BC58-A26A1A39C936",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:cisco:ios_xe:16.11.1c:*:*:*:*:*:*:*",
                    "matchCriteriaId": "FC1C85DD-69CC-4AA8-B219-651D57FC3506",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:cisco:ios_xe:16.11.1s:*:*:*:*:*:*:*",
                    "matchCriteriaId": "DB26AE0F-85D8-4EAB-B9BD-457DD81FF0FE",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:cisco:ios_xe:16.11.2:*:*:*:*:*:*:*",
                    "matchCriteriaId": "B53E377A-0296-4D7A-B97C-576B0026543D",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:cisco:ios_xe:16.12.1:*:*:*:*:*:*:*",
                    "matchCriteriaId": "C98DED36-D4B5-48D6-964E-EEEE97936700",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:cisco:ios_xe:16.12.1a:*:*:*:*:*:*:*",
                    "matchCriteriaId": "CD98C9E8-3EA6-4160-970D-37C389576516",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:cisco:ios_xe:16.12.1c:*:*:*:*:*:*:*",
                    "matchCriteriaId": "C8BEFEDA-B01A-480B-B03D-7ED5D08E4B67",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:cisco:ios_xe:16.12.1s:*:*:*:*:*:*:*",
                    "matchCriteriaId": "9027A528-2588-4C06-810B-5BB313FE4323",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:cisco:ios_xe:16.12.1t:*:*:*:*:*:*:*",
                    "matchCriteriaId": "7745ED34-D59D-49CC-B174-96BCA03B3374",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:cisco:ios_xe:16.12.1w:*:*:*:*:*:*:*",
                    "matchCriteriaId": "19AF4CF3-6E79-4EA3-974D-CD451A192BA9",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:cisco:ios_xe:16.12.1x:*:*:*:*:*:*:*",
                    "matchCriteriaId": "313BD54C-073C-4F27-82D5-C99EFC3A20F7",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:cisco:ios_xe:16.12.1y:*:*:*:*:*:*:*",
                    "matchCriteriaId": "93B96E01-3777-4C33-9225-577B469A6CE5",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:cisco:ios_xe:16.12.2:*:*:*:*:*:*:*",
                    "matchCriteriaId": "E5019B59-508E-40B0-9C92-2C26F58E2FBE",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:cisco:ios_xe:16.12.2a:*:*:*:*:*:*:*",
                    "matchCriteriaId": "443D78BA-A3DA-4D1F-A4DF-2F426DC6B841",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:cisco:ios_xe:16.12.2s:*:*:*:*:*:*:*",
                    "matchCriteriaId": "1986DB1F-AD0A-42FE-8EC8-F18BA1AD4F99",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:cisco:ios_xe:16.12.2t:*:*:*:*:*:*:*",
                    "matchCriteriaId": "3C6FB4DC-814D-49D2-BBE2-3861AE985A1C",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:cisco:ios_xe:16.12.3:*:*:*:*:*:*:*",
                    "matchCriteriaId": "D5750264-2990-4942-85F4-DB9746C5CA2B",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:cisco:ios_xe:16.12.3a:*:*:*:*:*:*:*",
                    "matchCriteriaId": "02352FD8-2A7B-41BD-9E4A-F312ABFDF3EF",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:cisco:ios_xe:16.12.3s:*:*:*:*:*:*:*",
                    "matchCriteriaId": "B9173AD6-6658-4267-AAA7-D50D0B657528",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:cisco:ios_xe:16.12.4:*:*:*:*:*:*:*",
                    "matchCriteriaId": "7F02EE9D-45B1-43D6-B05D-6FF19472216B",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:cisco:ios_xe:16.12.4a:*:*:*:*:*:*:*",
                    "matchCriteriaId": "1C1DBBCD-4C5A-43BB-8FB0-6F1AF99ED0D2",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:cisco:ios_xe:16.12.5:*:*:*:*:*:*:*",
                    "matchCriteriaId": "8FCB9440-F470-45D1-AAFA-01FB5D76B600",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:cisco:ios_xe:16.12.5a:*:*:*:*:*:*:*",
                    "matchCriteriaId": "3F66ECFE-B631-47AE-995F-024A4E586A85",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:cisco:ios_xe:17.1.1:*:*:*:*:*:*:*",
                    "matchCriteriaId": "E306B09C-CB48-4067-B60C-5F738555EEAC",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:cisco:ios_xe:17.1.1a:*:*:*:*:*:*:*",
                    "matchCriteriaId": "CD446C51-E713-4E46-8328-0A0477D140D2",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:cisco:ios_xe:17.1.1s:*:*:*:*:*:*:*",
                    "matchCriteriaId": "4FF0DD16-D76A-45EA-B01A-20C71AEFA3B4",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:cisco:ios_xe:17.1.1t:*:*:*:*:*:*:*",
                    "matchCriteriaId": "4BDD0CEC-4A19-438D-B2A1-8664A1D8F3C4",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:cisco:ios_xe:17.1.2:*:*:*:*:*:*:*",
                    "matchCriteriaId": "89369318-2E83-489F-B872-5F2E247BBF8F",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:cisco:ios_xe:17.1.3:*:*:*:*:*:*:*",
                    "matchCriteriaId": "8B4D4659-A304-459F-8AB3-ED6D84B44C0F",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:cisco:ios_xe:17.2.1:*:*:*:*:*:*:*",
                    "matchCriteriaId": "4B7EE7C7-D6C1-4C35-8C80-EAF3FC7E7EFA",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:cisco:ios_xe:17.2.1a:*:*:*:*:*:*:*",
                    "matchCriteriaId": "B51FA707-8DB1-4596-9122-D4BFEF17F400",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:cisco:ios_xe:17.2.1r:*:*:*:*:*:*:*",
                    "matchCriteriaId": "C04DF35A-1B6F-420A-8D84-74EB41BF3700",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:cisco:ios_xe:17.2.1v:*:*:*:*:*:*:*",
                    "matchCriteriaId": "211CC9B2-6108-4C50-AB31-DC527C43053E",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:cisco:ios_xe:17.2.2:*:*:*:*:*:*:*",
                    "matchCriteriaId": "75CCB5F1-27F5-4FF9-8389-0A9ABCF7F070",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:cisco:ios_xe:17.2.3:*:*:*:*:*:*:*",
                    "matchCriteriaId": "08DCCBA3-82D2-4444-B5D3-E5FC58D024F9",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:cisco:ios_xe:17.3.1:*:*:*:*:*:*:*",
                    "matchCriteriaId": "128F95D7-E49F-4B36-8F47-823C0298449E",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:cisco:ios_xe:17.3.1a:*:*:*:*:*:*:*",
                    "matchCriteriaId": "E21B3881-37E9-4C00-9336-12C9C28D1B61",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:cisco:ios_xe:17.3.2:*:*:*:*:*:*:*",
                    "matchCriteriaId": "2B270A04-9961-4E99-806B-441CD674AFBD",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:cisco:ios_xe:17.3.2a:*:*:*:*:*:*:*",
                    "matchCriteriaId": "1360069D-0358-4746-8C3F-44C2A40988D7",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:cisco:ios_xe:17.3.3:*:*:*:*:*:*:*",
                    "matchCriteriaId": "C5DD2403-113B-4100-8BD4-90E1927E6648",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:cisco:ios_xe:17.3.3a:*:*:*:*:*:*:*",
                    "matchCriteriaId": "A35FFA44-9A59-4C20-9D86-C40B68BD5F77",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:cisco:ios_xe:17.3.4:*:*:*:*:*:*:*",
                    "matchCriteriaId": "DAF73937-BCE2-4BEF-B4B0-83212DA4A6C8",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:cisco:ios_xe:17.3.4a:*:*:*:*:*:*:*",
                    "matchCriteriaId": "2DDB1E60-C2A9-4570-BE80-F3D478A53738",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:cisco:ios_xe:17.3.4b:*:*:*:*:*:*:*",
                    "matchCriteriaId": "9841799A-87E2-46AE-807A-824981EAB35A",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:cisco:ios_xe:17.3.4c:*:*:*:*:*:*:*",
                    "matchCriteriaId": "0CEF022B-271F-4017-B74B-82748D5EBA01",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:cisco:ios_xe:17.4.1:*:*:*:*:*:*:*",
                    "matchCriteriaId": "5A6B707B-4543-41F1-83DF-49A93BF56FB1",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:cisco:ios_xe:17.4.1a:*:*:*:*:*:*:*",
                    "matchCriteriaId": "DC8F611B-D347-4A21-90E6-56CF4D8A35A3",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:cisco:ios_xe:17.4.1b:*:*:*:*:*:*:*",
                    "matchCriteriaId": "D9A92CE4-B4B0-4C14-AE11-8DFE511406F3",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:cisco:ios_xe:17.4.1c:*:*:*:*:*:*:*",
                    "matchCriteriaId": "298C82F9-79A6-4DB7-8432-8B3A6DA39620",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:cisco:ios_xe:17.4.2:*:*:*:*:*:*:*",
                    "matchCriteriaId": "274E3E6F-4280-4EAE-B102-1BE57FE1F1D2",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:cisco:ios_xe:17.4.2a:*:*:*:*:*:*:*",
                    "matchCriteriaId": "46B52A51-51DB-4A12-AB1D-8D9605226599",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:cisco:ios_xe:17.5.1:*:*:*:*:*:*:*",
                    "matchCriteriaId": "938B0720-8CA7-43BA-9708-5CE9EC7A565A",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:cisco:ios_xe:17.5.1a:*:*:*:*:*:*:*",
                    "matchCriteriaId": "D4BE7166-DBD3-4CE6-A14A-725FE896B85E",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:cisco:ios_xe:17.6.1:*:*:*:*:*:*:*",
                    "matchCriteriaId": "4DE62C4B-7C06-4907-BADE-416C1618D2D9",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:cisco:ios_xe:17.6.1a:*:*:*:*:*:*:*",
                    "matchCriteriaId": "0C60DF3F-DBD9-4BBF-812E-4BB0C47BDF3C",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          }
        ],
        "descriptions": [
          {
            "lang": "en",
            "value": "Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software. For more information about these vulnerabilities, see the Details section of this advisory."
          },
          {
            "lang": "es",
            "value": "M\u00faltiples vulnerabilidades en el entorno de alojamiento de aplicaciones Cisco IOx en varias plataformas de Cisco podr\u00edan permitir a un atacante inyectar comandos arbitrarios en el sistema operativo anfitri\u00f3n subyacente, ejecutar c\u00f3digo arbitrario en el sistema operativo anfitri\u00f3n subyacente, instalar aplicaciones sin ser autenticado o conducir un ataque de tipo cross-site scripting (XSS) contra un usuario del software afectado. Para m\u00e1s informaci\u00f3n sobre estas vulnerabilidades, consulte la secci\u00f3n Details de este aviso"
          }
        ],
        "id": "CVE-2022-20718",
        "lastModified": "2024-02-07T18:42:35.030",
        "metrics": {
          "cvssMetricV2": [
            {
              "acInsufInfo": false,
              "baseSeverity": "HIGH",
              "cvssData": {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "integrityImpact": "COMPLETE",
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              },
              "exploitabilityScore": 8.0,
              "impactScore": 10.0,
              "obtainAllPrivilege": false,
              "obtainOtherPrivilege": false,
              "obtainUserPrivilege": false,
              "source": "nvd@nist.gov",
              "type": "Primary",
              "userInteractionRequired": false
            }
          ],
          "cvssMetricV31": [
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "exploitabilityScore": 1.2,
              "impactScore": 5.9,
              "source": "nvd@nist.gov",
              "type": "Primary"
            },
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:N",
                "version": "3.1"
              },
              "exploitabilityScore": 1.2,
              "impactScore": 4.2,
              "source": "ykramarz@cisco.com",
              "type": "Secondary"
            }
          ]
        },
        "published": "2022-04-15T15:15:13.163",
        "references": [
          {
            "source": "ykramarz@cisco.com",
            "tags": [
              "Exploit",
              "Third Party Advisory"
            ],
            "url": "https://github.com/orangecertcc/security-research/security/advisories/GHSA-px2c-q384-5wxc"
          },
          {
            "source": "ykramarz@cisco.com",
            "tags": [
              "Vendor Advisory"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iox-yuXQ6hFj"
          }
        ],
        "sourceIdentifier": "ykramarz@cisco.com",
        "vulnStatus": "Analyzed",
        "weaknesses": [
          {
            "description": [
              {
                "lang": "en",
                "value": "CWE-78"
              }
            ],
            "source": "nvd@nist.gov",
            "type": "Primary"
          },
          {
            "description": [
              {
                "lang": "en",
                "value": "CWE-22"
              }
            ],
            "source": "ykramarz@cisco.com",
            "type": "Secondary"
          }
        ]
      }
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading...

Loading...

Loading...

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.