Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2022-20855

Опубликовано: 30 сент. 2022
Источник: nvd
CVSS3: 7.9
CVSS3: 6.7
EPSS Низкий

Описание

A vulnerability in the self-healing functionality of Cisco IOS XE Software for Embedded Wireless Controllers on Catalyst Access Points could allow an authenticated, local attacker to escape the restricted controller shell and execute arbitrary commands on the underlying operating system of the access point. This vulnerability is due to improper checks throughout the restart of certain system processes. An attacker could exploit this vulnerability by logging on to an affected device and executing certain CLI commands. A successful exploit could allow the attacker to execute arbitrary commands on the underlying OS as root. To successfully exploit this vulnerability, an attacker would need valid credentials for a privilege level 15 user of the wireless controller.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:cisco:ios_xe:17.6.1:*:*:*:*:*:*:*

Одно из

cpe:2.3:h:cisco:catalyst_9105:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:catalyst_9105axi:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:catalyst_9105axw:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:catalyst_9115:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:catalyst_9115_ap:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:catalyst_9115axe:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:catalyst_9115axi:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:catalyst_9117:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:catalyst_9117_ap:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:catalyst_9117axi:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:catalyst_9120:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:catalyst_9120_ap:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:catalyst_9120axe:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:catalyst_9120axi:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:catalyst_9120axp:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:catalyst_9124:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:catalyst_9124axd:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:catalyst_9124axi:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:catalyst_9130:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:catalyst_9130_ap:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:catalyst_9130axe:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:catalyst_9130axi:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:catalyst_9800:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:catalyst_9800-40:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:catalyst_9800-80:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:catalyst_9800-cl:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:catalyst_9800-l:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:catalyst_9800-l-c:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:catalyst_9800-l-f:-:*:*:*:*:*:*:*

EPSS

Процентиль: 42%
0.00198
Низкий

7.9 High

CVSS3

6.7 Medium

CVSS3

Дефекты

CWE-266
CWE-78

Связанные уязвимости

github логотип

GHSA-mxx7-xwrv-x9hr

CVSS3: 6.7
github
больше 3 лет назад

A vulnerability in the self-healing functionality of Cisco IOS XE Software for Embedded Wireless Controllers on Catalyst Access Points could allow an authenticated, local attacker to escape the restricted controller shell and execute arbitrary commands on the underlying operating system of the access point. This vulnerability is due to improper checks throughout the restart of certain system processes. An attacker could exploit this vulnerability by logging on to an affected device and executing certain CLI commands. A successful exploit could allow the attacker to execute arbitrary commands on the underlying OS as root. To successfully exploit this vulnerability, an attacker would need valid credentials for a privilege level 15 user of the wireless controller.

fstec логотип

BDU:2023-00304

CVSS3: 7.9
fstec
больше 3 лет назад

Уязвимость интерфейса командной строки (CLI) операционных систем Cisco IOS XE сетевых устройств Cisco Catalyst 9000 Series связана с ошибками присваивания привилегий, позволяющая нарушителю выполнить произвольные команды

EPSS

Процентиль: 42%
0.00198
Низкий

7.9 High

CVSS3

6.7 Medium

CVSS3

Дефекты

CWE-266
CWE-78