Description

A vulnerability in the implementation of the CLI on a device that is running ConfD could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient validation of a process argument on an affected device. An attacker could exploit this vulnerability by injecting commands during the execution of this process. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the privilege level of ConfD, which is commonly root.

INFO

Published Date :

2024-11-15T15:56:42.927Z

Last Modified :

2024-11-15T21:00:58.460Z

Source :

cisco
AFFECTED PRODUCTS

The following products are affected by CVE-2022-20655 vulnerability.

Vendors Products
Cisco
  • Carrier Packet Transport
  • Catalyst Sd-wan Manager
  • Enterprise Nfv Infrastructure Software
  • Ios Xe Catalyst Sd-wan
  • Ios Xr Software
  • Network Services Orchestrator
  • Sd-wan Vedge Router
  • Virtual Topology System
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2022-20655.

URL Resource
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cli-cmdinj-4MttWZPB cve-icon cve-icon
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-confdcli-cmdinj-wybQDSSh cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact