VDB
CVE-2022-20650
CVE-2022-20650
PUBLISHED
CVSS 8.800000190734863 HIGH
A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an authenticated, remote attacker to execute arbitrary commands with root privileges. The vulnerability is due to insufficient input validation of user supplied data that is sent to the NX-API. An attacker could exploit this vulnerability by sending a crafted HTTP POST request to the NX-API of an affected device. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the underlying operating system. Note: The NX-API feature is disabled by default.
EPSS 3.46% · 87.8th percentile
Risk Scores
CVSS 3.1
8.800000190734863
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
3.46%
87.8th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| cisco | nx-os | 10.2\(1.72\), 7.3\(8\)n1\(0.4\) |
| Cisco | Cisco NX-OS Software | n/a |
Exploit Intelligence
Timeline
- Feb 23, 2022 CVE Published
- Feb 24, 2022 EPSS Score
- Apr 17, 2022 EPSS Score
- Jul 31, 2022 EPSS Score
- Sep 21, 2022 EPSS Score
- Jan 2, 2023 EPSS Score
- Feb 23, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Jun 7, 2023 EPSS Score
- Jul 29, 2023 EPSS Score
- Sep 19, 2023 EPSS Score
- Jan 1, 2024 EPSS Score
References
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-nxapi-cmdinject-ULukNMZ2 advisory
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cfsoip-dos-tpykyDr advisory
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-bfd-dos-wGQXrzxn advisory
- https://nvd.nist.gov/vuln/detail/CVE-2022-20650 advisory