VDB

CVE-2022-20655

CVE-2022-20655 PUBLISHED CVSS 8.800000190734863 HIGH

A vulnerability in the implementation of the CLI on a device that is running ConfD could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient validation of a process argument on an affected device. An attacker could exploit this vulnerability by injecting commands during the execution of this process. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the privilege level of ConfD, which is commonly root.

EPSS 0.40% · 61.1th percentile

Risk Scores

CVSS 3.1
8.800000190734863
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
EPSS Score
0.40%
61.1th percentile

Affected Products

VendorProductVersions
CiscoCisco Catalyst SD-WANN/A
CiscoCisco IOS XE Catalyst SD-WANN/A
ciscocatalyst_sd-wan_manager19.2.0, 0
ciscoios_xr_software0, 7.1.0
ciscovirtual_topology_system0
CiscoCisco Catalyst SD-WAN ManagerN/A
ciscocarrier_packet_transport0
CiscoCisco Network Services OrchestratorN/A
CiscoCisco SD-WAN vEdge RouterN/A
CiscoCisco Enterprise NFV Infrastructure SoftwareN/A
ciscoios_xe_catalyst_sd-wan17.2.0, 0, 16.12.0
CiscoCisco Ultra Gateway PlatformN/A
cisconetwork_services_orchestrator4.6.0, 5.1.0, 4.5.0
ciscoenterprise_nfv_infrastructure_software0
CiscoCisco Carrier Packet Transport1.0.2, 1.1.1, 1.1.2
CiscoCisco IOS XR Software*
CiscoCisco Virtual Topology System (VTS)N/A
ciscosd-wan_vedge_router0, 19.2.0

Exploit Intelligence

Timeline

  • Jan 20, 2022 CVE Published
  • Jan 21, 2022 CVE Updated
  • Nov 16, 2024 EPSS Score
  • Dec 5, 2024 EPSS Score
  • Dec 22, 2024 EPSS Score
  • Jan 9, 2025 EPSS Score
  • Jan 26, 2025 EPSS Score
  • Feb 13, 2025 EPSS Score
  • Mar 3, 2025 EPSS Score
  • Mar 17, 2025 EPSS Score
  • Mar 20, 2025 EPSS Score
  • Apr 7, 2025 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›