VDB

CVE-2022-20676

CVE-2022-20676 PUBLISHED CVSS 5.099999904632568 MEDIUM

A vulnerability in the Tool Command Language (Tcl) interpreter of Cisco IOS XE Software could allow an authenticated, local attacker to escalate from privilege level 15 to root-level privileges. This vulnerability is due to insufficient input validation of data that is passed into the Tcl interpreter. An attacker could exploit this vulnerability by loading malicious Tcl code on an affected device. A successful exploit could allow the attacker to execute arbitrary commands as root. By default, Tcl shell access requires privilege level 15.

EPSS 0.06% · 19.0th percentile

Risk Scores

CVSS 3.1
5.099999904632568
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:N
EPSS Score
0.06%
19.0th percentile

Affected Products

VendorProductVersions
ciscoios_xe16.12.1z2, 17.2.1, 17.2.1a
CiscoCisco IOS XE Softwaren/a

Exploit Intelligence

Timeline

  • Apr 15, 2022 CVE Published
  • Apr 16, 2022 EPSS Score
  • Jun 5, 2022 EPSS Score
  • Jul 26, 2022 EPSS Score
  • Sep 14, 2022 EPSS Score
  • Nov 4, 2022 EPSS Score
  • Dec 24, 2022 EPSS Score
  • Feb 12, 2023 EPSS Score
  • Mar 7, 2023 EPSS Score
  • Apr 3, 2023 EPSS Score
  • May 23, 2023 EPSS Score
  • Jul 12, 2023 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›