VDB

CVE-2022-20693

CVE-2022-20693 PUBLISHED CVSS 4.699999809265137 MEDIUM

A vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated, remote attacker to perform an injection attack against an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted input to the web UI API. A successful exploit could allow the attacker to inject commands to the underlying operating system with root privileges.

EPSS 2.41% · 85.4th percentile

Risk Scores

CVSS 3.1
4.699999809265137
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
EPSS Score
2.41%
85.4th percentile

Affected Products

VendorProductVersions
CiscoCisco IOS XE Softwaren/a
ciscoios_xe3.15.1xbs, 3.15.2xbs, 16.12.1a

Exploit Intelligence

Timeline

  • Apr 15, 2022 CVE Published
  • Apr 16, 2022 EPSS Score
  • Jun 5, 2022 EPSS Score
  • Jul 26, 2022 EPSS Score
  • Nov 4, 2022 EPSS Score
  • Dec 24, 2022 EPSS Score
  • Feb 12, 2023 EPSS Score
  • Mar 7, 2023 EPSS Score
  • Apr 3, 2023 EPSS Score
  • Jul 12, 2023 EPSS Score
  • Aug 31, 2023 EPSS Score
  • Oct 21, 2023 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›