CVE-2022-20865 — Vulnetix

CVE-2022-20865 PUBLISHED CVSS 6.699999809265137 MEDIUM

A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The attacker would need to have Administrator privileges on the device. This vulnerability is due to insufficient input validation of commands supplied by the user. An attacker could exploit this vulnerability by authenticating to a device and submitting crafted input to the affected command. A successful exploit could allow the attacker to execute commands on the underlying operating system with root privileges.

EPSS 0.22% · 44.2th percentile

Risk Scores

CVSS 3.1

6.699999809265137

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS Score

0.22%

44.2th percentile

Affected Products

Vendor	Product	Versions
cisco	firepower_4120_firmware
cisco	firepower_9300_sm-56_x_3_firmware
cisco	firepower_4150_firmware
cisco	firepower_9300_sm-48_firmware
cisco	firepower_4145_firmware
cisco	firepower_4110_firmware
cisco	firepower_4125_firmware
cisco	firepower_4112_firmware
cisco	firepower_9300_sm-56_firmware
cisco	firepower_9300_sm-40_firmware
Cisco	Cisco Firepower Extensible Operating System (FXOS)	*
cisco	firepower_4140_firmware
cisco	firepower_4115_firmware

Exploit Intelligence

20220824 Cisco FXOS Software Command Injection Vulnerability (circl)

Timeline

Aug 25, 2022 CVE Published
Aug 26, 2022 EPSS Score
Oct 11, 2022 EPSS Score
Nov 25, 2022 EPSS Score
Jan 10, 2023 EPSS Score
Feb 24, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Apr 11, 2023 EPSS Score
May 27, 2023 EPSS Score
Jul 11, 2023 EPSS Score
Aug 26, 2023 EPSS Score
Oct 11, 2023 EPSS Score

References

20220824 Cisco FXOS Software Command Injection Vulnerability vendor-advisory
https://nvd.nist.gov/vuln/detail/CVE-2022-20865 advisory

Open in Interactive Console →