Details of VAR-202202-1727

ID

VAR-202202-1727

CVE

CVE-2022-20750

TITLE

Cisco StarOS for Cisco Redundancy Configuration Manager Input validation vulnerability in software

Trust: 0.8

sources: JVNDB: JVNDB-2022-005867

DESCRIPTION

A vulnerability in the checkpoint manager implementation of Cisco Redundancy Configuration Manager (RCM) for Cisco StarOS Software could allow an unauthenticated, remote attacker to cause the checkpoint manager process to restart upon receipt of malformed TCP data. This vulnerability is due to improper input validation of an ingress TCP packet. An attacker could exploit this vulnerability by sending crafted TCP data to the affected application. A successful exploit could allow the attacker to cause a denial of service (DoS) condition due to the checkpoint manager process restarting. Cisco StarOS is a set of virtualization operating system of Cisco (Cisco)

Trust: 1.8

sources: NVD: CVE-2022-20750 // JVNDB: JVNDB-2022-005867 // VULHUB: VHN-405303 // VULMON: CVE-2022-20750

AFFECTED PRODUCTS

vendor:	cisco	model:	redundancy configuration manager	scope:	lt	version:	21.24.0	Trust: 1.0
vendor:	シスコシステムズ	model:	cisco redundancy configuration manager	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco redundancy configuration manager	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2022-005867 // NVD: CVE-2022-20750

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-20750
value:	HIGH
Trust: 1.0
ykramarz@cisco.com:	CVE-2022-20750
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2022-20750
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202202-1314
value:	HIGH
Trust: 0.6
VULHUB:	VHN-405303
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2022-20750
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2022-20750
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-405303
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2022-20750
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
ykramarz@cisco.com:	CVE-2022-20750
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	LOW
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.1
Trust: 1.0
NVD:	CVE-2022-20750
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-405303 // VULMON: CVE-2022-20750 // JVNDB: JVNDB-2022-005867 // CNNVD: CNNVD-202202-1314 // NVD: CVE-2022-20750 // NVD: CVE-2022-20750

PROBLEMTYPE DATA

problemtype:	CWE-20	Trust: 1.1
problemtype:	Inappropriate input confirmation (CWE-20) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-405303 // JVNDB: JVNDB-2022-005867 // NVD: CVE-2022-20750

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202202-1314

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202202-1314

PATCH

title:	cisco-sa-rcm-tcp-dos-2Wh8XjAQ	url:	https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rcm-tcp-dos-2Wh8XjAQ	Trust: 0.8
title:	Cisco StarOS Enter the fix for the verification error vulnerability	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=183897	Trust: 0.6
title:	Cisco: Cisco Redundancy Configuration Manager for Cisco StarOS Software TCP Denial of Service Vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-rcm-tcp-dos-2Wh8XjAQ	Trust: 0.1
title:	CVE-2022-XXXX	url:	https://github.com/AlphabugX/CVE-2022-23305	Trust: 0.1
title:	CVE-2022-XXXX	url:	https://github.com/AlphabugX/CVE-2022-RCE	Trust: 0.1

sources: VULMON: CVE-2022-20750 // JVNDB: JVNDB-2022-005867 // CNNVD: CNNVD-202202-1314

EXTERNAL IDS

db:	NVD	id:	CVE-2022-20750	Trust: 3.4
db:	JVNDB	id:	JVNDB-2022-005867	Trust: 0.8
db:	CS-HELP	id:	SB2022021625	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.0690	Trust: 0.6
db:	CNNVD	id:	CNNVD-202202-1314	Trust: 0.6
db:	CNVD	id:	CNVD-2022-13370	Trust: 0.1
db:	VULHUB	id:	VHN-405303	Trust: 0.1
db:	VULMON	id:	CVE-2022-20750	Trust: 0.1

sources: VULHUB: VHN-405303 // VULMON: CVE-2022-20750 // JVNDB: JVNDB-2022-005867 // CNNVD: CNNVD-202202-1314 // NVD: CVE-2022-20750

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-rcm-tcp-dos-2wh8xjaq	Trust: 2.5
url:	https://nvd.nist.gov/vuln/detail/cve-2022-20750	Trust: 1.4
url:	https://www.auscert.org.au/bulletins/esb-2022.0690	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022021625	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/20.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://github.com/alphabugx/cve-2022-23305	Trust: 0.1

sources: VULHUB: VHN-405303 // VULMON: CVE-2022-20750 // JVNDB: JVNDB-2022-005867 // CNNVD: CNNVD-202202-1314 // NVD: CVE-2022-20750

SOURCES

db:	VULHUB	id:	VHN-405303
db:	VULMON	id:	CVE-2022-20750
db:	JVNDB	id:	JVNDB-2022-005867
db:	CNNVD	id:	CNNVD-202202-1314
db:	NVD	id:	CVE-2022-20750

LAST UPDATE DATE

2024-11-23T23:10:57.094000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-405303	date:	2022-02-25T00:00:00
db:	VULMON	id:	CVE-2022-20750	date:	2023-11-07T00:00:00
db:	JVNDB	id:	JVNDB-2022-005867	date:	2023-06-16T02:27:00
db:	CNNVD	id:	CNNVD-202202-1314	date:	2022-03-03T00:00:00
db:	NVD	id:	CVE-2022-20750	date:	2024-11-21T06:43:28.550

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-405303	date:	2022-02-17T00:00:00
db:	VULMON	id:	CVE-2022-20750	date:	2022-02-17T00:00:00
db:	JVNDB	id:	JVNDB-2022-005867	date:	2023-06-16T00:00:00
db:	CNNVD	id:	CNNVD-202202-1314	date:	2022-02-16T00:00:00
db:	NVD	id:	CVE-2022-20750	date:	2022-02-17T15:15:09.517