Details of VAR-202204-0264

ID

VAR-202204-0264

CVE

CVE-2022-20727

TITLE

Cisco IOS XE Software Path traversal vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202204-3308

DESCRIPTION

Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software. For more information about these vulnerabilities, see the Details section of this advisory

Trust: 1.08

sources: NVD: CVE-2022-20727 // VULHUB: VHN-405280 // VULMON: CVE-2022-20727

AFFECTED PRODUCTS

vendor:	cisco	model:	ir510 operating system	scope:	lt	version:	6.5.9	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.9\(3\)m1	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.3.3	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.8\(3\)m0b	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.3.4	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.9.6	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	17.4.2a	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	17.2.1r	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.5.1a	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.9\(3\)m3a	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.9.5f	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.6.5a	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.11.1	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.3.5	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.10.1	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.6.2	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.2\(6\)e1	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.6\(2\)t	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.6\(3\)m1	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.9.1	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.2\(7\)e0s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	17.1.2	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.9\(3\)m4a	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.11.1a	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.6\(3\)m6	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.6\(3\)m8	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.9\(3\)m3	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.6.5b	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.8\(3\)m2a	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.9\(3\)m2	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.12.5a	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.9.2	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.12.3	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.9.1a	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.9.7	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.3.7	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.12.1x	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.9\(3\)m0a	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	17.4.1a	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.8\(3\)m3a	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.3.10	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.2\(6\)e2a	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.9.2a	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.6\(2\)t2	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.6\(3\)m5	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.6.9	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.12.1t	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.2\(7\)e0b	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.8\(3\)m	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.10.1c	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.7.1a	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.6\(3\)m4	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.6.4	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.8.1a	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.10.1a	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.12.2	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.10.1g	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.12.4	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.9.3h	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	17.1.1s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	17.2.1	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.7\(3\)m5	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.12.2s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.9.1c	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.5.3	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.10.1e	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.6\(3\)m3a	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.6\(3\)m9	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.7.1b	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	17.4.2	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.12.1y	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.9.3	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.9.2s	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.6\(2\)t1	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.10.1d	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.2\(5\)e1	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.9.1d	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.3.1a	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.8\(3\)m6	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.6.5	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	17.1.1a	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.8\(3\)m3b	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.6.8	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.7.3	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.9.5	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.8\(3\)m1	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.7.4	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.5.1	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.7\(3\)m1	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.6\(3\)m	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.7\(3\)m4	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.6.3	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.3.9	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.8.3	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.6\(3\)m6b	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.9.1b	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.12.2a	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.2\(6\)e0a	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.7\(3\)m	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.7\(3\)m0a	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.9.3s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.11.1s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.9.4c	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.8\(3\)m0a	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.7\(3\)m6	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	17.3.4	Trust: 1.0
vendor:	cisco	model:	ic3000 industrial compute gateway	scope:	lt	version:	1.4.1	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.8\(3\)m7	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.6\(3\)m6a	Trust: 1.0
vendor:	cisco	model:	cgr1000 compute module	scope:	lt	version:	1.15.0.1	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	17.1.1t	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.11.1c	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.6.4a	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.8.1c	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.8\(3\)m5	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.3.6	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.8.1e	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	17.5.1	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.7\(3\)m9	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.6\(1\)t3	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.8.2	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.12.3s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.11.2	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.12.5	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.7.2	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.6\(1\)t1	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	17.5.1a	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.8.1d	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.6\(3\)m1a	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.6.7	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.12.1w	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.7\(3\)m4a	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	17.3.3	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.10.1b	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.6\(2\)t0a	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	17.3.1z	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.9\(3\)m	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.10.1s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.6.10	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.10.2	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.8\(3\)m2	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.6.7a	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.6.6	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	17.3.1a	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	17.3.4b	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	17.2.1a	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	17.2.2	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.8\(3\)m3	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.9.3a	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.8\(3\)m4	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.12.1c	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.6\(3\)m1b	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.7\(3\)m4b	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.4.1	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.9.4	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.9\(3\)m2a	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	17.3.1x	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.6\(3\)m2a	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.7\(3\)m7	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.9.1s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	17.3.4a	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.8\(3\)m1a	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.3.2	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	17.2.1v	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.6\(2\)t3	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.3.5b	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	17.6.1a	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.12.1s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.8.1s	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.6\(3\)m0a	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.7\(3\)m2	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	17.3.4c	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.12.1a	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	17.2.3	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.6\(3\)m2	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	17.3.3a	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	17.4.1b	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.8.1b	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.9\(3\)m3b	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	17.6.1	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.4.3	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.5.2	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.12.4a	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.10.1f	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.9\(3\)m4	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.6.1	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.6\(1\)t2	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.7.1	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.12.2t	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.5.1b	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.4.2	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.6.4s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	17.3.2	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.3.8	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.12.1	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.2\(7\)e	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.3.1	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.12.3a	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.7\(3\)m8	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	17.4.1c	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.10.3	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	17.4.1	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.6\(3\)m3	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.8.1	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.6\(3\)m7	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.9.8	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	17.1.3	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	17.3.2a	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.3.11	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	17.3.1	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	17.1.1	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.7\(3\)m3	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.11.1b	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	17.3.1w	Trust: 1.0

sources: NVD: CVE-2022-20727

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-20727
value:	MEDIUM
Trust: 1.0
ykramarz@cisco.com:	CVE-2022-20727
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-202204-3308
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-405280
value:	HIGH
Trust: 0.1
VULMON:	CVE-2022-20727
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2022-20727
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
VULHUB:	VHN-405280
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2022-20727
baseSeverity:	MEDIUM
baseScore:	6.7
vectorString:	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	0.8
impactScore:	5.9
version:	3.1
Trust: 1.0
ykramarz@cisco.com:	CVE-2022-20727
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	1.2
impactScore:	4.2
version:	3.1
Trust: 1.0

sources: VULHUB: VHN-405280 // VULMON: CVE-2022-20727 // CNNVD: CNNVD-202204-3308 // NVD: CVE-2022-20727 // NVD: CVE-2022-20727

PROBLEMTYPE DATA

problemtype:

CWE-22

Trust: 1.1

sources: VULHUB: VHN-405280 // NVD: CVE-2022-20727

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202204-3308

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-202204-3308

PATCH

title:	Cisco: Cisco IOx Application Hosting Environment Vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-iox-yuXQ6hFj	Trust: 0.1
title:	CVE-2022-XXXX	url:	https://github.com/AlphabugX/CVE-2022-23305	Trust: 0.1
title:	CVE-2022-XXXX	url:	https://github.com/AlphabugX/CVE-2022-RCE	Trust: 0.1

sources: VULMON: CVE-2022-20727

EXTERNAL IDS

db:	NVD	id:	CVE-2022-20727	Trust: 1.8
db:	CS-HELP	id:	SB2022041415	Trust: 0.6
db:	CNNVD	id:	CNNVD-202204-3308	Trust: 0.6
db:	VULHUB	id:	VHN-405280	Trust: 0.1
db:	VULMON	id:	CVE-2022-20727	Trust: 0.1

sources: VULHUB: VHN-405280 // VULMON: CVE-2022-20727 // CNNVD: CNNVD-202204-3308 // NVD: CVE-2022-20727

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-iox-yuxq6hfj	Trust: 1.9
url:	https://cxsecurity.com/cveshow/cve-2022-20727/	Trust: 0.6
url:	https://vigilance.fr/vulnerability/cisco-ios-ios-xe-multiple-vulnerabilities-via-application-hosting-environment-38057	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022041415	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/22.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://github.com/alphabugx/cve-2022-23305	Trust: 0.1

sources: VULHUB: VHN-405280 // VULMON: CVE-2022-20727 // CNNVD: CNNVD-202204-3308 // NVD: CVE-2022-20727

SOURCES

db:	VULHUB	id:	VHN-405280
db:	VULMON	id:	CVE-2022-20727
db:	CNNVD	id:	CNNVD-202204-3308
db:	NVD	id:	CVE-2022-20727

LAST UPDATE DATE

2024-08-14T13:53:29.526000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-405280	date:	2022-04-22T00:00:00
db:	VULMON	id:	CVE-2022-20727	date:	2024-01-10T00:00:00
db:	CNNVD	id:	CNNVD-202204-3308	date:	2022-04-24T00:00:00
db:	NVD	id:	CVE-2022-20727	date:	2024-01-10T18:51:52.693

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-405280	date:	2022-04-15T00:00:00
db:	VULMON	id:	CVE-2022-20727	date:	2022-04-15T00:00:00
db:	CNNVD	id:	CNNVD-202204-3308	date:	2022-04-13T00:00:00
db:	NVD	id:	CVE-2022-20727	date:	2022-04-15T15:15:13.613