Details of VAR-202204-0266

ID

VAR-202204-0266

CVE

CVE-2022-20725

TITLE

Cisco IOx Cross-site scripting vulnerabilities in application hosting environments

Trust: 0.8

sources: JVNDB: JVNDB-2022-010806

DESCRIPTION

Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software. For more information about these vulnerabilities, see the Details section of this advisory. Cisco IOx A cross-site scripting vulnerability exists in your application hosting environment.Information may be obtained and information may be tampered with

Trust: 1.71

sources: NVD: CVE-2022-20725 // JVNDB: JVNDB-2022-010806 // VULMON: CVE-2022-20725

AFFECTED PRODUCTS

vendor:	cisco	model:	ios	scope:	eq	version:	15.6\(3\)m1	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.3.5	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.8.3	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.4.1	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.12.1y	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.6\(2\)t0a	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	17.5.1	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.7\(3\)m4	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.6.7a	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.6.5	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.10.1s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.6.4a	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	17.4.2a	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.7\(3\)m5	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.11.2	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.6\(1\)t2	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.9\(3\)m3a	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.7\(3\)m3	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.2\(7\)e0b	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.6.4s	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.6\(3\)m6b	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.6.6	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.6\(1\)t3	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.10.2	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	17.2.1	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.6\(2\)t3	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	17.3.3a	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	17.3.4b	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.8.1b	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.9.1b	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.12.2s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	17.3.4a	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.7\(3\)m	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.6.1	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.8\(3\)m0b	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.8\(3\)m1	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.6\(3\)m1a	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.6\(3\)m4	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.6\(3\)m2a	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.7\(3\)m1	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.10.1d	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.7\(3\)m7	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	17.2.3	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.12.1t	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.10.1c	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.8\(3\)m3b	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.9\(3\)m	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.2\(7\)e	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.8.1c	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.6\(3\)m	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.8\(3\)m3	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.5.1	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	17.2.2	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.5.1a	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.6.9	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.7\(3\)m2	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.9\(3\)m0a	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.7\(3\)m0a	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.9\(3\)m4	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.12.3s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.12.5	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.8.2	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.4.3	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.10.1f	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.9.2a	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.6.5a	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.8\(3\)m3a	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.9\(3\)m3b	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.5.1b	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	17.3.1w	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.11.1a	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.9.4c	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.6.3	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.6\(3\)m1b	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.6.4	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	17.4.1c	Trust: 1.0
vendor:	cisco	model:	ic3000 industrial compute gateway	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.7\(3\)m4b	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.9.6	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	17.3.1	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	17.3.3	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.8\(3\)m6	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.12.1	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.11.1	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	17.2.1r	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.6\(3\)m6a	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.7.1	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.9.7	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.6\(3\)m5	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.9\(3\)m3	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.12.5a	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.12.2t	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.9.2s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.9.5	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	17.4.1	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.8\(3\)m4	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.6.7	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.3.8	Trust: 1.0
vendor:	cisco	model:	ir510 operating system	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.12.1a	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	17.1.3	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.12.4a	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	17.3.4	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.9.3	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	17.3.4c	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.6\(3\)m6	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.9\(3\)m2	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.10.1g	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.8\(3\)m0a	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.11.1c	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.3.1a	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.8\(3\)m2a	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.7.1b	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.12.2	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	17.2.1a	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	17.3.2	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.9.1a	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	17.3.2a	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.7\(3\)m9	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.5.3	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.6\(2\)t1	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.9.3a	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.12.1s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	17.4.1a	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	17.1.1s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.10.1	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.9\(3\)m1	Trust: 1.0
vendor:	cisco	model:	cgr1000 compute module	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.5.2	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.9.3s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.8.1a	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.11.1s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.8.1e	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.6.10	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.2\(5\)e2c	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.6.5b	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.3.11	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.9.1	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.9.1c	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.12.1c	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.6\(3\)m3a	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.11.1b	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.8\(3\)m	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.7.2	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.7.1a	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	17.1.2	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.12.2a	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.7\(3\)m8	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.6\(2\)t2	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.2\(6\)e0a	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	17.3.1a	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.3.5b	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.3.6	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.3.2	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.6\(3\)m2	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.3.3	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.9.2	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.8\(3\)m1a	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.10.3	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.2\(6\)e2a	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.2\(5\)e1	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.2\(6\)e1	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.4.2	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.7.4	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	17.3.1z	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.3.10	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.7.3	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.12.3a	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.9.4	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	17.1.1	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	17.6.1a	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.8\(3\)m7	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.9\(3\)m2a	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.9.1s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	17.4.2	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.10.1a	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	17.5.1a	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.3.4	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.12.1w	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	17.3.1x	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.3.7	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	17.2.1v	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.6\(2\)t	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.6\(3\)m7	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.12.1x	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.6.2	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.6\(1\)t1	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.3.1	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	17.6.1	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.8\(3\)m5	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.2\(7\)e0s	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.8\(3\)m2	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.6\(3\)m9	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.3.9	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.10.1b	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	17.4.1b	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.7\(3\)m6	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.6\(3\)m0a	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.6\(3\)m8	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	17.1.1a	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.9.1d	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.9.8	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.6\(3\)m3	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.8.1s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.9.3h	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	17.1.1t	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.8.1	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.10.1e	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.12.4	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.8.1d	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.7\(3\)m4a	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.6.8	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.12.3	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.9.5f	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.9\(3\)m4a	Trust: 1.0
vendor:	シスコシステムズ	model:	cisco ios xe	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco ios	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco ic3000 産業用コンピューティングゲートウェイ	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco ir510 wpan	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco cgr1000 コンピュートモジュール	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2022-010806 // NVD: CVE-2022-20725

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-20725
value:	MEDIUM
Trust: 1.0
ykramarz@cisco.com:	CVE-2022-20725
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2022-20725
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202204-3310
value:	MEDIUM
Trust: 0.6
VULMON:	CVE-2022-20725
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2022-20725
severity:	LOW
baseScore:	3.5
vectorString:	AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	6.8
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9

nvd@nist.gov:	CVE-2022-20725
baseSeverity:	MEDIUM
baseScore:	4.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	1.7
impactScore:	2.7
version:	3.1
Trust: 1.0
ykramarz@cisco.com:	CVE-2022-20725
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	1.2
impactScore:	4.2
version:	3.1
Trust: 1.0
NVD:	CVE-2022-20725
baseSeverity:	MEDIUM
baseScore:	4.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULMON: CVE-2022-20725 // JVNDB: JVNDB-2022-010806 // CNNVD: CNNVD-202204-3310 // NVD: CVE-2022-20725 // NVD: CVE-2022-20725

PROBLEMTYPE DATA

problemtype:	CWE-22	Trust: 1.0
problemtype:	CWE-79	Trust: 1.0
problemtype:	Cross-site scripting (CWE-79) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2022-010806 // NVD: CVE-2022-20725

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202204-3310

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-202204-3310

PATCH

title:	cisco-sa-iox-yuXQ6hFj	url:	https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iox-yuXQ6hFj	Trust: 0.8
title:	Cisco: Cisco IOx Application Hosting Environment Vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-iox-yuXQ6hFj	Trust: 0.1
title:	CVE-2022-XXXX	url:	https://github.com/AlphabugX/CVE-2022-23305	Trust: 0.1
title:	CVE-2022-XXXX	url:	https://github.com/AlphabugX/CVE-2022-RCE	Trust: 0.1

sources: VULMON: CVE-2022-20725 // JVNDB: JVNDB-2022-010806

EXTERNAL IDS

db:	NVD	id:	CVE-2022-20725	Trust: 3.3
db:	JVNDB	id:	JVNDB-2022-010806	Trust: 0.8
db:	CS-HELP	id:	SB2022041415	Trust: 0.6
db:	CNNVD	id:	CNNVD-202204-3310	Trust: 0.6
db:	VULMON	id:	CVE-2022-20725	Trust: 0.1

sources: VULMON: CVE-2022-20725 // JVNDB: JVNDB-2022-010806 // CNNVD: CNNVD-202204-3310 // NVD: CVE-2022-20725

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-iox-yuxq6hfj	Trust: 1.8
url:	https://github.com/orangecertcc/security-research/security/advisories/ghsa-q2v9-qpmg-4qc4	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2022-20725	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2022-20725/	Trust: 0.6
url:	https://vigilance.fr/vulnerability/cisco-ios-ios-xe-multiple-vulnerabilities-via-application-hosting-environment-38057	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022041415	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/79.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://github.com/alphabugx/cve-2022-23305	Trust: 0.1

sources: VULMON: CVE-2022-20725 // JVNDB: JVNDB-2022-010806 // CNNVD: CNNVD-202204-3310 // NVD: CVE-2022-20725

SOURCES

db:	VULMON	id:	CVE-2022-20725
db:	JVNDB	id:	JVNDB-2022-010806
db:	CNNVD	id:	CNNVD-202204-3310
db:	NVD	id:	CVE-2022-20725

LAST UPDATE DATE

2024-08-14T13:53:29.401000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2022-20725	date:	2023-11-07T00:00:00
db:	JVNDB	id:	JVNDB-2022-010806	date:	2023-08-17T06:43:00
db:	CNNVD	id:	CNNVD-202204-3310	date:	2023-07-25T00:00:00
db:	NVD	id:	CVE-2022-20725	date:	2023-11-07T03:42:44.517

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2022-20725	date:	2022-04-15T00:00:00
db:	JVNDB	id:	JVNDB-2022-010806	date:	2023-08-17T00:00:00
db:	CNNVD	id:	CNNVD-202204-3310	date:	2022-04-13T00:00:00
db:	NVD	id:	CVE-2022-20725	date:	2022-04-15T15:15:13.510