ID

VAR-202204-1039


CVE

CVE-2022-20676


TITLE

Cisco IOS XE  Input validation vulnerability in software

Trust: 0.8

sources: JVNDB: JVNDB-2022-009566

DESCRIPTION

A vulnerability in the Tool Command Language (Tcl) interpreter of Cisco IOS XE Software could allow an authenticated, local attacker to escalate from privilege level 15 to root-level privileges. This vulnerability is due to insufficient input validation of data that is passed into the Tcl interpreter. An attacker could exploit this vulnerability by loading malicious Tcl code on an affected device. A successful exploit could allow the attacker to execute arbitrary commands as root. By default, Tcl shell access requires privilege level 15. Cisco IOS XE The software contains an input validation vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Cisco IOS XE is an operating system developed by Cisco for its network equipment

Trust: 1.8

sources: NVD: CVE-2022-20676 // JVNDB: JVNDB-2022-009566 // VULHUB: VHN-405229 // VULMON: CVE-2022-20676

AFFECTED PRODUCTS

vendor:ciscomodel:ios xescope:eqversion:17.4.2a

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:17.5.1c

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:17.5.1a

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:17.2.1r

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:17.3.1w

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:17.4.2

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:17.3.2

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:17.3.4c

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:17.3.4

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:16.12.1z2

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:17.3.1x

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:17.2.3

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:17.4.1

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:17.4.1c

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:17.3.3a

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:17.3.3

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:17.4.1b

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:17.3.4a

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:17.3.1z

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:17.3.1a

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:17.3.2a

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:17.3.4b

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:17.2.1

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:17.2.1v

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:17.3.1

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:17.2.1a

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:17.5.1

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:17.4.1a

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:17.2.2

Trust: 1.0

vendor:シスコシステムズmodel:cisco ios xescope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco ios xescope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2022-009566 // NVD: CVE-2022-20676

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-20676
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2022-20676
value: MEDIUM

Trust: 1.0

NVD: CVE-2022-20676
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202204-3307
value: MEDIUM

Trust: 0.6

VULHUB: VHN-405229
value: HIGH

Trust: 0.1

VULMON: CVE-2022-20676
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2022-20676
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-405229
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2022-20676
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.8
impactScore: 5.9
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2022-20676
baseSeverity: MEDIUM
baseScore: 5.1
vectorString: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 0.8
impactScore: 4.2
version: 3.1

Trust: 1.0

NVD: CVE-2022-20676
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-405229 // VULMON: CVE-2022-20676 // JVNDB: JVNDB-2022-009566 // CNNVD: CNNVD-202204-3307 // NVD: CVE-2022-20676 // NVD: CVE-2022-20676

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.1

problemtype:CWE-250

Trust: 1.0

problemtype:Inappropriate input confirmation (CWE-20) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-405229 // JVNDB: JVNDB-2022-009566 // NVD: CVE-2022-20676

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202204-3307

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202204-3307

PATCH

title:cisco-sa-iosxe-priv-esc-grbtubUurl:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-priv-esc-grbtubU

Trust: 0.8

title:Cisco: Cisco IOS XE Software Tool Command Language Privilege Escalation Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-iosxe-priv-esc-grbtubU

Trust: 0.1

title:CVE-2022-XXXXurl:https://github.com/AlphabugX/CVE-2022-23305

Trust: 0.1

title:CVE-2022-XXXXurl:https://github.com/AlphabugX/CVE-2022-RCE

Trust: 0.1

sources: VULMON: CVE-2022-20676 // JVNDB: JVNDB-2022-009566

EXTERNAL IDS

db:NVDid:CVE-2022-20676

Trust: 3.4

db:JVNDBid:JVNDB-2022-009566

Trust: 0.8

db:CS-HELPid:SB2022041414

Trust: 0.6

db:CNNVDid:CNNVD-202204-3307

Trust: 0.6

db:CNVDid:CNVD-2022-55149

Trust: 0.1

db:VULHUBid:VHN-405229

Trust: 0.1

db:VULMONid:CVE-2022-20676

Trust: 0.1

sources: VULHUB: VHN-405229 // VULMON: CVE-2022-20676 // JVNDB: JVNDB-2022-009566 // CNNVD: CNNVD-202204-3307 // NVD: CVE-2022-20676

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-iosxe-priv-esc-grbtubu

Trust: 1.9

url:https://nvd.nist.gov/vuln/detail/cve-2022-20676

Trust: 0.8

url:https://cxsecurity.com/cveshow/cve-2022-20676/

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022041414

Trust: 0.6

url:https://vigilance.fr/vulnerability/cisco-ios-xe-privilege-escalation-via-tool-command-language-38055

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/20.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://github.com/alphabugx/cve-2022-23305

Trust: 0.1

sources: VULHUB: VHN-405229 // VULMON: CVE-2022-20676 // JVNDB: JVNDB-2022-009566 // CNNVD: CNNVD-202204-3307 // NVD: CVE-2022-20676

SOURCES

db:VULHUBid:VHN-405229
db:VULMONid:CVE-2022-20676
db:JVNDBid:JVNDB-2022-009566
db:CNNVDid:CNNVD-202204-3307
db:NVDid:CVE-2022-20676

LAST UPDATE DATE

2024-08-14T13:42:53.686000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-405229date:2022-10-27T00:00:00
db:VULMONid:CVE-2022-20676date:2023-11-07T00:00:00
db:JVNDBid:JVNDB-2022-009566date:2023-08-07T07:35:00
db:CNNVDid:CNNVD-202204-3307date:2022-04-26T00:00:00
db:NVDid:CVE-2022-20676date:2024-03-06T15:24:05.660

SOURCES RELEASE DATE

db:VULHUBid:VHN-405229date:2022-04-15T00:00:00
db:VULMONid:CVE-2022-20676date:2022-04-15T00:00:00
db:JVNDBid:JVNDB-2022-009566date:2023-08-07T00:00:00
db:CNNVDid:CNNVD-202204-3307date:2022-04-13T00:00:00
db:NVDid:CVE-2022-20676date:2022-04-15T15:15:12.353