Details of VAR-202204-1039

ID

VAR-202204-1039

CVE

CVE-2022-20676

TITLE

Cisco IOS XE Input validation vulnerability in software

Trust: 0.8

sources: JVNDB: JVNDB-2022-009566

DESCRIPTION

A vulnerability in the Tool Command Language (Tcl) interpreter of Cisco IOS XE Software could allow an authenticated, local attacker to escalate from privilege level 15 to root-level privileges. This vulnerability is due to insufficient input validation of data that is passed into the Tcl interpreter. An attacker could exploit this vulnerability by loading malicious Tcl code on an affected device. A successful exploit could allow the attacker to execute arbitrary commands as root. By default, Tcl shell access requires privilege level 15. Cisco IOS XE The software contains an input validation vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Cisco IOS XE is an operating system developed by Cisco for its network equipment

Trust: 1.8

sources: NVD: CVE-2022-20676 // JVNDB: JVNDB-2022-009566 // VULHUB: VHN-405229 // VULMON: CVE-2022-20676

AFFECTED PRODUCTS

vendor:	cisco	model:	ios xe	scope:	eq	version:	17.4.2a	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	17.5.1c	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	17.5.1a	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	17.2.1r	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	17.3.1w	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	17.4.2	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	17.3.2	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	17.3.4c	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	17.3.4	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.12.1z2	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	17.3.1x	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	17.2.3	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	17.4.1	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	17.4.1c	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	17.3.3a	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	17.3.3	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	17.4.1b	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	17.3.4a	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	17.3.1z	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	17.3.1a	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	17.3.2a	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	17.3.4b	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	17.2.1	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	17.2.1v	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	17.3.1	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	17.2.1a	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	17.5.1	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	17.4.1a	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	17.2.2	Trust: 1.0
vendor:	シスコシステムズ	model:	cisco ios xe	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco ios xe	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2022-009566 // NVD: CVE-2022-20676

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-20676
value:	MEDIUM
Trust: 1.0
ykramarz@cisco.com:	CVE-2022-20676
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2022-20676
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202204-3307
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-405229
value:	HIGH
Trust: 0.1
VULMON:	CVE-2022-20676
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2022-20676
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-405229
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2022-20676
baseSeverity:	MEDIUM
baseScore:	6.7
vectorString:	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	0.8
impactScore:	5.9
version:	3.1
Trust: 1.0
ykramarz@cisco.com:	CVE-2022-20676
baseSeverity:	MEDIUM
baseScore:	5.1
vectorString:	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	0.8
impactScore:	4.2
version:	3.1
Trust: 1.0
NVD:	CVE-2022-20676
baseSeverity:	MEDIUM
baseScore:	6.7
vectorString:	CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-405229 // VULMON: CVE-2022-20676 // JVNDB: JVNDB-2022-009566 // CNNVD: CNNVD-202204-3307 // NVD: CVE-2022-20676 // NVD: CVE-2022-20676

PROBLEMTYPE DATA

problemtype:	CWE-20	Trust: 1.1
problemtype:	CWE-250	Trust: 1.0
problemtype:	Inappropriate input confirmation (CWE-20) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-405229 // JVNDB: JVNDB-2022-009566 // NVD: CVE-2022-20676

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202204-3307

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202204-3307

PATCH

title:	cisco-sa-iosxe-priv-esc-grbtubU	url:	https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-priv-esc-grbtubU	Trust: 0.8
title:	Cisco: Cisco IOS XE Software Tool Command Language Privilege Escalation Vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-iosxe-priv-esc-grbtubU	Trust: 0.1
title:	CVE-2022-XXXX	url:	https://github.com/AlphabugX/CVE-2022-23305	Trust: 0.1
title:	CVE-2022-XXXX	url:	https://github.com/AlphabugX/CVE-2022-RCE	Trust: 0.1

sources: VULMON: CVE-2022-20676 // JVNDB: JVNDB-2022-009566

EXTERNAL IDS

db:	NVD	id:	CVE-2022-20676	Trust: 3.4
db:	JVNDB	id:	JVNDB-2022-009566	Trust: 0.8
db:	CS-HELP	id:	SB2022041414	Trust: 0.6
db:	CNNVD	id:	CNNVD-202204-3307	Trust: 0.6
db:	CNVD	id:	CNVD-2022-55149	Trust: 0.1
db:	VULHUB	id:	VHN-405229	Trust: 0.1
db:	VULMON	id:	CVE-2022-20676	Trust: 0.1

sources: VULHUB: VHN-405229 // VULMON: CVE-2022-20676 // JVNDB: JVNDB-2022-009566 // CNNVD: CNNVD-202204-3307 // NVD: CVE-2022-20676

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-iosxe-priv-esc-grbtubu	Trust: 1.9
url:	https://nvd.nist.gov/vuln/detail/cve-2022-20676	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2022-20676/	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022041414	Trust: 0.6
url:	https://vigilance.fr/vulnerability/cisco-ios-xe-privilege-escalation-via-tool-command-language-38055	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/20.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://github.com/alphabugx/cve-2022-23305	Trust: 0.1

sources: VULHUB: VHN-405229 // VULMON: CVE-2022-20676 // JVNDB: JVNDB-2022-009566 // CNNVD: CNNVD-202204-3307 // NVD: CVE-2022-20676

SOURCES

db:	VULHUB	id:	VHN-405229
db:	VULMON	id:	CVE-2022-20676
db:	JVNDB	id:	JVNDB-2022-009566
db:	CNNVD	id:	CNNVD-202204-3307
db:	NVD	id:	CVE-2022-20676

LAST UPDATE DATE

2024-08-14T13:42:53.686000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-405229	date:	2022-10-27T00:00:00
db:	VULMON	id:	CVE-2022-20676	date:	2023-11-07T00:00:00
db:	JVNDB	id:	JVNDB-2022-009566	date:	2023-08-07T07:35:00
db:	CNNVD	id:	CNNVD-202204-3307	date:	2022-04-26T00:00:00
db:	NVD	id:	CVE-2022-20676	date:	2024-03-06T15:24:05.660

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-405229	date:	2022-04-15T00:00:00
db:	VULMON	id:	CVE-2022-20676	date:	2022-04-15T00:00:00
db:	JVNDB	id:	JVNDB-2022-009566	date:	2023-08-07T00:00:00
db:	CNNVD	id:	CNNVD-202204-3307	date:	2022-04-13T00:00:00
db:	NVD	id:	CVE-2022-20676	date:	2022-04-15T15:15:12.353