Sign-up

ID

VAR-202204-1620


CVE

CVE-2022-20677


TITLE

Cisco IOS XE Encryption problem vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202204-3348

DESCRIPTION

Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software. For more information about these vulnerabilities, see the Details section of this advisory

Trust: 0.99

sources: NVD: CVE-2022-20677 // VULMON: CVE-2022-20677

AFFECTED PRODUCTS

vendor:ciscomodel:iosscope:eqversion:17.6.1

Trust: 1.0

sources: NVD: CVE-2022-20677

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2022-20677
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-202204-3348
value: MEDIUM

Trust: 0.6

VULMON: CVE-2022-20677
value: HIGH

Trust: 0.1

VULMON: CVE-2022-20677
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: CVE-2022-20677
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.8
impactScore: 5.9
version: 3.1

Trust: 1.0

sources: VULMON: CVE-2022-20677 // CNNVD: CNNVD-202204-3348 // NVD: CVE-2022-20677

PROBLEMTYPE DATA

problemtype:CWE-326

Trust: 1.0

sources: NVD: CVE-2022-20677

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202204-3348

TYPE

encryption problem

Trust: 0.6

sources: CNNVD: CNNVD-202204-3348

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2022-20677

PATCH
title:Cisco: Cisco IOx Application Hosting Environment Vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-iox-yuxq6hfj
Trust: 0.1
sources:
            
            
            VULMON: CVE-2022-20677

EXTERNAL IDS
db:NVDid:CVE-2022-20677
Trust: 1.7
db:CS-HELPid:SB2022041416
Trust: 0.6
db:CNNVDid:CNNVD-202204-3348
Trust: 0.6
db:VULMONid:CVE-2022-20677
Trust: 0.1
sources:
            
            
            VULMON: CVE-2022-20677 // 
            
            
            
            CNNVD: CNNVD-202204-3348 // 
            
            
            
            NVD: CVE-2022-20677

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-iox-yuxq6hfj
Trust: 1.8
url:https://www.cybersecurity-help.cz/vdb/sb2022041416
Trust: 0.6
url:https://cxsecurity.com/cveshow/cve-2022-20677/
Trust: 0.6
url:https://vigilance.fr/vulnerability/cisco-ios-ios-xe-multiple-vulnerabilities-via-application-hosting-environment-38057
Trust: 0.6
url:https://cwe.mitre.org/data/definitions/326.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULMON: CVE-2022-20677 // 
            
            
            
            CNNVD: CNNVD-202204-3348 // 
            
            
            
            NVD: CVE-2022-20677

SOURCES
db:VULMONid:CVE-2022-20677
db:CNNVDid:CNNVD-202204-3348
db:NVDid:CVE-2022-20677

LAST UPDATE DATE
2022-05-04T09:08:16.602000+00:00

SOURCES UPDATE DATE
db:VULMONid:CVE-2022-20677date:2022-04-25T00:00:00
db:CNNVDid:CNNVD-202204-3348date:2022-04-26T00:00:00
db:NVDid:CVE-2022-20677date:2022-04-25T15:06:00

SOURCES RELEASE DATE
db:VULMONid:CVE-2022-20677date:2022-04-15T00:00:00
db:CNNVDid:CNNVD-202204-3348date:2022-04-13T00:00:00
db:NVDid:CVE-2022-20677date:2022-04-15T15:15:00