Details of VAR-202205-1576

ID

VAR-202205-1576

CVE

CVE-2022-20797

TITLE

Cisco Secure Network Analytics In OS Command injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2022-011228

DESCRIPTION

A vulnerability in the web-based management interface of Cisco Secure Network Analytics, formerly Cisco Stealthwatch Enterprise, could allow an authenticated, remote attacker to execute arbitrary commands as an administrator on the underlying operating system. This vulnerability is due to insufficient user input validation by the web-based management interface of the affected software. An attacker could exploit this vulnerability by injecting arbitrary commands in the web-based management interface. A successful exploit could allow the attacker to make configuration changes on the affected device or cause certain services to restart unexpectedly. (DoS) It may be in a state. Cisco Secure Network Analytics is one of Cisco's most comprehensive visibility and network traffic analysis (Nta)/network detection and response (Ndr) solutions. Used to provide continuous, real-time monitoring and a pervasive view of all network traffic. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-stealth-rce-2hYb9KFK Attention: Simplifying the Cisco portfolio includes the renaming of security products under one brand: Cisco Secure. For more information, see Meet Cisco Secure

Trust: 1.8

sources: NVD: CVE-2022-20797 // JVNDB: JVNDB-2022-011228 // VULHUB: VHN-405350 // VULMON: CVE-2022-20797

AFFECTED PRODUCTS

vendor:	cisco	model:	secure network analytics	scope:	lt	version:	7.4.1	Trust: 1.0
vendor:	シスコシステムズ	model:	cisco secure network analytics	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco secure network analytics	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2022-011228 // NVD: CVE-2022-20797

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-20797
value:	CRITICAL
Trust: 1.0
ykramarz@cisco.com:	CVE-2022-20797
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2022-20797
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-202205-3743
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-405350
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2022-20797
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-405350
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2022-20797
baseSeverity:	CRITICAL
baseScore:	9.1
vectorString:	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.3
impactScore:	6.0
version:	3.1
Trust: 1.0
ykramarz@cisco.com:	CVE-2022-20797
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:L
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	NONE
integrityImpact:	LOW
availabilityImpact:	LOW
exploitabilityScore:	2.3
impactScore:	2.7
version:	3.1
Trust: 1.0
NVD:	CVE-2022-20797
baseSeverity:	CRITICAL
baseScore:	9.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-405350 // JVNDB: JVNDB-2022-011228 // CNNVD: CNNVD-202205-3743 // NVD: CVE-2022-20797 // NVD: CVE-2022-20797

PROBLEMTYPE DATA

problemtype:	CWE-78	Trust: 1.1
problemtype:	CWE-20	Trust: 1.0
problemtype:	OS Command injection (CWE-78) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-405350 // JVNDB: JVNDB-2022-011228 // NVD: CVE-2022-20797

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202205-3743

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-202205-3743

PATCH

title:	cisco-sa-stealth-rce-2hYb9KFK	url:	https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-stealth-rce-2hYb9KFK	Trust: 0.8
title:	Cisco Secure Network Analytics Fixes for operating system command injection vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=195513	Trust: 0.6
title:	Cisco: Cisco Secure Network Analytics Remote Code Execution Vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-stealth-rce-2hYb9KFK	Trust: 0.1

sources: VULMON: CVE-2022-20797 // JVNDB: JVNDB-2022-011228 // CNNVD: CNNVD-202205-3743

EXTERNAL IDS

db:	NVD	id:	CVE-2022-20797	Trust: 3.4
db:	JVNDB	id:	JVNDB-2022-011228	Trust: 0.8
db:	CNNVD	id:	CNNVD-202205-3743	Trust: 0.7
db:	CS-HELP	id:	SB2022051902	Trust: 0.6
db:	CNVD	id:	CNVD-2022-50668	Trust: 0.1
db:	VULHUB	id:	VHN-405350	Trust: 0.1
db:	VULMON	id:	CVE-2022-20797	Trust: 0.1

sources: VULHUB: VHN-405350 // VULMON: CVE-2022-20797 // JVNDB: JVNDB-2022-011228 // CNNVD: CNNVD-202205-3743 // NVD: CVE-2022-20797

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-stealth-rce-2hyb9kfk	Trust: 2.4
url:	https://nvd.nist.gov/vuln/detail/cve-2022-20797	Trust: 0.8
url:	https://www.cybersecurity-help.cz/vdb/sb2022051902	Trust: 0.6
url:	https://cxsecurity.com/cveshow/cve-2022-20797/	Trust: 0.6

sources: VULHUB: VHN-405350 // VULMON: CVE-2022-20797 // JVNDB: JVNDB-2022-011228 // CNNVD: CNNVD-202205-3743 // NVD: CVE-2022-20797

SOURCES

db:	VULHUB	id:	VHN-405350
db:	VULMON	id:	CVE-2022-20797
db:	JVNDB	id:	JVNDB-2022-011228
db:	CNNVD	id:	CNNVD-202205-3743
db:	NVD	id:	CVE-2022-20797

LAST UPDATE DATE

2024-11-23T22:24:49.895000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-405350	date:	2022-06-09T00:00:00
db:	JVNDB	id:	JVNDB-2022-011228	date:	2023-08-21T05:44:00
db:	CNNVD	id:	CNNVD-202205-3743	date:	2022-06-10T00:00:00
db:	NVD	id:	CVE-2022-20797	date:	2024-11-21T06:43:34.530

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-405350	date:	2022-05-27T00:00:00
db:	JVNDB	id:	JVNDB-2022-011228	date:	2023-08-21T00:00:00
db:	CNNVD	id:	CNNVD-202205-3743	date:	2022-05-18T00:00:00
db:	NVD	id:	CVE-2022-20797	date:	2022-05-27T14:15:08.673