CVE-2022-20652

Summary

A vulnerability in the web-based management interface and in the API subsystem of Cisco Tetration could allow an authenticated, remote attacker to inject arbitrary commands to be executed with root-level privileges on the underlying operating system. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by submitting a crafted HTTP message to the affected system. A successful exploit could allow the attacker to execute commands with root-level privileges. To exploit this vulnerability, an attacker would need valid administrator-level credentials.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

Affected Software

VendorProductVersion RangeStatus
CiscoCisco Secure Workload2.2.1.41affected
CiscoCisco Secure Workload3.2.1.18affected
CiscoCisco Secure Workload3.3.2.50affected
CiscoCisco Secure Workload3.4.1.28affected
CiscoCisco Secure Workload3.4.1.34affected
CiscoCisco Secure Workload2.3.1.45affected
CiscoCisco Secure Workload2.3.1.41affected
CiscoCisco Secure Workload3.3.2.28affected
CiscoCisco Secure Workload3.1.1.59affected
CiscoCisco Secure Workload2.0.2.20affected
CiscoCisco Secure Workload2.1.1.33affected
CiscoCisco Secure Workload2.1.1.29affected
CiscoCisco Secure Workload3.2.1.28affected
CiscoCisco Secure Workload3.4.1.35affected
CiscoCisco Secure Workload3.1.1.65affected
CiscoCisco Secure Workload3.1.1.67affected
CiscoCisco Secure Workload2.0.1.34affected
CiscoCisco Secure Workload2.3.1.49affected
CiscoCisco Secure Workload2.2.1.39affected
CiscoCisco Secure Workload3.4.1.19affected
CiscoCisco Secure Workload3.3.2.23affected
CiscoCisco Secure Workload3.1.1.61affected
CiscoCisco Secure Workload3.1.1.54affected
CiscoCisco Secure Workload3.5.1.17affected
CiscoCisco Secure Workload3.3.2.33affected
CiscoCisco Secure Workload3.5.1.1affected
CiscoCisco Secure Workload2.3.1.53affected
CiscoCisco Secure Workload3.5.1.20affected
CiscoCisco Secure Workload3.5.1.30affected
CiscoCisco Secure Workload3.3.2.16affected
CiscoCisco Secure Workload3.4.1.6affected
CiscoCisco Secure Workload2.3.1.50affected
CiscoCisco Secure Workload2.3.1.52affected
CiscoCisco Secure Workload3.2.1.19affected
CiscoCisco Secure Workload2.2.1.35affected
CiscoCisco Secure Workload3.1.1.53affected
CiscoCisco Secure Workload3.1.1.70affected
CiscoCisco Secure Workload3.2.1.20affected
CiscoCisco Secure Workload3.5.1.2affected
CiscoCisco Secure Workload1.103.1.12affected
CiscoCisco Secure Workload2.3.1.51affected
CiscoCisco Secure Workload3.3.2.42affected
CiscoCisco Secure Workload3.4.1.1affected
CiscoCisco Secure Workload3.3.2.12affected
CiscoCisco Secure Workload2.1.1.31affected
CiscoCisco Secure Workload3.5.1.23affected
CiscoCisco Secure Workload3.3.2.53affected
CiscoCisco Secure Workload3.4.1.14affected
CiscoCisco Secure Workload3.3.2.2affected
CiscoCisco Secure Workload3.4.1.20affected
CiscoCisco Secure Workload3.3.2.35affected
CiscoCisco Secure Workload1.102.21affected
CiscoCisco Secure Workload3.3.2.5affected

Weaknesses

  • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References