CVE-2022-20655
8.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Summary
A vulnerability in the implementation of the CLI on a device that is running ConfD could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient validation of a process argument on an affected device. An attacker could exploit this vulnerability by injecting commands during the execution of this process. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the privilege level of ConfD, which is commonly root.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Cisco | Cisco IOS XR Software | N/A | affected |
| Cisco | Cisco Virtual Topology System (VTS) | N/A | affected |
| Cisco | Cisco Network Services Orchestrator | N/A | affected |
| Cisco | Cisco Enterprise NFV Infrastructure Software | N/A | affected |
| Cisco | Cisco Catalyst SD-WAN | N/A | affected |
| Cisco | Cisco Catalyst SD-WAN Manager | N/A | affected |
| Cisco | Cisco IOS XE Catalyst SD-WAN | N/A | affected |
| Cisco | Cisco SD-WAN vEdge Router | N/A | affected |
| Cisco | Cisco Ultra Gateway Platform | N/A | affected |
| Cisco | Cisco Carrier Packet Transport | 3.5 | affected |
| Cisco | Cisco Carrier Packet Transport | 3.1 | affected |
| Cisco | Cisco Carrier Packet Transport | 3.2 | affected |
| Cisco | Cisco Carrier Packet Transport | 2.5 | affected |
| Cisco | Cisco Carrier Packet Transport | 2.0 | affected |
| Cisco | Cisco Carrier Packet Transport | 9.2.2 | affected |
| Cisco | Cisco Carrier Packet Transport | 1.4.0 | affected |
| Cisco | Cisco Carrier Packet Transport | 1.0 | affected |
| Cisco | Cisco Carrier Packet Transport | 1.1 | affected |
| Cisco | Cisco Carrier Packet Transport | 1.2 | affected |
| Cisco | Cisco Carrier Packet Transport | 2.1.0 | affected |
| Cisco | Cisco Carrier Packet Transport | 2.3.0 | affected |
| Cisco | Cisco Carrier Packet Transport | 2.3.3 | affected |
| Cisco | Cisco Carrier Packet Transport | 2.3.5 | affected |
| Cisco | Cisco Carrier Packet Transport | 2.3.4 | affected |
| Cisco | Cisco Carrier Packet Transport | 2.0.1 | affected |
| Cisco | Cisco Carrier Packet Transport | 2.0.0 | affected |
| Cisco | Cisco Carrier Packet Transport | 2.0.3 | affected |
| Cisco | Cisco Carrier Packet Transport | 2.0.4 | affected |
| Cisco | Cisco Carrier Packet Transport | 2.0.5 | affected |
| Cisco | Cisco Carrier Packet Transport | 2.4.0 | affected |
| Cisco | Cisco Carrier Packet Transport | 2.2.2 | affected |
| Cisco | Cisco Carrier Packet Transport | 2.2.3 | affected |
| Cisco | Cisco Carrier Packet Transport | 10.8.0 | affected |
| Cisco | Cisco Carrier Packet Transport | 7.0.3 | affected |
| Cisco | Cisco Carrier Packet Transport | 7.0.1 | affected |
| Cisco | Cisco Carrier Packet Transport | 1.0.2 | affected |
| Cisco | Cisco Carrier Packet Transport | 1.1.1 | affected |
| Cisco | Cisco Carrier Packet Transport | 1.1.2 | affected |
| Cisco | Cisco Carrier Packet Transport | 4.1 | affected |
| Cisco | Cisco Carrier Packet Transport | 4.0 | affected |
| Cisco | Cisco Carrier Packet Transport | 12.1.0 | affected |
| Cisco | Cisco Carrier Packet Transport | 9.8.1 | affected |
| Cisco | Cisco Carrier Packet Transport | 9.8.0 | affected |
| Cisco | Cisco Carrier Packet Transport | 4.1.82 | affected |
| Cisco | Cisco Carrier Packet Transport | 4.1.4 | affected |
| Cisco | Cisco Carrier Packet Transport | 4.6.1 | affected |
| Cisco | Cisco Carrier Packet Transport | 4.0.4 | affected |
| Cisco | Cisco Carrier Packet Transport | 4.0.3 | affected |
| Cisco | Cisco Carrier Packet Transport | 6.2.4 | affected |
| Cisco | Cisco Carrier Packet Transport | 3.0.5 | affected |
| Cisco | Cisco Carrier Packet Transport | 3.0.6 | affected |
| Cisco | Cisco Carrier Packet Transport | 3.0.7 | affected |
| Cisco | Cisco Carrier Packet Transport | 3.0.3 | affected |
| Cisco | Cisco Carrier Packet Transport | 3.0.0 | affected |
| Cisco | Cisco Carrier Packet Transport | 9.5.0 | affected |
| Cisco | Cisco Carrier Packet Transport | 9.5.3 | affected |
| Cisco | Cisco Carrier Packet Transport | 9.5.1 | affected |
| Cisco | Cisco Carrier Packet Transport | 9.5.2 | affected |
| Cisco | Cisco Carrier Packet Transport | 9.7.0 | affected |
| Cisco | Cisco Carrier Packet Transport | 9.521 | affected |
| Cisco | Cisco Carrier Packet Transport | 4.5.0 | affected |
| Cisco | Cisco Carrier Packet Transport | 4.7.0 | affected |
| Cisco | Cisco Carrier Packet Transport | 3.2.0 | affected |
| Cisco | Cisco Carrier Packet Transport | 3.2.1 | affected |
| Cisco | Cisco Carrier Packet Transport | 3.1.0 | affected |
Weaknesses
- CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cli-cmdinj-4MttWZPB
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-confdcli-cmdinj-wybQDSSh
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.