CVE-2022-20718 MEDIUM

CVE-2022-20718: Cisco IOx Application Hosting Environment Vulnerabilities

Vendor Cisco
Product Cisco IOS
Weakness CWE-22 · Path traversal
Published April 15, 2022
Last update September 17, 2024

CVSS base score

5.5/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction None
Confidentiality Low
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:N

What the vulnerability does

01Description

Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software. For more information about these vulnerabilities, see the Details section of this advisory.

Key dates

02Disclosure timeline

April 15, 2022 CVE published
September 17, 2024 Record updated