CVE-2022-20865
MEDIUMCisco FXOS Software - Authenticated OS Command Injection via CLI
Title source: llmDescription
A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The attacker would need to have Administrator privileges on the device. This vulnerability is due to insufficient input validation of commands supplied by the user. An attacker could exploit this vulnerability by authenticating to a device and submitting crafted input to the affected command. A successful exploit could allow the attacker to execute commands on the underlying operating system with root privileges.
References (1)
Core 1
Core References
Vendor Advisory vendor-advisory
x_refsource_cisco
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fxos-cmdinj-TxcLNZNH
Scores
CVSS v3
6.7
EPSS
0.0022
EPSS Percentile
44.0%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-78
Status
published
Products (12)
cisco/firepower_4110_firmware
cisco/firepower_4112_firmware
cisco/firepower_4115_firmware
cisco/firepower_4120_firmware
cisco/firepower_4125_firmware
cisco/firepower_4140_firmware
cisco/firepower_4145_firmware
cisco/firepower_4150_firmware
cisco/firepower_9300_sm-40_firmware
cisco/firepower_9300_sm-48_firmware
... and 2 more
Published
Aug 25, 2022
Tracked Since
Feb 18, 2026