CVSS: 9.0EPSS: 0%CPEs: 142EXPL: 0CVE-2022-20720 – Cisco IOx Application Hosting Environment Vulnerabilities
https://notcve.org/view.php?id=CVE-2022-20720
15 Apr 2022 — Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software. For more information about these vulnerabilities, see the Details section of this advisory. Múltiples vulnerabil... • https://github.com/orangecertcc/security-research/security/advisories/GHSA-4qmq-rfw6-f2x2 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 6.8EPSS: 0%CPEs: 142EXPL: 0CVE-2022-20721 – Cisco IOx Application Hosting Environment Vulnerabilities
https://notcve.org/view.php?id=CVE-2022-20721
15 Apr 2022 — Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software. For more information about these vulnerabilities, see the Details section of this advisory. Múltiples vulnerabil... • https://github.com/orangecertcc/security-research/security/advisories/GHSA-p3w5-w45c-c34x • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.8EPSS: 0%CPEs: 142EXPL: 0CVE-2022-20722 – Cisco IOx Application Hosting Environment Vulnerabilities
https://notcve.org/view.php?id=CVE-2022-20722
15 Apr 2022 — Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software. For more information about these vulnerabilities, see the Details section of this advisory. Múltiples vulnerabil... • https://github.com/orangecertcc/security-research/security/advisories/GHSA-2qx4-9cr7-gg38 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.0EPSS: 0%CPEs: 142EXPL: 1CVE-2022-20723 – Cisco IOx Application Hosting Environment Vulnerabilities
https://notcve.org/view.php?id=CVE-2022-20723
15 Apr 2022 — Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software. For more information about these vulnerabilities, see the Details section of this advisory. Múltiples vulnerabil... • https://github.com/orangecertcc/security-research/security/advisories/GHSA-cq9c-3cwm-7j7q • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.6EPSS: 0%CPEs: 214EXPL: 1CVE-2022-20724 – Cisco IOx Application Hosting Environment Vulnerabilities
https://notcve.org/view.php?id=CVE-2022-20724
15 Apr 2022 — Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software. For more information about these vulnerabilities, see the Details section of this advisory. Múltiples vulnerabil... • https://github.com/orangecertcc/security-research/security/advisories/GHSA-xr7h-wjgg-h3rp • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 5.5EPSS: 0%CPEs: 278EXPL: 0CVE-2022-20725 – Cisco IOx Application Hosting Environment Vulnerabilities
https://notcve.org/view.php?id=CVE-2022-20725
15 Apr 2022 — Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software. For more information about these vulnerabilities, see the Details section of this advisory. Múltiples vulnerabil... • https://github.com/orangecertcc/security-research/security/advisories/GHSA-q2v9-qpmg-4qc4 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 0%CPEs: 214EXPL: 0CVE-2022-20727 – Cisco IOx Application Hosting Environment Vulnerabilities
https://notcve.org/view.php?id=CVE-2022-20727
15 Apr 2022 — Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software. For more information about these vulnerabilities, see the Details section of this advisory. Múltiples vulnerabil... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iox-yuXQ6hFj • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.2EPSS: 0%CPEs: 29EXPL: 0CVE-2022-20676 – Cisco IOS XE Software Tool Command Language Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-20676
15 Apr 2022 — A vulnerability in the Tool Command Language (Tcl) interpreter of Cisco IOS XE Software could allow an authenticated, local attacker to escalate from privilege level 15 to root-level privileges. This vulnerability is due to insufficient input validation of data that is passed into the Tcl interpreter. An attacker could exploit this vulnerability by loading malicious Tcl code on an affected device. A successful exploit could allow the attacker to execute arbitrary commands as root. By default, Tcl shell acce... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-priv-esc-grbtubU • CWE-20: Improper Input Validation CWE-250: Execution with Unnecessary Privileges •
CVSS: 8.6EPSS: 0%CPEs: 28EXPL: 0CVE-2022-20678 – Cisco IOS XE Software AppNav-XE Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2022-20678
15 Apr 2022 — A vulnerability in the AppNav-XE feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. This vulnerability is due to the incorrect handling of certain TCP segments. An attacker could exploit this vulnerability by sending a stream of crafted TCP traffic at a high rate through an interface of an affected device. That interface would need to have AppNav interception enabled. A successful exploit c... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-appnav-xe-dos-j5MXTR4 • CWE-413: Improper Resource Locking CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 7.7EPSS: 0%CPEs: 109EXPL: 0CVE-2022-20679 – Cisco IOS XE Software IPSec Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2022-20679
15 Apr 2022 — A vulnerability in the IPSec decryption routine of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. This vulnerability is due to buffer exhaustion that occurs while traffic on a configured IPsec tunnel is being processed. An attacker could exploit this vulnerability by sending traffic to an affected device that has a maximum transmission unit (MTU) of 1800 bytes or greater. A successful exploit coul... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-qfp-ipsec-GQmqvtqV • CWE-20: Improper Input Validation •