CVE-2022-20665
Cisco StarOS Command Injection Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A vulnerability in the CLI of Cisco StarOS could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerability is due to insufficient input validation of CLI commands. An attacker could exploit this vulnerability by sending crafted commands to the CLI. A successful exploit could allow the attacker to execute arbitrary code with the privileges of the root user. To exploit this vulnerability, an attacker would need to have valid administrative credentials on an affected device.
Una vulnerabilidad en la CLI de Cisco StarOS podría permitir a un atacante local autenticado elevar los privilegios en un dispositivo afectado. Esta vulnerabilidad es debido a que no ha sido comprobado suficientemente la entrada de los comandos de la CLI. Un atacante podría explotar esta vulnerabilidad mediante el envío de comandos diseñados a la CLI. Una explotación con éxito podría permitir al atacante ejecutar código arbitrario con los privilegios del usuario root. Para explotar esta vulnerabilidad, un atacante necesitaría tener credenciales administrativas válidas en un dispositivo afectado
CVSS Scores
SSVC
- Decision:Track*
Timeline
- 2021-11-02 CVE Reserved
- 2022-04-06 CVE Published
- 2023-03-08 EPSS Updated
- 2024-11-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Cisco Search vendor "Cisco" | Staros Search vendor "Cisco" for product "Staros" | < 21.22.n6 Search vendor "Cisco" for product "Staros" and version " < 21.22.n6" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ultra Cloud Core Search vendor "Cisco" for product "Ultra Cloud Core" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Staros Search vendor "Cisco" for product "Staros" | < 21.22.n6 Search vendor "Cisco" for product "Staros" and version " < 21.22.n6" | - |
Affected
| in | Cisco Search vendor "Cisco" | Asr 5500 Search vendor "Cisco" for product "Asr 5500" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Staros Search vendor "Cisco" for product "Staros" | < 21.22.n6 Search vendor "Cisco" for product "Staros" and version " < 21.22.n6" | - |
Affected
| in | Cisco Search vendor "Cisco" | Asr 5700 Search vendor "Cisco" for product "Asr 5700" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Staros Search vendor "Cisco" for product "Staros" | >= 21.23.0 < 21.23.n7 Search vendor "Cisco" for product "Staros" and version " >= 21.23.0 < 21.23.n7" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ultra Cloud Core Search vendor "Cisco" for product "Ultra Cloud Core" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Staros Search vendor "Cisco" for product "Staros" | >= 21.23.0 < 21.23.n7 Search vendor "Cisco" for product "Staros" and version " >= 21.23.0 < 21.23.n7" | - |
Affected
| in | Cisco Search vendor "Cisco" | Asr 5500 Search vendor "Cisco" for product "Asr 5500" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Staros Search vendor "Cisco" for product "Staros" | >= 21.23.0 < 21.23.n7 Search vendor "Cisco" for product "Staros" and version " >= 21.23.0 < 21.23.n7" | - |
Affected
| in | Cisco Search vendor "Cisco" | Asr 5700 Search vendor "Cisco" for product "Asr 5700" | - | - |
Safe
|