CVE-2022-20855
Cisco IOS XE Software for Embedded Wireless Controllers on Catalyst Access Points Privilege Escalation Vulnerability
Severity Score
6.7
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
A vulnerability in the self-healing functionality of Cisco IOS XE Software for Embedded Wireless Controllers on Catalyst Access Points could allow an authenticated, local attacker to escape the restricted controller shell and execute arbitrary commands on the underlying operating system of the access point. This vulnerability is due to improper checks throughout the restart of certain system processes. An attacker could exploit this vulnerability by logging on to an affected device and executing certain CLI commands. A successful exploit could allow the attacker to execute arbitrary commands on the underlying OS as root. To successfully exploit this vulnerability, an attacker would need valid credentials for a privilege level 15 user of the wireless controller.
Una vulnerabilidad en la funcionalidad de autocuración del software Cisco IOS XE para controladores inalámbricos integrados en puntos de acceso Catalyst podría permitir a un atacante local autenticado escapar del shell restringido del controlador y ejecutar comandos arbitrarios en el sistema operativo subyacente del punto de acceso. Esta vulnerabilidad es debido a comprobaciones inapropiadas durante el reinicio de determinados procesos del sistema. Un atacante podría explotar esta vulnerabilidad al entrar en un dispositivo afectado y ejecutando determinados comandos CLI. Una explotación con éxito podría permitir al atacante ejecutar comandos arbitrarios en el Sistema Operativo subyacente como root. Para explotar con éxito esta vulnerabilidad, un atacante necesitaría credenciales válidas para un usuario de nivel de privilegio 15 del controlador inalámbrico
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2021-11-02 CVE Reserved
- 2022-09-30 CVE Published
- 2023-03-08 EPSS Updated
- 2024-09-16 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
- CWE-266: Incorrect Privilege Assignment
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 17.6.1 Search vendor "Cisco" for product "Ios Xe" and version "17.6.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | Catalyst 9105 Search vendor "Cisco" for product "Catalyst 9105" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 17.6.1 Search vendor "Cisco" for product "Ios Xe" and version "17.6.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | Catalyst 9105axi Search vendor "Cisco" for product "Catalyst 9105axi" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 17.6.1 Search vendor "Cisco" for product "Ios Xe" and version "17.6.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | Catalyst 9105axw Search vendor "Cisco" for product "Catalyst 9105axw" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 17.6.1 Search vendor "Cisco" for product "Ios Xe" and version "17.6.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | Catalyst 9115 Search vendor "Cisco" for product "Catalyst 9115" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 17.6.1 Search vendor "Cisco" for product "Ios Xe" and version "17.6.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | Catalyst 9115 Ap Search vendor "Cisco" for product "Catalyst 9115 Ap" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 17.6.1 Search vendor "Cisco" for product "Ios Xe" and version "17.6.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | Catalyst 9115axe Search vendor "Cisco" for product "Catalyst 9115axe" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 17.6.1 Search vendor "Cisco" for product "Ios Xe" and version "17.6.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | Catalyst 9115axi Search vendor "Cisco" for product "Catalyst 9115axi" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 17.6.1 Search vendor "Cisco" for product "Ios Xe" and version "17.6.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | Catalyst 9117 Search vendor "Cisco" for product "Catalyst 9117" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 17.6.1 Search vendor "Cisco" for product "Ios Xe" and version "17.6.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | Catalyst 9117 Ap Search vendor "Cisco" for product "Catalyst 9117 Ap" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 17.6.1 Search vendor "Cisco" for product "Ios Xe" and version "17.6.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | Catalyst 9117axi Search vendor "Cisco" for product "Catalyst 9117axi" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 17.6.1 Search vendor "Cisco" for product "Ios Xe" and version "17.6.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | Catalyst 9120 Search vendor "Cisco" for product "Catalyst 9120" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 17.6.1 Search vendor "Cisco" for product "Ios Xe" and version "17.6.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | Catalyst 9120 Ap Search vendor "Cisco" for product "Catalyst 9120 Ap" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 17.6.1 Search vendor "Cisco" for product "Ios Xe" and version "17.6.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | Catalyst 9120axe Search vendor "Cisco" for product "Catalyst 9120axe" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 17.6.1 Search vendor "Cisco" for product "Ios Xe" and version "17.6.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | Catalyst 9120axi Search vendor "Cisco" for product "Catalyst 9120axi" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 17.6.1 Search vendor "Cisco" for product "Ios Xe" and version "17.6.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | Catalyst 9120axp Search vendor "Cisco" for product "Catalyst 9120axp" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 17.6.1 Search vendor "Cisco" for product "Ios Xe" and version "17.6.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | Catalyst 9124 Search vendor "Cisco" for product "Catalyst 9124" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 17.6.1 Search vendor "Cisco" for product "Ios Xe" and version "17.6.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | Catalyst 9124axd Search vendor "Cisco" for product "Catalyst 9124axd" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 17.6.1 Search vendor "Cisco" for product "Ios Xe" and version "17.6.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | Catalyst 9124axi Search vendor "Cisco" for product "Catalyst 9124axi" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 17.6.1 Search vendor "Cisco" for product "Ios Xe" and version "17.6.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | Catalyst 9130 Search vendor "Cisco" for product "Catalyst 9130" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 17.6.1 Search vendor "Cisco" for product "Ios Xe" and version "17.6.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | Catalyst 9130 Ap Search vendor "Cisco" for product "Catalyst 9130 Ap" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 17.6.1 Search vendor "Cisco" for product "Ios Xe" and version "17.6.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | Catalyst 9130axe Search vendor "Cisco" for product "Catalyst 9130axe" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 17.6.1 Search vendor "Cisco" for product "Ios Xe" and version "17.6.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | Catalyst 9130axi Search vendor "Cisco" for product "Catalyst 9130axi" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 17.6.1 Search vendor "Cisco" for product "Ios Xe" and version "17.6.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | Catalyst 9800 Search vendor "Cisco" for product "Catalyst 9800" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 17.6.1 Search vendor "Cisco" for product "Ios Xe" and version "17.6.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | Catalyst 9800-40 Search vendor "Cisco" for product "Catalyst 9800-40" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 17.6.1 Search vendor "Cisco" for product "Ios Xe" and version "17.6.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | Catalyst 9800-80 Search vendor "Cisco" for product "Catalyst 9800-80" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 17.6.1 Search vendor "Cisco" for product "Ios Xe" and version "17.6.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | Catalyst 9800-cl Search vendor "Cisco" for product "Catalyst 9800-cl" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 17.6.1 Search vendor "Cisco" for product "Ios Xe" and version "17.6.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | Catalyst 9800-l Search vendor "Cisco" for product "Catalyst 9800-l" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 17.6.1 Search vendor "Cisco" for product "Ios Xe" and version "17.6.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | Catalyst 9800-l-c Search vendor "Cisco" for product "Catalyst 9800-l-c" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 17.6.1 Search vendor "Cisco" for product "Ios Xe" and version "17.6.1" | - |
Affected
| in | Cisco Search vendor "Cisco" | Catalyst 9800-l-f Search vendor "Cisco" for product "Catalyst 9800-l-f" | - | - |
Safe
|