A vulnerability in the implementation of the CLI on a device that is running ConfD could allow an authenticated, local attacker to perform a command injection attack.
The vulnerability is due to insufficient validation of a process argument on an affected device. An attacker could exploit this vulnerability by injecting commands during the execution of this process. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the privilege level of ConfD, which is commonly root.
The vulnerability is due to insufficient validation of a process argument on an affected device. An attacker could exploit this vulnerability by injecting commands during the execution of this process. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the privilege level of ConfD, which is commonly root.
Metrics
Affected Vendors & Products
References
History
Fri, 15 Nov 2024 21:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Cisco
Cisco carrier Packet Transport Cisco catalyst Sd-wan Manager Cisco enterprise Nfv Infrastructure Software Cisco ios Xe Catalyst Sd-wan Cisco ios Xr Software Cisco network Services Orchestrator Cisco sd-wan Vedge Router Cisco virtual Topology System |
|
CPEs | cpe:2.3:a:cisco:carrier_packet_transport:*:*:*:*:*:*:*:* cpe:2.3:a:cisco:catalyst_sd-wan_manager:*:*:*:*:*:*:*:* cpe:2.3:a:cisco:enterprise_nfv_infrastructure_software:*:*:*:*:*:*:*:* cpe:2.3:a:cisco:network_services_orchestrator:*:*:*:*:*:*:*:* cpe:2.3:a:cisco:sd-wan_vedge_router:*:*:*:*:*:*:*:* cpe:2.3:a:cisco:virtual_topology_system:*:*:*:*:*:*:*:* cpe:2.3:o:cisco:ios_xe_catalyst_sd-wan:*:*:*:*:*:*:*:* cpe:2.3:o:cisco:ios_xr_software:*:*:*:*:*:*:*:* |
|
Vendors & Products |
Cisco
Cisco carrier Packet Transport Cisco catalyst Sd-wan Manager Cisco enterprise Nfv Infrastructure Software Cisco ios Xe Catalyst Sd-wan Cisco ios Xr Software Cisco network Services Orchestrator Cisco sd-wan Vedge Router Cisco virtual Topology System |
|
Metrics |
ssvc
|
Fri, 15 Nov 2024 16:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | A vulnerability in the implementation of the CLI on a device that is running ConfD could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient validation of a process argument on an affected device. An attacker could exploit this vulnerability by injecting commands during the execution of this process. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the privilege level of ConfD, which is commonly root. | |
Weaknesses | CWE-78 | |
References |
| |
Metrics |
cvssV3_1
|

Status: PUBLISHED
Assigner: cisco
Published:
Updated: 2024-11-15T21:00:58.460Z
Reserved: 2021-11-02T13:28:29.037Z
Link: CVE-2022-20655

Updated: 2024-11-15T21:00:40.999Z

Status : Awaiting Analysis
Published: 2024-11-15T16:15:20.987
Modified: 2024-11-18T17:11:56.587
Link: CVE-2022-20655

No data.

No data.