{"containers": {"cna": {"affected": [{"product": "Cisco IOS XE Software", "vendor": "Cisco", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2022-09-28T00:00:00", "descriptions": [{"lang": "en", "value": "A vulnerability in the self-healing functionality of Cisco IOS XE Software for Embedded Wireless Controllers on Catalyst Access Points could allow an authenticated, local attacker to escape the restricted controller shell and execute arbitrary commands on the underlying operating system of the access point. This vulnerability is due to improper checks throughout the restart of certain system processes. An attacker could exploit this vulnerability by logging on to an affected device and executing certain CLI commands. A successful exploit could allow the attacker to execute arbitrary commands on the underlying OS as root. To successfully exploit this vulnerability, an attacker would need valid credentials for a privilege level 15 user of the wireless controller."}], "exploits": [{"lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 7.9, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-266", "description": "CWE-266", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-09-30T18:46:15", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco"}, "references": [{"name": "20220928 Cisco IOS XE Software for Embedded Wireless Controllers on Catalyst Access Points Privilege Escalation Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ewc-priv-esc-nderYLtK"}], "source": {"advisory": "cisco-sa-ewc-priv-esc-nderYLtK", "defect": [["CSCwa23357"]], "discovery": "INTERNAL"}, "title": "Cisco IOS XE Software for Embedded Wireless Controllers on Catalyst Access Points Privilege Escalation Vulnerability", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@cisco.com", "DATE_PUBLIC": "2022-09-28T23:00:00", "ID": "CVE-2022-20855", "STATE": "PUBLIC", "TITLE": "Cisco IOS XE Software for Embedded Wireless Controllers on Catalyst Access Points Privilege Escalation Vulnerability"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Cisco IOS XE Software", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "Cisco"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability in the self-healing functionality of Cisco IOS XE Software for Embedded Wireless Controllers on Catalyst Access Points could allow an authenticated, local attacker to escape the restricted controller shell and execute arbitrary commands on the underlying operating system of the access point. This vulnerability is due to improper checks throughout the restart of certain system processes. An attacker could exploit this vulnerability by logging on to an affected device and executing certain CLI commands. A successful exploit could allow the attacker to execute arbitrary commands on the underlying OS as root. To successfully exploit this vulnerability, an attacker would need valid credentials for a privilege level 15 user of the wireless controller."}]}, "exploit": [{"lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."}], "impact": {"cvss": {"baseScore": "7.9", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-266"}]}]}, "references": {"reference_data": [{"name": "20220928 Cisco IOS XE Software for Embedded Wireless Controllers on Catalyst Access Points Privilege Escalation Vulnerability", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ewc-priv-esc-nderYLtK"}]}, "source": {"advisory": "cisco-sa-ewc-priv-esc-nderYLtK", "defect": [["CSCwa23357"]], "discovery": "INTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T02:24:50.248Z"}, "title": "CVE Program Container", "references": [{"name": "20220928 Cisco IOS XE Software for Embedded Wireless Controllers on Catalyst Access Points Privilege Escalation Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO", "x_transferred"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ewc-priv-esc-nderYLtK"}]}]}, "cveMetadata": {"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2022-20855", "datePublished": "2022-09-30T18:46:15.252083Z", "dateReserved": "2021-11-02T00:00:00", "dateUpdated": "2024-09-16T19:51:07.946Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:ios_xe:17.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "4DE62C4B-7C06-4907-BADE-416C1618D2D9", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:catalyst_9105:-:*:*:*:*:*:*:*", "matchCriteriaId": "5F3CCCFE-88CC-4F7B-8958-79CA62516EA9", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:catalyst_9105axi:-:*:*:*:*:*:*:*", "matchCriteriaId": "19F93DF4-67DB-4B30-AC22-60C67DF32DB2", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:catalyst_9105axw:-:*:*:*:*:*:*:*", "matchCriteriaId": "59C77B06-3C22-4092-AAAB-DB099A0B16A6", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:catalyst_9115:-:*:*:*:*:*:*:*", "matchCriteriaId": "4081C532-3B10-4FBF-BB22-5BA17BC6FCF8", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:catalyst_9115_ap:-:*:*:*:*:*:*:*", "matchCriteriaId": "56A3430C-9AF7-4604-AD95-FCF2989E9EB0", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:catalyst_9115axe:-:*:*:*:*:*:*:*", "matchCriteriaId": "DE4C56A6-E843-498A-A17B-D3D1B01E70E7", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:catalyst_9115axi:-:*:*:*:*:*:*:*", "matchCriteriaId": "F050F416-44C3-474C-9002-321A33F288D6", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:catalyst_9117:-:*:*:*:*:*:*:*", "matchCriteriaId": "6FCE2220-E2E6-4A17-9F0A-2C927FAB4AA5", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:catalyst_9117_ap:-:*:*:*:*:*:*:*", "matchCriteriaId": "C4AE36E2-E7E9-4E49-8BFF-615DACFC65C1", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:catalyst_9117axi:-:*:*:*:*:*:*:*", "matchCriteriaId": "7A699C5C-CD03-4263-952F-5074B470F20E", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:catalyst_9120:-:*:*:*:*:*:*:*", "matchCriteriaId": "A47C2D6F-8F90-4D74-AFE1-EAE954021F46", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:catalyst_9120_ap:-:*:*:*:*:*:*:*", "matchCriteriaId": "C04889F8-3C2A-41AA-9DC9-5A4A4BBE60E7", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:catalyst_9120axe:-:*:*:*:*:*:*:*", "matchCriteriaId": "46D41CFE-784B-40EE-9431-8097428E5892", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:catalyst_9120axi:-:*:*:*:*:*:*:*", "matchCriteriaId": "5D148A27-85B6-4883-96B5-343C8D32F23B", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:catalyst_9120axp:-:*:*:*:*:*:*:*", "matchCriteriaId": "735CA950-672C-4787-8910-48AD07868FDE", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:catalyst_9124:-:*:*:*:*:*:*:*", "matchCriteriaId": "C11EF240-7599-4138-B7A7-17E4479F5B83", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:catalyst_9124axd:-:*:*:*:*:*:*:*", "matchCriteriaId": "E987C945-4D6D-4BE5-B6F0-784B7E821D11", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:catalyst_9124axi:-:*:*:*:*:*:*:*", "matchCriteriaId": "B434C6D7-F583-4D2B-9275-38A5EC4ECC30", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:catalyst_9130:-:*:*:*:*:*:*:*", "matchCriteriaId": "E1C8E35A-5A9B-4D56-A753-937D5CFB5B19", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:catalyst_9130_ap:-:*:*:*:*:*:*:*", "matchCriteriaId": "248A3FFC-C33C-4336-A37C-67B6046556E5", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:catalyst_9130axe:-:*:*:*:*:*:*:*", "matchCriteriaId": "4EC1F736-6240-4FA2-9FEC-D8798C9D287C", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:catalyst_9130axi:-:*:*:*:*:*:*:*", "matchCriteriaId": "169E5354-07EA-4639-AB4B-20D2B9DE784C", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:catalyst_9800:-:*:*:*:*:*:*:*", "matchCriteriaId": "A48E6CF0-7A3B-4D11-8D02-0CD38F2420E9", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:catalyst_9800-40:-:*:*:*:*:*:*:*", "matchCriteriaId": "1B9ED0E5-CB20-4106-9CF2-8EB587B33543", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:catalyst_9800-80:-:*:*:*:*:*:*:*", "matchCriteriaId": "2B0E620C-8E09-4F7C-A326-26013173B993", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:catalyst_9800-cl:-:*:*:*:*:*:*:*", "matchCriteriaId": "FF93F1C8-669F-4ECB-8D81-ECDA7B550175", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:catalyst_9800-l:-:*:*:*:*:*:*:*", "matchCriteriaId": "2E0BA345-B7D7-4975-9199-4DC7875BBFD0", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:catalyst_9800-l-c:-:*:*:*:*:*:*:*", "matchCriteriaId": "4E9EA95F-4E39-4D9C-8A84-D1F6014A4A40", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:catalyst_9800-l-f:-:*:*:*:*:*:*:*", "matchCriteriaId": "EA0BC769-C244-41BD-BE80-E67F4E1CDDA4", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability in the self-healing functionality of Cisco IOS XE Software for Embedded Wireless Controllers on Catalyst Access Points could allow an authenticated, local attacker to escape the restricted controller shell and execute arbitrary commands on the underlying operating system of the access point. This vulnerability is due to improper checks throughout the restart of certain system processes. An attacker could exploit this vulnerability by logging on to an affected device and executing certain CLI commands. A successful exploit could allow the attacker to execute arbitrary commands on the underlying OS as root. To successfully exploit this vulnerability, an attacker would need valid credentials for a privilege level 15 user of the wireless controller."}, {"lang": "es", "value": "Una vulnerabilidad en la funcionalidad de autocuraci\u00f3n del software Cisco IOS XE para controladores inal\u00e1mbricos integrados en puntos de acceso Catalyst podr\u00eda permitir a un atacante local autenticado escapar del shell restringido del controlador y ejecutar comandos arbitrarios en el sistema operativo subyacente del punto de acceso. Esta vulnerabilidad es debido a comprobaciones inapropiadas durante el reinicio de determinados procesos del sistema. Un atacante podr\u00eda explotar esta vulnerabilidad al entrar en un dispositivo afectado y ejecutando determinados comandos CLI. Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir al atacante ejecutar comandos arbitrarios en el Sistema Operativo subyacente como root. Para explotar con \u00e9xito esta vulnerabilidad, un atacante necesitar\u00eda credenciales v\u00e1lidas para un usuario de nivel de privilegio 15 del controlador inal\u00e1mbrico"}], "id": "CVE-2022-20855", "lastModified": "2023-11-07T03:43:07.853", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 7.9, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 1.5, "impactScore": 5.8, "source": "ykramarz@cisco.com", "type": "Secondary"}]}, "published": "2022-09-30T19:15:12.963", "references": [{"source": "ykramarz@cisco.com", "tags": ["Vendor Advisory"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ewc-priv-esc-nderYLtK"}], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-266"}], "source": "ykramarz@cisco.com", "type": "Secondary"}]}

{}