Cisco Security Advisory - Multiple Cisco Products CLI Command Injection Vulnerability

Started by Netwörkheäd, March 26, 2022, 12:12:51 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions

Netwörkheäd

March 26, 2022, 12:12:51 PM
Multiple Cisco Products CLI Command Injection Vulnerability

<p>A vulnerability in the implementation of the CLI for multiple Cisco&nbsp;products could allow an authenticated, local attacker to perform a command injection attack.&nbsp;</p>
<p>This vulnerability is due to insufficient validation of a process argument on an affected product. An attacker could exploit this vulnerability by injecting commands during the execution of this process. <span class="mce-annotation tox-comment tox-comment--active" data-mce-annotation-uid="CONV-0005071" data-mce-annotation="tinycomments">A successful exploit</span> could allow the attacker to execute arbitrary commands on the underlying operating system with the privileges of the management framework process, which are commonly <em>root</em> privileges.&nbsp;</p>
<p>Cisco&nbsp;has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.</p>
<p>This advisory is available at the following link:<br>
<a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cli-cmdinj-4MttWZPB" rel="nofollow">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cli-cmdinj-4MttWZPB</a></p>

     
         
Security Impact Rating:  High
   
   
       
CVE: CVE-2022-20655
Source: Multiple Cisco Products CLI Command Injection Vulnerability
Let's not argue. Let's network!
Print
Go Up Pages1
User actions