Cisco Security Advisory - Cisco IOS XE Software Tool Command Language Privilege Escalation Vulnerability

[Netwörkheäd]

Cisco IOS XE Software Tool Command Language Privilege Escalation Vulnerability

<p>A vulnerability in the Tool Command Language (Tcl) interpreter of Cisco&nbsp;IOS XE Software could allow an authenticated, local attacker to escalate from privilege level 15 to <em>root-</em>level privileges.</p>
<p><span class="more">This vulnerability is due to </span>insufficient input validation of data that is <span class="more">passed </span>into the Tcl interpreter. An attacker could exploit this vulnerability by loading malicious Tcl code on an affected device. <span class="more">A successful exploit could allow the attacker to execute arbitrary commands as <em>root</em>. </span>By default, Tcl shell access requires privilege level 15.</p>
<p>Cisco&nbsp;has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.</p>


<p>This advisory is part of the April 2022 release of the Cisco&nbsp;IOS and IOS XE Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see <a href="https://tools.cisco.com/security/center/viewErp.x?alertId=ERP-74561">Cisco&nbsp;Event Response: April 2022 Semiannual Cisco&nbsp;IOS and IOS XE Software Security Advisory Bundled Publication.</a></p>

<p>This advisory is available at the following link:<br><a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-priv-esc-grbtubU" target="_blank">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-priv-esc-grbtubU</a></p>
     
         
Security Impact Rating:  Medium
   
   
       
CVE: CVE-2022-20676
Source: Cisco IOS XE Software Tool Command Language Privilege Escalation Vulnerability