Vulnerability Description
Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software. For more information about these vulnerabilities, see the Details section of this advisory.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Cgr1000 Compute Module | All versions |
| Cisco | Ic3000 Industrial Compute Gateway | All versions |
| Cisco | Ir510 Operating System | All versions |
| Cisco | Ios | 15.2\(5\)e1 |
| Cisco | Ios Xe | 16.3.1 |
| Cisco | 800M Integrated Services Router | - |
| Cisco | 807 Industrial Integrated Services Router | - |
| Cisco | 812 3G Integrated Services Router | - |
| Cisco | 812 Cifi Integrated Services Router | - |
| Cisco | 819 Hardened Dual Radio 802.11N Wifi Integrated Services Router | - |
| Cisco | 819 Hardened Integrated Services Router | - |
| Cisco | 829 Industrial Integrated Services Router | - |
| Cisco | 860Vae-W Integrated Services Router | - |
| Cisco | 861 Integrated Services Router | - |
| Cisco | 861W Integrated Services Router | - |
| Cisco | 866Vae Integrated Services Router | - |
| Cisco | 867 Integrated Services Router | - |
| Cisco | 867Vae Integrated Services Router | - |
| Cisco | 880-Voice Integrated Services Router | - |
| Cisco | 880 3G Integrated Services Router | - |
Related Weaknesses (CWE)
References
- https://github.com/orangecertcc/security-research/security/advisories/GHSA-q2v9-Third Party Advisory
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iVendor Advisory
- https://github.com/orangecertcc/security-research/security/advisories/GHSA-q2v9-Third Party Advisory
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iVendor Advisory
FAQ
What is CVE-2022-20725?
CVE-2022-20725 is a vulnerability with a CVSS score of 5.5 (MEDIUM). Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, ex...
How severe is CVE-2022-20725?
CVE-2022-20725 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-20725?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Cgr1000 Compute Module, Cisco Ic3000 Industrial Compute Gateway, Cisco Ir510 Operating System, Cisco Ios, Cisco Ios Xe.