Vulnerability Description
Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software. For more information about these vulnerabilities, see the Details section of this advisory.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Cgr1000 Compute Module | < 1.15.0.1 |
| Cisco | Ic3000 Industrial Compute Gateway | < 1.4.1 |
| Cisco | Ir510 Operating System | < 6.5.9 |
| Cisco | Ios | 15.2\(5\)e1 |
| Cisco | Ios Xe | 16.3.1 |
Related Weaknesses (CWE)
References
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iVendor Advisory
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iVendor Advisory
FAQ
What is CVE-2022-20727?
CVE-2022-20727 is a vulnerability with a CVSS score of 5.5 (MEDIUM). Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, ex...
How severe is CVE-2022-20727?
CVE-2022-20727 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-20727?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Cgr1000 Compute Module, Cisco Ic3000 Industrial Compute Gateway, Cisco Ir510 Operating System, Cisco Ios, Cisco Ios Xe.