1. Home
  2. CVE Database
  3. CVE-2022-20865
MEDIUM · 6.7

CVE-2022-20865

A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The attacker would need to have Admi...

Vulnerability Description

A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The attacker would need to have Administrator privileges on the device. This vulnerability is due to insufficient input validation of commands supplied by the user. An attacker could exploit this vulnerability by authenticating to a device and submitting crafted input to the affected command. A successful exploit could allow the attacker to execute commands on the underlying operating system with root privileges.

CVSS Score

6.7

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
CiscoFirepower 4110 Firmware-
CiscoFirepower 4110-
CiscoFirepower 4112 Firmware-
CiscoFirepower 4112-
CiscoFirepower 4115 Firmware-
CiscoFirepower 4115-
CiscoFirepower 4120 Firmware-
CiscoFirepower 4120-
CiscoFirepower 4125 Firmware-
CiscoFirepower 4125-
CiscoFirepower 4140 Firmware-
CiscoFirepower 4140-
CiscoFirepower 4145 Firmware-
CiscoFirepower 4145-
CiscoFirepower 4150 Firmware-
CiscoFirepower 4150-
CiscoFirepower 9300 Sm-40 Firmware-
CiscoFirepower 9300 Sm-40-
CiscoFirepower 9300 Sm-48 Firmware-
CiscoFirepower 9300 Sm-48-

Related Weaknesses (CWE)

CWE-78

References

FAQ

What is CVE-2022-20865?

CVE-2022-20865 is a vulnerability with a CVSS score of 6.7 (MEDIUM). A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The attacker would need to have Admi...

How severe is CVE-2022-20865?

CVE-2022-20865 has been rated MEDIUM with a CVSS base score of 6.7/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-20865?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco Firepower 4110 Firmware, Cisco Firepower 4110, Cisco Firepower 4112 Firmware, Cisco Firepower 4112, Cisco Firepower 4115 Firmware.