Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveCiscoCVE-2022-20727
HistoryApr 15, 2022 - 3:15 p.m.

CVE-2022-20727

2022-04-1515:15:13
CWE-22
cisco
web.nvd.nist.gov
74
cve-2022-20727
cisco
iox
application hosting
vulnerabilities
arbitrary commands
arbitrary code
authentication bypass
xss
nvd

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

6.7

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

AI Score

6.6

Confidence

High

EPSS

0

Percentile

9.9%

JSON

Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software. For more information about these vulnerabilities, see the Details section of this advisory.

Affected configurations

Nvd
Node
ciscocgr1000_compute_moduleRange<1.15.0.1
OR
ciscoic3000_industrial_compute_gatewayRange<1.4.1
OR
ciscoir510_operating_systemRange<6.5.9
OR
ciscoiosMatch15.2\(5\)e1
OR
ciscoiosMatch15.2\(6\)e0a
OR
ciscoiosMatch15.2\(6\)e1
OR
ciscoiosMatch15.2\(6\)e2a
OR
ciscoiosMatch15.2\(7\)e
OR
ciscoiosMatch15.2\(7\)e0b
OR
ciscoiosMatch15.2\(7\)e0s
OR
ciscoiosMatch15.6\(1\)t1
OR
ciscoiosMatch15.6\(1\)t2
OR
ciscoiosMatch15.6\(1\)t3
OR
ciscoiosMatch15.6\(2\)t
OR
ciscoiosMatch15.6\(2\)t0a
OR
ciscoiosMatch15.6\(2\)t1
OR
ciscoiosMatch15.6\(2\)t2
OR
ciscoiosMatch15.6\(2\)t3
OR
ciscoiosMatch15.6\(3\)m
OR
ciscoiosMatch15.6\(3\)m0a
OR
ciscoiosMatch15.6\(3\)m1
OR
ciscoiosMatch15.6\(3\)m1a
OR
ciscoiosMatch15.6\(3\)m1b
OR
ciscoiosMatch15.6\(3\)m2
OR
ciscoiosMatch15.6\(3\)m2a
OR
ciscoiosMatch15.6\(3\)m3
OR
ciscoiosMatch15.6\(3\)m3a
OR
ciscoiosMatch15.6\(3\)m4
OR
ciscoiosMatch15.6\(3\)m5
OR
ciscoiosMatch15.6\(3\)m6
OR
ciscoiosMatch15.6\(3\)m6a
OR
ciscoiosMatch15.6\(3\)m6b
OR
ciscoiosMatch15.6\(3\)m7
OR
ciscoiosMatch15.6\(3\)m8
OR
ciscoiosMatch15.6\(3\)m9
OR
ciscoiosMatch15.7\(3\)m
OR
ciscoiosMatch15.7\(3\)m0a
OR
ciscoiosMatch15.7\(3\)m1
OR
ciscoiosMatch15.7\(3\)m2
OR
ciscoiosMatch15.7\(3\)m3
OR
ciscoiosMatch15.7\(3\)m4
OR
ciscoiosMatch15.7\(3\)m4a
OR
ciscoiosMatch15.7\(3\)m4b
OR
ciscoiosMatch15.7\(3\)m5
OR
ciscoiosMatch15.7\(3\)m6
OR
ciscoiosMatch15.7\(3\)m7
OR
ciscoiosMatch15.7\(3\)m8
OR
ciscoiosMatch15.7\(3\)m9
OR
ciscoiosMatch15.8\(3\)m
OR
ciscoiosMatch15.8\(3\)m0a
OR
ciscoiosMatch15.8\(3\)m0b
OR
ciscoiosMatch15.8\(3\)m1
OR
ciscoiosMatch15.8\(3\)m1a
OR
ciscoiosMatch15.8\(3\)m2
OR
ciscoiosMatch15.8\(3\)m2a
OR
ciscoiosMatch15.8\(3\)m3
OR
ciscoiosMatch15.8\(3\)m3a
OR
ciscoiosMatch15.8\(3\)m3b
OR
ciscoiosMatch15.8\(3\)m4
OR
ciscoiosMatch15.8\(3\)m5
OR
ciscoiosMatch15.8\(3\)m6
OR
ciscoiosMatch15.8\(3\)m7
OR
ciscoiosMatch15.9\(3\)m
OR
ciscoiosMatch15.9\(3\)m0a
OR
ciscoiosMatch15.9\(3\)m1
OR
ciscoiosMatch15.9\(3\)m2
OR
ciscoiosMatch15.9\(3\)m2a
OR
ciscoiosMatch15.9\(3\)m3
OR
ciscoiosMatch15.9\(3\)m3a
OR
ciscoiosMatch15.9\(3\)m3b
OR
ciscoiosMatch15.9\(3\)m4
OR
ciscoiosMatch15.9\(3\)m4a
OR
ciscoios_xeMatch16.3.1
OR
ciscoios_xeMatch16.3.1a
OR
ciscoios_xeMatch16.3.2
OR
ciscoios_xeMatch16.3.3
OR
ciscoios_xeMatch16.3.4
OR
ciscoios_xeMatch16.3.5
OR
ciscoios_xeMatch16.3.5b
OR
ciscoios_xeMatch16.3.6
OR
ciscoios_xeMatch16.3.7
OR
ciscoios_xeMatch16.3.8
OR
ciscoios_xeMatch16.3.9
OR
ciscoios_xeMatch16.3.10
OR
ciscoios_xeMatch16.3.11
OR
ciscoios_xeMatch16.4.1
OR
ciscoios_xeMatch16.4.2
OR
ciscoios_xeMatch16.4.3
OR
ciscoios_xeMatch16.5.1
OR
ciscoios_xeMatch16.5.1a
OR
ciscoios_xeMatch16.5.1b
OR
ciscoios_xeMatch16.5.2
OR
ciscoios_xeMatch16.5.3
OR
ciscoios_xeMatch16.6.1
OR
ciscoios_xeMatch16.6.2
OR
ciscoios_xeMatch16.6.3
OR
ciscoios_xeMatch16.6.4
OR
ciscoios_xeMatch16.6.4a
OR
ciscoios_xeMatch16.6.4s
OR
ciscoios_xeMatch16.6.5
OR
ciscoios_xeMatch16.6.5a
OR
ciscoios_xeMatch16.6.5b
OR
ciscoios_xeMatch16.6.6
OR
ciscoios_xeMatch16.6.7
OR
ciscoios_xeMatch16.6.7a
OR
ciscoios_xeMatch16.6.8
OR
ciscoios_xeMatch16.6.9
OR
ciscoios_xeMatch16.6.10
OR
ciscoios_xeMatch16.7.1
OR
ciscoios_xeMatch16.7.1a
OR
ciscoios_xeMatch16.7.1b
OR
ciscoios_xeMatch16.7.2
OR
ciscoios_xeMatch16.7.3
OR
ciscoios_xeMatch16.7.4
OR
ciscoios_xeMatch16.8.1
OR
ciscoios_xeMatch16.8.1a
OR
ciscoios_xeMatch16.8.1b
OR
ciscoios_xeMatch16.8.1c
OR
ciscoios_xeMatch16.8.1d
OR
ciscoios_xeMatch16.8.1e
OR
ciscoios_xeMatch16.8.1s
OR
ciscoios_xeMatch16.8.2
OR
ciscoios_xeMatch16.8.3
OR
ciscoios_xeMatch16.9.1
OR
ciscoios_xeMatch16.9.1a
OR
ciscoios_xeMatch16.9.1b
OR
ciscoios_xeMatch16.9.1c
OR
ciscoios_xeMatch16.9.1d
OR
ciscoios_xeMatch16.9.1s
OR
ciscoios_xeMatch16.9.2
OR
ciscoios_xeMatch16.9.2a
OR
ciscoios_xeMatch16.9.2s
OR
ciscoios_xeMatch16.9.3
OR
ciscoios_xeMatch16.9.3a
OR
ciscoios_xeMatch16.9.3h
OR
ciscoios_xeMatch16.9.3s
OR
ciscoios_xeMatch16.9.4
OR
ciscoios_xeMatch16.9.4c
OR
ciscoios_xeMatch16.9.5
OR
ciscoios_xeMatch16.9.5f
OR
ciscoios_xeMatch16.9.6
OR
ciscoios_xeMatch16.9.7
OR
ciscoios_xeMatch16.9.8
OR
ciscoios_xeMatch16.10.1
OR
ciscoios_xeMatch16.10.1a
OR
ciscoios_xeMatch16.10.1b
OR
ciscoios_xeMatch16.10.1c
OR
ciscoios_xeMatch16.10.1d
OR
ciscoios_xeMatch16.10.1e
OR
ciscoios_xeMatch16.10.1f
OR
ciscoios_xeMatch16.10.1g
OR
ciscoios_xeMatch16.10.1s
OR
ciscoios_xeMatch16.10.2
OR
ciscoios_xeMatch16.10.3
OR
ciscoios_xeMatch16.11.1
OR
ciscoios_xeMatch16.11.1a
OR
ciscoios_xeMatch16.11.1b
OR
ciscoios_xeMatch16.11.1c
OR
ciscoios_xeMatch16.11.1s
OR
ciscoios_xeMatch16.11.2
OR
ciscoios_xeMatch16.12.1
OR
ciscoios_xeMatch16.12.1a
OR
ciscoios_xeMatch16.12.1c
OR
ciscoios_xeMatch16.12.1s
OR
ciscoios_xeMatch16.12.1t
OR
ciscoios_xeMatch16.12.1w
OR
ciscoios_xeMatch16.12.1x
OR
ciscoios_xeMatch16.12.1y
OR
ciscoios_xeMatch16.12.2
OR
ciscoios_xeMatch16.12.2a
OR
ciscoios_xeMatch16.12.2s
OR
ciscoios_xeMatch16.12.2t
OR
ciscoios_xeMatch16.12.3
OR
ciscoios_xeMatch16.12.3a
OR
ciscoios_xeMatch16.12.3s
OR
ciscoios_xeMatch16.12.4
OR
ciscoios_xeMatch16.12.4a
OR
ciscoios_xeMatch16.12.5
OR
ciscoios_xeMatch16.12.5a
OR
ciscoios_xeMatch17.1.1
OR
ciscoios_xeMatch17.1.1a
OR
ciscoios_xeMatch17.1.1s
OR
ciscoios_xeMatch17.1.1t
OR
ciscoios_xeMatch17.1.2
OR
ciscoios_xeMatch17.1.3
OR
ciscoios_xeMatch17.2.1
OR
ciscoios_xeMatch17.2.1a
OR
ciscoios_xeMatch17.2.1r
OR
ciscoios_xeMatch17.2.1v
OR
ciscoios_xeMatch17.2.2
OR
ciscoios_xeMatch17.2.3
OR
ciscoios_xeMatch17.3.1
OR
ciscoios_xeMatch17.3.1a
OR
ciscoios_xeMatch17.3.1w
OR
ciscoios_xeMatch17.3.1x
OR
ciscoios_xeMatch17.3.1z
OR
ciscoios_xeMatch17.3.2
OR
ciscoios_xeMatch17.3.2a
OR
ciscoios_xeMatch17.3.3
OR
ciscoios_xeMatch17.3.3a
OR
ciscoios_xeMatch17.3.4
OR
ciscoios_xeMatch17.3.4a
OR
ciscoios_xeMatch17.3.4b
OR
ciscoios_xeMatch17.3.4c
OR
ciscoios_xeMatch17.4.1
OR
ciscoios_xeMatch17.4.1a
OR
ciscoios_xeMatch17.4.1b
OR
ciscoios_xeMatch17.4.1c
OR
ciscoios_xeMatch17.4.2
OR
ciscoios_xeMatch17.4.2a
OR
ciscoios_xeMatch17.5.1
OR
ciscoios_xeMatch17.5.1a
OR
ciscoios_xeMatch17.6.1
OR
ciscoios_xeMatch17.6.1a
VendorProductVersionCPE
ciscocgr1000_compute_module*cpe:2.3:a:cisco:cgr1000_compute_module:*:*:*:*:*:*:*:*
ciscoic3000_industrial_compute_gateway*cpe:2.3:a:cisco:ic3000_industrial_compute_gateway:*:*:*:*:*:*:*:*
ciscoir510_operating_system*cpe:2.3:a:cisco:ir510_operating_system:*:*:*:*:*:*:*:*
ciscoios15.2(5)e1cpe:2.3:o:cisco:ios:15.2\(5\)e1:*:*:*:*:*:*:*
ciscoios15.2(6)e0acpe:2.3:o:cisco:ios:15.2\(6\)e0a:*:*:*:*:*:*:*
ciscoios15.2(6)e1cpe:2.3:o:cisco:ios:15.2\(6\)e1:*:*:*:*:*:*:*
ciscoios15.2(6)e2acpe:2.3:o:cisco:ios:15.2\(6\)e2a:*:*:*:*:*:*:*
ciscoios15.2(7)ecpe:2.3:o:cisco:ios:15.2\(7\)e:*:*:*:*:*:*:*
ciscoios15.2(7)e0bcpe:2.3:o:cisco:ios:15.2\(7\)e0b:*:*:*:*:*:*:*
ciscoios15.2(7)e0scpe:2.3:o:cisco:ios:15.2\(7\)e0s:*:*:*:*:*:*:*
Rows per page:
1-10 of 2141

CNA Affected

[
  {
    "product": "Cisco IOS",
    "vendor": "Cisco",
    "versions": [
      {
        "status": "affected",
        "version": "n/a"
      }
    ]
  }
]

Related

cvelist 1
nvd 1
prion 1
nessus 2
cisco 1
cvelist
cvelist
CVE-2022-20727 Cisco IOx Application Hosting Environment Vulnerabilities
2022-04-15 14:20:48
nvd
nvd
CVE-2022-20727
2022-04-15 15:15:13
prion
prion
Cross site scripting
2022-04-15 15:15:00
nessus
nessus
Cisco IOS XE Software IOx Application Hosting Environment (cisco-sa-iox-yuXQ6hFj)
2022-04-22 00:00:00
Cisco IOS Software IOx Application Hosting Environment (cisco-sa-iox-yuXQ6hFj)
2022-04-22 00:00:00
cisco
cisco
Cisco IOx Application Hosting Environment Vulnerabilities
2022-04-13 16:00:00

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

6.7

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

AI Score

6.6

Confidence

High

EPSS

0

Percentile

9.9%

JSON
Related for CVE-2022-20727
cvelist1nvd1prion1nessus2cisco1