HIGH✓ PATCH🇵🇱 Wersja polska

CVE-2022-20855

CVSS 7.9v3.1pub. 2022-09-30upd. 2024-11-21

A vulnerability in the self-healing functionality of Cisco IOS XE Software for Embedded Wireless Controllers on Catalyst Access Points could allow an authenticated, local attacker to escape the restricted controller shell and execute arbitrary commands on the underlying operating system of the access point. This vulnerability is due to improper checks throughout the restart of certain system processes. An attacker could exploit this vulnerability by logging on to an affected device and executing certain CLI commands. A successful exploit could allow the attacker to execute arbitrary commands on the underlying OS as root. To successfully exploit this vulnerability, an attacker would need valid credentials for a privilege level 15 user of the wireless controller.

CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N
  • Cisco Catalyst 9105

    HW
    Cisco
    wszystkie wersje
  • Cisco Catalyst 9105axi

    HW
    Cisco
    wszystkie wersje
  • Cisco Catalyst 9105axw

    HW
    Cisco
    wszystkie wersje
  • Cisco Catalyst 9115

    HW
    Cisco
    wszystkie wersje
  • Cisco Catalyst 9115 Ap

    HW
    Cisco
    wszystkie wersje
  • Cisco Catalyst 9115axe

    HW
    Cisco
    wszystkie wersje
  • Cisco Catalyst 9115axi

    HW
    Cisco
    wszystkie wersje
  • Cisco Catalyst 9117

    HW
    Cisco
    wszystkie wersje
  • Cisco Catalyst 9117 Ap

    HW
    Cisco
    wszystkie wersje
  • Cisco Catalyst 9117axi

    HW
    Cisco
    wszystkie wersje
  • Cisco Catalyst 9120

    HW
    Cisco
    wszystkie wersje
  • Cisco Catalyst 9120 Ap

    HW
    Cisco
    wszystkie wersje
  • Cisco Catalyst 9120axe

    HW
    Cisco
    wszystkie wersje
  • Cisco Catalyst 9120axi

    HW
    Cisco
    wszystkie wersje
  • Cisco Catalyst 9120axp

    HW
    Cisco
    wszystkie wersje
  • Cisco Catalyst 9124

    HW
    Cisco
    wszystkie wersje
  • Cisco Catalyst 9124axd

    HW
    Cisco
    wszystkie wersje
  • Cisco Catalyst 9124axi

    HW
    Cisco
    wszystkie wersje
  • Cisco Catalyst 9130

    HW
    Cisco
    wszystkie wersje
  • Cisco Catalyst 9130 Ap

    HW
    Cisco
    wszystkie wersje
  • Cisco Catalyst 9130axe

    HW
    Cisco
    wszystkie wersje
  • Cisco Catalyst 9130axi

    HW
    Cisco
    wszystkie wersje
  • Cisco Catalyst 9800

    HW
    Cisco
    wszystkie wersje
  • Cisco Catalyst 9800 40

    HW
    Cisco
    wszystkie wersje
  • Cisco Catalyst 9800 80

    HW
    Cisco
    wszystkie wersje
  • Cisco Catalyst 9800 Cl

    HW
    Cisco
    wszystkie wersje
  • Cisco Catalyst 9800 L

    HW
    Cisco
    wszystkie wersje
  • Cisco Catalyst 9800 L C

    HW
    Cisco
    wszystkie wersje
  • Cisco Catalyst 9800 L F

    HW
    Cisco
    wszystkie wersje
  • Cisco IOS XE

    OS
    Cisco
    17.6.1
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
Command Injection
CWE
References

Related vulnerabilities

CVE-2023-20198CRITICAL10.0⚠ KEVten sam produkt

Cisco is providing an update for the ongoing investigation into observed exploitation of the web UI feature in...

CVE-2018-0151CRITICAL9.8⚠ KEVten sam produkt

A vulnerability in the quality of service (QoS) subsystem of Cisco IOS Software and Cisco IOS XE Software coul...

CVE-2017-3881CRITICAL9.8⚠ KEVten sam produkt

A vulnerability in the Cisco Cluster Management Protocol (CMP) processing code in Cisco IOS and Cisco IOS XE S...

CVE-2025-20363CRITICAL9.0PL ✓ten sam produkt

RCE w web services Cisco ASA, FTD, IOS, IOS XE, IOS XR przez HTTP

CVE-2025-20188CRITICAL10.0PL ✓ten sam produkt

Cisco IOS XE WLC — nieuwierzytelniony upload plików i RCE przez hardcoded JWT