CVE-2022-20865

Published on: Not Yet Published

Last Modified on: 09/01/2022 08:12:00 PM UTC

CVE-2022-20865 - advisory for cisco-sa-fxos-cmdinj-TxcLNZNH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Certain versions of Firepower 4110 from Cisco contain the following vulnerability:

A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The attacker would need to have Administrator privileges on the device. This vulnerability is due to insufficient input validation of commands supplied by the user. An attacker could exploit this vulnerability by authenticating to a device and submitting crafted input to the affected command. A successful exploit could allow the attacker to execute commands on the underlying operating system with root privileges.

CVE-2022-20865 has been assigned by [email protected] to track the vulnerability - currently rated as MEDIUM severity.
The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.
Affected Vendor/Software: Cisco - Cisco Firepower Extensible Operating System (FXOS) version n/a

CVSS3 Score: 6.7 - MEDIUM

Attack Vector ^ⓘ	Attack Complexity	Privileges Required	User Interaction
LOCAL	LOW	HIGH	NONE
Scope	Confidentiality Impact	Integrity Impact	Availability Impact
UNCHANGED	HIGH	HIGH	HIGH

CVE References

Description	Tags ^ⓘ	Link
No Description Provided	tools.cisco.com text/html	CISCO 20220824 Cisco FXOS Software Command Injection Vulnerability

By selecting these links, you may be leaving CVEreport webspace. We have provided these links to other websites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other websites that are more appropriate for your purpose. CVEreport does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, CVEreport does not endorse any commercial products that may be mentioned on these sites. Please address comments about any linked pages to [email protected].

There are currently no QIDs associated with this CVE

Known Affected Configurations (CPE V2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Hardware	Cisco	Firepower 4110	-	All	All	All
Operating System	Cisco	Firepower 4110 Firmware	-	All	All	All
Hardware	Cisco	Firepower 4112	-	All	All	All
Operating System	Cisco	Firepower 4112 Firmware	-	All	All	All
Hardware	Cisco	Firepower 4115	-	All	All	All
Operating System	Cisco	Firepower 4115 Firmware	-	All	All	All
Hardware	Cisco	Firepower 4120	-	All	All	All
Operating System	Cisco	Firepower 4120 Firmware	-	All	All	All
Hardware	Cisco	Firepower 4125	-	All	All	All
Operating System	Cisco	Firepower 4125 Firmware	-	All	All	All
Hardware	Cisco	Firepower 4140	-	All	All	All
Operating System	Cisco	Firepower 4140 Firmware	-	All	All	All
Hardware	Cisco	Firepower 4145	-	All	All	All
Operating System	Cisco	Firepower 4145 Firmware	-	All	All	All
Hardware	Cisco	Firepower 4150	-	All	All	All
Operating System	Cisco	Firepower 4150 Firmware	-	All	All	All
Hardware	Cisco	Firepower 9300 Sm-40	-	All	All	All
Operating System	Cisco	Firepower 9300 Sm-40 Firmware	-	All	All	All
Hardware	Cisco	Firepower 9300 Sm-48	-	All	All	All
Operating System	Cisco	Firepower 9300 Sm-48 Firmware	-	All	All	All
Hardware	Cisco	Firepower 9300 Sm-56	-	All	All	All
Operating System	Cisco	Firepower 9300 Sm-56 Firmware	-	All	All	All
Hardware	Cisco	Firepower 9300 Sm-56 X 3	-	All	All	All
Operating System	Cisco	Firepower 9300 Sm-56 X 3 Firmware	-	All	All	All

cpe:2.3:h:cisco:firepower_4110:-:*:*:*:*:*:*:*:
cpe:2.3:o:cisco:firepower_4110_firmware:-:*:*:*:*:*:*:*:
cpe:2.3:h:cisco:firepower_4112:-:*:*:*:*:*:*:*:
cpe:2.3:o:cisco:firepower_4112_firmware:-:*:*:*:*:*:*:*:
cpe:2.3:h:cisco:firepower_4115:-:*:*:*:*:*:*:*:
cpe:2.3:o:cisco:firepower_4115_firmware:-:*:*:*:*:*:*:*:
cpe:2.3:h:cisco:firepower_4120:-:*:*:*:*:*:*:*:
cpe:2.3:o:cisco:firepower_4120_firmware:-:*:*:*:*:*:*:*:
cpe:2.3:h:cisco:firepower_4125:-:*:*:*:*:*:*:*:
cpe:2.3:o:cisco:firepower_4125_firmware:-:*:*:*:*:*:*:*:
cpe:2.3:h:cisco:firepower_4140:-:*:*:*:*:*:*:*:
cpe:2.3:o:cisco:firepower_4140_firmware:-:*:*:*:*:*:*:*:
cpe:2.3:h:cisco:firepower_4145:-:*:*:*:*:*:*:*:
cpe:2.3:o:cisco:firepower_4145_firmware:-:*:*:*:*:*:*:*:
cpe:2.3:h:cisco:firepower_4150:-:*:*:*:*:*:*:*:
cpe:2.3:o:cisco:firepower_4150_firmware:-:*:*:*:*:*:*:*:
cpe:2.3:h:cisco:firepower_9300_sm-40:-:*:*:*:*:*:*:*:
cpe:2.3:o:cisco:firepower_9300_sm-40_firmware:-:*:*:*:*:*:*:*:
cpe:2.3:h:cisco:firepower_9300_sm-48:-:*:*:*:*:*:*:*:
cpe:2.3:o:cisco:firepower_9300_sm-48_firmware:-:*:*:*:*:*:*:*:
cpe:2.3:h:cisco:firepower_9300_sm-56:-:*:*:*:*:*:*:*:
cpe:2.3:o:cisco:firepower_9300_sm-56_firmware:-:*:*:*:*:*:*:*:
cpe:2.3:h:cisco:firepower_9300_sm-56_x_3:-:*:*:*:*:*:*:*:
cpe:2.3:o:cisco:firepower_9300_sm-56_x_3_firmware:-:*:*:*:*:*:*:*:

No vendor comments have been submitted for this CVE

Social Mentions

Source	Title	Posted (UTC)
@CVEreport	CVE-2022-20865 : A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker t… twitter.com/i/web/status/1…	2022-08-25 18:49:33
@sidfm_jp	Cisco FXOS の CLI の処理にデバイスの root 権限を奪われる問題 (CVE-2022-20865) [43169] sid.softek.jp/content/show/4… #SIDfm #脆弱性情報	2022-08-26 06:30:03
/r/netcve	CVE-2022-20865	2022-08-25 20:06:53