CVE-2022-20655

CVSS 8.8 · High EPSS 0.40% · P61 Updated Jan 25, 2025

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2022-20655

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

A vulnerability in the implementation of the CLI on a device that is running ConfD could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient validation of a process argument on an affected device. An attacker could exploit this vulnerability by injecting commands during the execution of this process. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the privilege level of ConfD, which is commonly root.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Source: NVD (National Vulnerability Database)

Vulnerability Type

OS命令中使用的特殊元素转义处理不恰当(OS命令注入)

Source: NVD (National Vulnerability Database)

Vulnerability Title

Cisco 多款产品操作系统命令注入漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Cisco Enterprise NFV Infrastructure Software（NFVIS）和Cisco Network Services Orchestrator（NSO）都是美国思科（Cisco）公司的产品。Cisco Enterprise NFV Infrastructure Software是一套NVF基础架构软件平台。该平台可以通过中央协调器和控制器实现虚拟化服务的全生命周期管理。Cisco Network Services Orchestrator是一套网络自动化服务解决方案。 Ci

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE
Cisco	Cisco IOS XR Software	N/A	-
Cisco	Cisco Virtual Topology System (VTS)	N/A	-
Cisco	Cisco Network Services Orchestrator	N/A	-
Cisco	Cisco Enterprise NFV Infrastructure Software	N/A	-
Cisco	Cisco Catalyst SD-WAN	N/A	-
Cisco	Cisco Catalyst SD-WAN Manager	N/A	-
Cisco	Cisco IOS XE Catalyst SD-WAN	N/A	-
Cisco	Cisco SD-WAN vEdge Router	N/A	-
Cisco	Cisco Ultra Gateway Platform	N/A	-
Cisco	Cisco Carrier Packet Transport	3.5	-

II. Public POCs for CVE-2022-20655

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2022-20655

请登录查看更多情报信息。

Same Patch Batch · Cisco · 2024-11-15 · 50 CVEs total

CVE-2023-20036	9.9 CRITICAL	Cisco Industrial Network Director Command Injection Vulnerability
CVE-2023-20154	9.1 CRITICAL	Cisco Modeling Labs External Authentication Bypass Vulnerability
CVE-2023-20125	8.6 HIGH	Cisco BroadWorks Network Server TCP Denial of Service Vulnerability
CVE-2022-20649	8.1 HIGH	Cisco Redundancy Configuration Manager Debug Remote Code Execution Vulnerability
CVE-2022-20685	7.5 HIGH	Multiple Cisco Products Snort Modbus Denial of Service Vulnerability
CVE-2022-20853	7.4 HIGH	Cisco Expressway Series and Cisco TelePresence VCS Cross-Site Request Forgery Vulnerabilit
CVE-2022-20814	7.4 HIGH	Cisco Expressway Series and Cisco TelePresence VCS Improper Certificate Validation Vulnera
CVE-2022-20793	6.8 MEDIUM	Cisco Touch 10 Device Insufficient Identity Verification Vulnerability
CVE-2023-20090	6.7 MEDIUM	Cisco TelePresence Collaboration Endpoint and RoomOS Software Privilege Escalation Vulnera
CVE-2021-34752	6.7 MEDIUM	Cisco Firepower Threat Defense Command Injection Vulnerabilities
CVE-2022-20652	6.5 MEDIUM	Cisco Tetration Command Injection Vulnerability
CVE-2022-20931	6.5 MEDIUM	Cisco Touch 10 Device Downgrade Attack Vulnerability
CVE-2021-1484	6.5 MEDIUM	Cisco SD-WAN vManage Command Injection Vulnerability
CVE-2022-20656	6.5 MEDIUM	Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager Path Traversal V
CVE-2021-1482	6.4 MEDIUM	Cisco SD-WAN vManage Authorization Bypass Vulnerability
CVE-2021-1483	6.4 MEDIUM	Cisco SD-WAN vManage Software XML External Entity Vulnerability
CVE-2022-20871	6.3 MEDIUM	Cisco Secure Web Appliance Privilege Escalation Vulnerability
CVE-2022-20657	6.1 MEDIUM	Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager Cross-Site Scrip
CVE-2022-20849	6.1 MEDIUM	Cisco IOS XR Software Broadband Network Gateway PPPoE Denial of Service Vulnerability
CVE-2022-20663	6.1 MEDIUM	Secure Network Analytics Cross-Site Scripting Vulnerability

Showing top 20 of 50 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: Cisco IOS XR Software

Same vendor: Cisco

Same weakness: CWE-78

V. Comments for CVE-2022-20655

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2022-20655

I. Basic Information for CVE-2022-20655

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2022-20655

III. Intelligence Information for CVE-2022-20655

Same Patch Batch · Cisco · 2024-11-15 · 50 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2022-20655

Leave a comment