Vulnerabilities > CVE-2022-20726 - Improper Handling of Exceptional Conditions vulnerability in Cisco IOS

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

cisco

CWE-755

NVD

Published: 2022-04-15

Updated: 2023-11-07

Summary

Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software. For more information about these vulnerabilities, see the Details section of this advisory.

Vulnerable Configurations

Part	Description	Count
OS	Cisco Cisco IOS 15.6\(2\)T3 Cisco IOS 15.6\(1\)T2 Cisco IOS * Cisco IOS 15.6\(2\)T1 Cisco IOS 15.6\(3\)M1 Cisco IOS 15.6\(3\)M3 Cisco IOS 15.7\(3\)M Cisco IOS 15.6\(2\)T2 Cisco IOS 15.6\(1\)T1 Cisco IOS 15.6\(3\)M1B Cisco IOS 15.6\(3\)M Cisco IOS 15.6\(2\)T Cisco IOS 15.6\(3\)M0A Cisco IOS 15.6\(3\)M2 Cisco IOS 15.2\(5\)E1 Cisco IOS 15.6\(1\)T3 Cisco IOS 15.2\(5\)E2C Cisco IOS 15.6\(3\)M3A Cisco IOS 15.7\(3\)M0A Cisco IOS 15.7\(3\)M1 Cisco IOS 15.7\(3\)M2 Cisco IOS 15.6\(3\)M4 Cisco IOS 15.2\(6\)E1 Cisco IOS 15.2\(6\)E0A Cisco IOS 15.7\(3\)M3 Cisco IOS 15.6\(3\)M5 Cisco IOS 15.8\(3\)M0A Cisco IOS 15.8\(3\)M Cisco IOS 15.2\(6\)E2A Cisco IOS 15.2\(7\)E Cisco IOS 15.2\(7\)E0S Cisco IOS 15.6\(3\)M6A Cisco IOS 15.6\(3\)M6B Cisco IOS 15.7\(3\)M4 Cisco IOS 15.7\(3\)M5 Cisco IOS 15.7\(3\)M4B Cisco IOS 15.8\(3\)M3 Cisco IOS 15.8\(3\)M2A Cisco IOS 15.8\(3\)M2 Cisco IOS 15.6\(3\)M6 Cisco IOS 15.8\(3\)M1 Cisco IOS 15.9\(3\)M Cisco IOS 15.2\(7\)E0B Cisco IOS 15.7\(3\)M4A Cisco IOS 15.6\(3\)M7 Cisco IOS 15.7\(3\)M6 Cisco IOS 15.8\(3\)M4 Cisco IOS 15.8\(3\)M5 Cisco IOS 15.6\(3\)M8 Cisco IOS 15.9\(3\)M2A Cisco IOS 15.9\(3\)M1 Cisco IOS 15.9\(3\)M2 Cisco IOS 15.8\(3\)M6 Cisco IOS 15.9\(3\)M3 Cisco IOS 15.8\(3\)M7 Cisco IOS 15.9\(3\)M4A Cisco IOS 15.9\(3\)M4	57
Application	Cisco Cisco Cgr1000 Compute Module * Cisco Ic3000 Industrial Compute Gateway *	2

Common Weakness Enumeration (CWE)

CWE-755 - Improper Handling of Exceptional Conditions

References

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iox-yuXQ6hFj