Privilege escalation in Cisco IOS XE Software for Cisco Catalyst 9000 Family Switches and Catalyst 9000 Family Wireless Controllers
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2022-20681 |
| CWE-ID | CWE-266 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
Cisco IOS XE Operating systems & Components / Operating system Catalyst 9300 Series Switches Hardware solutions / Routers & switches, VoIP, GSM, etc Catalyst 9400 Series Switches Hardware solutions / Routers & switches, VoIP, GSM, etc Catalyst 9500 Series Switches Hardware solutions / Routers & switches, VoIP, GSM, etc Catalyst 9800 Embedded Wireless Controller Hardware solutions / Routers & switches, VoIP, GSM, etc Catalyst 9800 Series Wireless Controllers Hardware solutions / Routers & switches, VoIP, GSM, etc Catalyst 9800-CL Wireless Controllers for Cloud Hardware solutions / Routers & switches, VoIP, GSM, etc Embedded Wireless Controller on Catalyst Access Points Hardware solutions / Routers & switches, VoIP, GSM, etc |
| Vendor | Cisco Systems, Inc |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Incorrect Privilege Assignment
EUVDB-ID: #VU62324
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-20681
CWE-ID:
CWE-266 - Incorrect Privilege Assignment
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to insufficient validation of user privileges after the user executes certain CLI commands. A local user can execute arbitrary commands with level 15 privileges on the target device.
MitigationInstall updates from vendor's website.
Vulnerable software versionsCisco IOS XE: 17.3.3 - 17.3.4
Catalyst 9300 Series Switches: All versions
Catalyst 9400 Series Switches: All versions
Catalyst 9500 Series Switches: All versions
Catalyst 9800 Embedded Wireless Controller: All versions
Catalyst 9800 Series Wireless Controllers: All versions
Catalyst 9800-CL Wireless Controllers for Cloud: All versions
Embedded Wireless Controller on Catalyst Access Points: All versions
CPE2.3- cpe:2.3:o:cisco_systems:cisco_ios_xe:17.3.3:*:*:*:*:*:*:*
- cpe:2.3:o:cisco_systems:cisco_ios_xe:17.3.4:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:catalyst_9300_series_switches:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:catalyst_9400_series_switches:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:catalyst_9500_series_switches:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:catalyst_9800_embedded_wireless_controller:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:catalyst_9800_series_wireless_controllers:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:catalyst_9800-cl_wireless_controllers_for_cloud:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:embedded_wireless_controller_on_catalyst_access_points:*:*:*:*:*:*:*:*
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ewlc-priv-esc-ybvHKO5
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
