Execution with unnecessary privileges in Cisco Systems, Inc Operating systems & Components

#VU62326 Execution with unnecessary privileges in Cisco Systems, Inc Operating systems & Components

Published: 2022-04-14

Vulnerability identifier: #VU62326

Vulnerability risk: Low

CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-20677

CWE-ID: CWE-250

Exploitation vector: Local

Exploit availability: No

Vendor: Cisco Systems, Inc

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to incomplete file protection for the Cisco IOx application hosting environment. A local user with privilege level 15 can execute arbitrary commands as root.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

800 Series Industrial Integrated Services Routers: All versions

800 Series Integrated Services Routers: All versions

CGR1000 Compute Modules: All versions

Industrial Ethernet 4000 Series Switches: All versions

Cisco 1000 Series Integrated Services Routers: All versions

4000 Series Integrated Services Routers: All versions

Cisco ASR 1000 Series Aggregation Services Routers: All versions

Catalyst 9x00 Series Switches: All versions

Catalyst IE3400 Rugged Series: All versions

Embedded Services 3300 Series Switches: All versions

IR510 WPAN Industrial Routers: All versions

External links
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iox-yuXQ6hFj

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Execution with unnecessary privileges in Cisco IOx Application Hosting Environment