7.9
HIGH
CVE-2022-20855
"Cisco Catalyst Access Point Cisco IOS XE Software Command Execution Vulnerability"
Description

A vulnerability in the self-healing functionality of Cisco IOS XE Software for Embedded Wireless Controllers on Catalyst Access Points could allow an authenticated, local attacker to escape the restricted controller shell and execute arbitrary commands on the underlying operating system of the access point. This vulnerability is due to improper checks throughout the restart of certain system processes. An attacker could exploit this vulnerability by logging on to an affected device and executing certain CLI commands. A successful exploit could allow the attacker to execute arbitrary commands on the underlying OS as root. To successfully exploit this vulnerability, an attacker would need valid credentials for a privilege level 15 user of the wireless controller.

INFO

Published Date :

Sept. 30, 2022, 7:15 p.m.

Last Modified :

Nov. 21, 2024, 6:43 a.m.

Remotely Exploitable :

No

Impact Score :

5.8

Exploitability Score :

1.5
Public PoC/Exploit Available at Github

CVE-2022-20855 has a 2 public PoC/Exploit available at Github. Go to the Public Exploits tab to see the list.

Affected Products

The following products are affected by CVE-2022-20855 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Cisco ios_xe
2 Cisco catalyst_9800
3 Cisco catalyst_9800-40
4 Cisco catalyst_9800-80
5 Cisco catalyst_9800-cl
6 Cisco catalyst_9800-l
7 Cisco catalyst_9800-l-c
8 Cisco catalyst_9800-l-f
9 Cisco catalyst_9105
10 Cisco catalyst_9115
11 Cisco catalyst_9117
12 Cisco catalyst_9120
13 Cisco catalyst_9130
14 Cisco catalyst_9115_ap
15 Cisco catalyst_9117_ap
16 Cisco catalyst_9120_ap
17 Cisco catalyst_9130_ap
18 Cisco catalyst_9105axi
19 Cisco catalyst_9105axw
20 Cisco catalyst_9115axe
21 Cisco catalyst_9115axi
22 Cisco catalyst_9117axi
23 Cisco catalyst_9120axe
24 Cisco catalyst_9120axi
25 Cisco catalyst_9120axp
26 Cisco catalyst_9124
27 Cisco catalyst_9124axd
28 Cisco catalyst_9124axi
29 Cisco catalyst_9130axe
30 Cisco catalyst_9130axi
References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2022-20855.

URL Resource
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ewc-priv-esc-nderYLtK Vendor Advisory
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ewc-priv-esc-nderYLtK Vendor Advisory

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Proof-of-Concept Exploits Based On Known CVE's

cve cybersecurity educational proof-of-concept security

Python C Shell C++

Updated: 4 months, 1 week ago
6 stars 1 fork 1 watcher
Born at : Feb. 24, 2023, 10:59 a.m. This repo has been linked 4 different CVEs too.

test 反向辣鸡数据投放 CVE-2022-23305 工具 利用 教程 Exploit POC

cve-2020-

Updated: 2 years, 1 month ago
5 stars 2 fork 2 watcher
Born at : Jan. 21, 2022, 5:07 a.m. This repo has been linked 2633 different CVEs too.

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2022-20855 vulnerability anywhere in the article.

The following table lists the changes that have been made to the CVE-2022-20855 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • CVE Modified by af854a3a-2127-422b-91ae-364da2661108

    Nov. 21, 2024

    Action Type Old Value New Value
    Added Reference https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ewc-priv-esc-nderYLtK
  • CVE Modified by [email protected]

    May. 14, 2024

    Action Type Old Value New Value
  • CVE Modified by [email protected]

    Nov. 07, 2023

    Action Type Old Value New Value
    Removed CVSS V3 Cisco Systems, Inc. AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N
    Added CVSS V3.1 Cisco Systems, Inc. AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N
  • CPE Deprecation Remap by [email protected]

    Oct. 27, 2022

    Action Type Old Value New Value
    Changed CPE Configuration OR *cpe:2.3:a:cisco:ios_xe:17.6.1:*:*:*:*:*:*:* OR *cpe:2.3:o:cisco:ios_xe:17.6.1:*:*:*:*:*:*:*
  • Initial Analysis by [email protected]

    Oct. 05, 2022

    Action Type Old Value New Value
    Added CVSS V3.1 NIST AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
    Changed Reference Type https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ewc-priv-esc-nderYLtK No Types Assigned https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ewc-priv-esc-nderYLtK Vendor Advisory
    Added CWE NIST CWE-78
    Added CPE Configuration AND OR *cpe:2.3:a:cisco:ios_xe:17.6.1:*:*:*:*:*:*:* OR cpe:2.3:h:cisco:catalyst_9105:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:catalyst_9105axi:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:catalyst_9105axw:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:catalyst_9115:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:catalyst_9115_ap:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:catalyst_9115axe:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:catalyst_9115axi:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:catalyst_9117:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:catalyst_9117_ap:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:catalyst_9117axi:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:catalyst_9120:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:catalyst_9120_ap:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:catalyst_9120axe:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:catalyst_9120axi:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:catalyst_9120axp:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:catalyst_9124:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:catalyst_9124axd:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:catalyst_9124axi:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:catalyst_9130:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:catalyst_9130_ap:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:catalyst_9130axe:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:catalyst_9130axi:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:catalyst_9800:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:catalyst_9800-40:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:catalyst_9800-80:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:catalyst_9800-cl:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:catalyst_9800-l:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:catalyst_9800-l-c:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:catalyst_9800-l-f:-:*:*:*:*:*:*:*
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2022-20855 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Exploit Prediction

EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days.

0.04 }} 0.00%

score

0.05784

percentile

CVSS31 - Vulnerability Scoring System
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability