Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-20676

A vulnerability in the Tool Command Language (Tcl) interpreter of Cisco IOS XE Software could allow an authenticated, local attacker to escalate from privilege level 15 to root-level privileges. This vulnerability is due to insufficient input validation of data that is passed into the Tcl interpreter. An attacker could exploit this vulnerability by loading malicious Tcl code on an affected device. A successful exploit could allow the attacker to execute arbitrary commands as root. By default, Tcl shell access requires privilege level 15.

Published

2022-04-15T15:15:12.353

Last Modified

2024-11-21T06:43:17.770

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 5.1 (MEDIUM)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

3.9

Impact Score

10.0

Weaknesses

Type: Secondary
CWE-250
Type: Primary
CWE-20

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	cisco	ios_xe	16.12.1z2	Yes
Operating System	cisco	ios_xe	17.2.1	Yes
Operating System	cisco	ios_xe	17.2.1a	Yes
Operating System	cisco	ios_xe	17.2.1r	Yes
Operating System	cisco	ios_xe	17.2.1v	Yes
Operating System	cisco	ios_xe	17.2.2	Yes
Operating System	cisco	ios_xe	17.2.3	Yes
Operating System	cisco	ios_xe	17.3.1	Yes
Operating System	cisco	ios_xe	17.3.1a	Yes
Operating System	cisco	ios_xe	17.3.1w	Yes
Operating System	cisco	ios_xe	17.3.1x	Yes
Operating System	cisco	ios_xe	17.3.1z	Yes
Operating System	cisco	ios_xe	17.3.2	Yes
Operating System	cisco	ios_xe	17.3.2a	Yes
Operating System	cisco	ios_xe	17.3.3	Yes
Operating System	cisco	ios_xe	17.3.3a	Yes
Operating System	cisco	ios_xe	17.3.4	Yes
Operating System	cisco	ios_xe	17.3.4a	Yes
Operating System	cisco	ios_xe	17.3.4b	Yes
Operating System	cisco	ios_xe	17.3.4c	Yes
Operating System	cisco	ios_xe	17.4.1	Yes
Operating System	cisco	ios_xe	17.4.1a	Yes
Operating System	cisco	ios_xe	17.4.1b	Yes
Operating System	cisco	ios_xe	17.4.1c	Yes
Operating System	cisco	ios_xe	17.4.2	Yes
Operating System	cisco	ios_xe	17.4.2a	Yes
Operating System	cisco	ios_xe	17.5.1	Yes
Operating System	cisco	ios_xe	17.5.1a	Yes
Operating System	cisco	ios_xe	17.5.1c	Yes

References

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-priv-esc-grbtubU Vendor Advisory ([email protected])
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-priv-esc-grbtubU Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)