What is CVE-2022-20652?

CVE-2022-20652 is a medium-severity vulnerability in Cisco Secure Workload, classified under OS Command Injection. CVSS score: 6.5/10. Published 2024-11-15.

How severe is CVE-2022-20652?

Medium severity. CVSS v3 base score is 6.5 out of 10.

RCE in Cisco Secure Workload

CVE-2022-20652

A vulnerability in the web-based management interface and in the API subsystem of Cisco Tetration could allow an authenticated, remote attacker to inject arbitrary commands to be executed with root-level privileges on the underlying o…

Vulnerability class: Command Injection (OS Command Injection)

EPSS: 0.001 (31.2th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.5 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N.

Affected products

Cisco Secure Workload — versions 2.2.1.41, 3.2.1.18, 3.3.2.50

Weakness classification (CWE)

CWE-78 — OS Command Injection

References

cisco-sa-tetr-cmd-injc-skrwGO
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-xss-FmbPu2pe

Frequently asked questions

What is CVE-2022-20652?: CVE-2022-20652 is a medium-severity vulnerability in Cisco Secure Workload, classified under OS Command Injection. CVSS score: 6.5/10. Published 2024-11-15.
How severe is CVE-2022-20652?: Medium severity. CVSS v3 base score is 6.5 out of 10.