What is CVE-2022-20677?

CVE-2022-20677 is a medium-severity vulnerability in Cisco 1100-4g_integrated_services_router, classified under Path Traversal. CVSS score: 5.5/10. Published 2022-04-15.

How severe is CVE-2022-20677?

Medium severity. CVSS v3 base score is 5.5 out of 10.

Path Traversal in Cisco 1100-4g_integrated_services_router

CVE-2022-20677

Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying…

Vulnerability class: Path Traversal (Directory Traversal)

EPSS: 0.006 (43.4th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.5 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:N.

Affected products

Cisco 1100-4g_integrated_services_router
Cisco 1100-6g_integrated_services_router
Cisco 1101_integrated_services_router
Cisco 1109_integrated_services_router
Cisco 1111x_integrated_services_router
Cisco 111x_integrated_services_router
Cisco 1120_integrated_services_router
Cisco 1131_integrated_services_router
Cisco 1160_integrated_services_router
Cisco 4221_integrated_services_router

Weakness classification (CWE)

CWE-22 — Path Traversal
CWE-326 — Inadequate Encryption Strength

References

psirt@cisco.com (x_refsource_CISCO, vendor-advisory, Vendor Advisory)

Frequently asked questions

What is CVE-2022-20677?: CVE-2022-20677 is a medium-severity vulnerability in Cisco 1100-4g_integrated_services_router, classified under Path Traversal. CVSS score: 5.5/10. Published 2022-04-15.
How severe is CVE-2022-20677?: Medium severity. CVSS v3 base score is 5.5 out of 10.