What is CVE-2022-20724?

CVE-2022-20724 is a medium-severity vulnerability in Cisco Cgr1000_compute_module, classified under Path Traversal. CVSS score: 5.5/10. Published 2022-04-15.

How severe is CVE-2022-20724?

Medium severity. CVSS v3 base score is 5.5 out of 10.

Path Traversal in Cisco Cgr1000_compute_module

CVE-2022-20724

Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying…

Vulnerability class: Path Traversal (Directory Traversal)

EPSS: 0.012 (64.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.5 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:N.

Affected products

Cisco Cgr1000_compute_module
Cisco Ios — versions n/a
Cisco Ic3000_industrial_compute_gateway
Cisco Ios — versions 15.2\(5\)e1, 15.2\(5\)e2c, 15.2\(6\)e0a
Cisco Ios_xe — versions 16.3.1, 16.3.1a, 16.3.2

Weakness classification (CWE)

References

psirt@cisco.com (x_refsource_CISCO, vendor-advisory, Vendor Advisory)
psirt@cisco.com (Exploit, Third Party Advisory, x_refsource_MISC)

Frequently asked questions

What is CVE-2022-20724?: CVE-2022-20724 is a medium-severity vulnerability in Cisco Cgr1000_compute_module, classified under Path Traversal. CVSS score: 5.5/10. Published 2022-04-15.
How severe is CVE-2022-20724?: Medium severity. CVSS v3 base score is 5.5 out of 10.