XSS in Cisco 800m_integrated_services_router
CVE-2022-20725
Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying…
Vulnerability class: Path Traversal (Directory Traversal)
EPSS: 0.006 (43.2th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 5.5 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:N.
Affected products
- Cisco 800m_integrated_services_router
- Cisco 807_industrial_integrated_services_router
- Cisco 812_3g_integrated_services_router
- Cisco 812_cifi_integrated_services_router
- Cisco 819_hardened_dual_radio_802.11n_wifi_integrated_services_router
- Cisco 819_hardened_integrated_services_router
- Cisco 829_industrial_integrated_services_router
- Cisco 860vae-w_integrated_services_router
- Cisco 861_integrated_services_router
- Cisco 861w_integrated_services_router
Weakness classification (CWE)
References
- psirt@cisco.com (x_refsource_CISCO, vendor-advisory, Vendor Advisory)
- psirt@cisco.com (Third Party Advisory, x_refsource_MISC)
Frequently asked questions
- What is CVE-2022-20725?
- CVE-2022-20725 is a medium-severity vulnerability in Cisco 800m_integrated_services_router, classified under Path Traversal. CVSS score: 5.5/10. Published 2022-04-15.
- How severe is CVE-2022-20725?
- Medium severity. CVSS v3 base score is 5.5 out of 10.