What is CVE-2022-20726?

CVE-2022-20726 is a medium-severity vulnerability in Cisco Cgr1000_compute_module, classified under Path Traversal. CVSS score: 5.5/10. Published 2022-04-15.

How severe is CVE-2022-20726?

Medium severity. CVSS v3 base score is 5.5 out of 10.

Path Traversal in Cisco Cgr1000_compute_module

CVE-2022-20726

Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying…

Vulnerability class: Path Traversal (Directory Traversal)

EPSS: 0.010 (59.1th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.5 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:N.

Affected products

Cisco Cgr1000_compute_module
Cisco Ios — versions n/a
Cisco Ic3000_industrial_compute_gateway
Cisco Ios — versions 15.2\(5\)e1, 15.2\(5\)e2c, 15.2\(6\)e0a

Weakness classification (CWE)

References

psirt@cisco.com (x_refsource_CISCO, vendor-advisory, Vendor Advisory)

Frequently asked questions

What is CVE-2022-20726?: CVE-2022-20726 is a medium-severity vulnerability in Cisco Cgr1000_compute_module, classified under Path Traversal. CVSS score: 5.5/10. Published 2022-04-15.
How severe is CVE-2022-20726?: Medium severity. CVSS v3 base score is 5.5 out of 10.