What is CVE-2022-20727?

CVE-2022-20727 is a medium-severity vulnerability in Cisco Cgr1000_compute_module, classified under Path Traversal. CVSS score: 5.5/10. Published 2022-04-15.

How severe is CVE-2022-20727?

Medium severity. CVSS v3 base score is 5.5 out of 10.

Path Traversal in Cisco Cgr1000_compute_module

CVE-2022-20727

Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying…

Vulnerability class: Path Traversal (Directory Traversal)

EPSS: 0.010 (58.7th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.5 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:N.

Affected products

Cisco Cgr1000_compute_module
Cisco Ios — versions n/a
Cisco Ic3000_industrial_compute_gateway
Cisco Ios — versions 15.2\(5\)e1, 15.2\(6\)e0a, 15.2\(6\)e1
Cisco Ios_xe — versions 16.3.1, 16.3.1a, 16.3.2
Cisco Ir510_operating_system

Weakness classification (CWE)

CWE-22 — Path Traversal

References

psirt@cisco.com (x_refsource_CISCO, vendor-advisory, Vendor Advisory)

Frequently asked questions

What is CVE-2022-20727?: CVE-2022-20727 is a medium-severity vulnerability in Cisco Cgr1000_compute_module, classified under Path Traversal. CVSS score: 5.5/10. Published 2022-04-15.
How severe is CVE-2022-20727?: Medium severity. CVSS v3 base score is 5.5 out of 10.