CVE-2022-20652

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Nov 15, 2024

CWE ID 78

Summary

CVE-2022-20652 is a vulnerability affecting the web-based management interface and API subsystem of Cisco Tetration. This issue permits authenticated, remote attackers to inject arbitrary commands that can be executed with root-level privileges on the underlying operating system due to insufficient input validation. An attacker could exploit this flaw by submitting a specially crafted HTTP message to the affected system. Successful exploitation could lead to the execution of commands with administrative privileges, requiring valid administrator-level credentials to exploit this vulnerability. Cisco has released software updates addressing this vulnerability, and no workarounds are currently available.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Vendors

Cisco Systems Inc

Advisories, Assessments, and Mitigations

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Artificial Eyes: Generative AI in China’s Military Intelligence

GrayAlpha Uses Diverse Infection Vectors to Deploy PowerNet Loader and NetSupport RAT

Predator Still Active, with New Client and Corporate Links Identified

Know What Matters

For Customers

For Partners