Cyber Resilience

CVE-2022-20650

HighRCE

Published: 23 February 2022

Published
23 February 2022
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0346 87.8th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-20650 is a high-severity OS Command Injection (CWE-78) vulnerability in Cisco Nx-Os. Its CVSS base score is 8.8 (High).

Operationally, ranked in the top 12.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

Deeper analysis

A vulnerability in the NX-API feature of Cisco NX-OS Software allows an authenticated remote attacker to execute arbitrary commands with root privileges on the underlying operating system. The issue stems from insufficient input validation of user-supplied data sent to the NX-API and is tracked as CWE-78. The NX-API component is disabled by default, and the flaw carries a CVSS 3.1 score of 8.8.

An attacker with valid credentials can exploit the weakness by sending a crafted HTTP POST request to the NX-API endpoint of an affected device. Successful exploitation grants the ability to run arbitrary commands as root without further user interaction.

The referenced Cisco Security Advisory cisco-sa-nxos-nxapi-cmdinject-ULukNMZ2 addresses the issue and notes that the NX-API feature remains disabled by default as a key control.

EPSS for this CVE rose from lower values to a peak of 0.0977 before receding to the current 0.0346, indicating a period of increased exploitation interest after disclosure.

EU & UK References

Vulnerability details

A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an authenticated, remote attacker to execute arbitrary commands with root privileges. The vulnerability is due to insufficient input validation of user supplied data that is sent to the…

more

NX-API. An attacker could exploit this vulnerability by sending a crafted HTTP POST request to the NX-API of an affected device. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the underlying operating system. Note: The NX-API feature is disabled by default.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

cisco
nx-os
10.2\(1.72\), 7.3\(8\)n1\(0.4\)

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-78

Platform-independent apps typically execute inside a managed runtime or sandbox that restricts direct OS command execution, reducing the ability to exploit OS command injection.

addresses: CWE-78

Validates inputs to block special elements that would alter OS command execution.

References