Cyber Resilience

CVE-2022-20865

Medium

Published: 25 August 2022

Published
25 August 2022
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0022 44.2th percentile
Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-20865 is a medium-severity OS Command Injection (CWE-78) vulnerability in Cisco Firepower 4110 Firmware. Its CVSS base score is 6.7 (Medium).

Operationally, ranked at the 44.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The attacker would need to have Administrator privileges on the device. This vulnerability is due…

more

to insufficient input validation of commands supplied by the user. An attacker could exploit this vulnerability by authenticating to a device and submitting crafted input to the affected command. A successful exploit could allow the attacker to execute commands on the underlying operating system with root privileges.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

cisco
firepower 4110 firmware
all versions
cisco
firepower 4112 firmware
all versions
cisco
firepower 4115 firmware
all versions
cisco
firepower 4120 firmware
all versions
cisco
firepower 4125 firmware
all versions
cisco
firepower 4140 firmware
all versions
cisco
firepower 4145 firmware
all versions
cisco
firepower 4150 firmware
all versions
cisco
firepower 9300 sm-40 firmware
all versions
cisco
firepower 9300 sm-48 firmware
all versions
+2 more product configuration(s) — see NVD for full list

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-78

Platform-independent apps typically execute inside a managed runtime or sandbox that restricts direct OS command execution, reducing the ability to exploit OS command injection.

addresses: CWE-78

Validates inputs to block special elements that would alter OS command execution.

References