{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2022-20652","assignerOrgId":"d1c1063e-7a18-46af-9102-31f8928bc633","state":"PUBLISHED","assignerShortName":"cisco","dateReserved":"2021-11-02T13:28:29.036Z","datePublished":"2024-11-15T15:58:58.429Z","dateUpdated":"2024-11-19T16:08:33.640Z"},"containers":{"cna":{"title":"Cisco Tetration Command Injection Vulnerability","metrics":[{"format":"cvssV3_1","cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"}}],"descriptions":[{"lang":"en","value":"A vulnerability in the web-based management interface and in the API subsystem of Cisco Tetration could allow an authenticated, remote attacker to inject arbitrary commands to be executed with root-level privileges on the underlying operating system.\r\nThis vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by submitting a crafted HTTP message to the affected system. A successful exploit could allow the attacker to execute commands with root-level privileges. To exploit this vulnerability, an attacker would need valid administrator-level credentials.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability."}],"references":[{"url":"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-tetr-cmd-injc-skrwGO","name":"cisco-sa-tetr-cmd-injc-skrwGO"},{"url":"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-xss-FmbPu2pe","name":"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-xss-FmbPu2pe"}],"exploits":[{"lang":"en","value":"The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."}],"source":{"advisory":"cisco-sa-tetr-cmd-injc-skrwGO","discovery":"INTERNAL","defects":["CSCvz80034"]},"problemTypes":[{"descriptions":[{"lang":"en","description":"Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')","type":"cwe","cweId":"CWE-78"}]}],"affected":[{"vendor":"Cisco","product":"Cisco Secure Workload","versions":[{"version":"2.2.1.41","status":"affected"},{"version":"3.2.1.18","status":"affected"},{"version":"3.3.2.50","status":"affected"},{"version":"3.4.1.28","status":"affected"},{"version":"3.4.1.34","status":"affected"},{"version":"2.3.1.45","status":"affected"},{"version":"2.3.1.41","status":"affected"},{"version":"3.3.2.28","status":"affected"},{"version":"3.1.1.59","status":"affected"},{"version":"2.0.2.20","status":"affected"},{"version":"2.1.1.33","status":"affected"},{"version":"2.1.1.29","status":"affected"},{"version":"3.2.1.28","status":"affected"},{"version":"3.4.1.35","status":"affected"},{"version":"3.1.1.65","status":"affected"},{"version":"3.1.1.67","status":"affected"},{"version":"2.0.1.34","status":"affected"},{"version":"2.3.1.49","status":"affected"},{"version":"2.2.1.39","status":"affected"},{"version":"3.4.1.19","status":"affected"},{"version":"3.3.2.23","status":"affected"},{"version":"3.1.1.61","status":"affected"},{"version":"3.1.1.54","status":"affected"},{"version":"3.5.1.17","status":"affected"},{"version":"3.3.2.33","status":"affected"},{"version":"3.5.1.1","status":"affected"},{"version":"2.3.1.53","status":"affected"},{"version":"3.5.1.20","status":"affected"},{"version":"3.5.1.30","status":"affected"},{"version":"3.3.2.16","status":"affected"},{"version":"3.4.1.6","status":"affected"},{"version":"2.3.1.50","status":"affected"},{"version":"2.3.1.52","status":"affected"},{"version":"3.2.1.19","status":"affected"},{"version":"2.2.1.35","status":"affected"},{"version":"3.1.1.53","status":"affected"},{"version":"3.1.1.70","status":"affected"},{"version":"3.2.1.20","status":"affected"},{"version":"3.5.1.2","status":"affected"},{"version":"1.103.1.12","status":"affected"},{"version":"2.3.1.51","status":"affected"},{"version":"3.3.2.42","status":"affected"},{"version":"3.4.1.1","status":"affected"},{"version":"3.3.2.12","status":"affected"},{"version":"2.1.1.31","status":"affected"},{"version":"3.5.1.23","status":"affected"},{"version":"3.3.2.53","status":"affected"},{"version":"3.4.1.14","status":"affected"},{"version":"3.3.2.2","status":"affected"},{"version":"3.4.1.20","status":"affected"},{"version":"3.3.2.35","status":"affected"},{"version":"1.102.21","status":"affected"},{"version":"3.3.2.5","status":"affected"}],"defaultStatus":"unknown"}],"providerMetadata":{"orgId":"d1c1063e-7a18-46af-9102-31f8928bc633","shortName":"cisco","dateUpdated":"2024-11-15T15:58:58.429Z"}},"adp":[{"affected":[{"vendor":"cisco","product":"secure_workload","cpes":["cpe:2.3:a:cisco:secure_workload:*:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"0","status":"affected","lessThan":"3.5.1.37","versionType":"custom"}]}],"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-11-15T19:42:12.340434Z","id":"CVE-2022-20652","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-11-19T16:08:33.640Z"}}]}}