CVE-2022-20934: CLI Command Injection in Cisco FTD/FXOS (Local Auth Root Exec)
CVE-2022-20934 Published on November 15, 2022
A vulnerability in the CLI of Cisco Firepower Threat Defense (FTD) Software and Cisco FXOS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system as root. This vulnerability is due to improper input validation for specific CLI commands. An attacker could exploit this vulnerability by injecting operating system commands into a legitimate command. A successful exploit could allow the attacker to escape the restricted command prompt and execute arbitrary commands on the underlying operating system. To successfully exploit this vulnerability, an attacker would need valid Administrator credentials.
Vulnerability Analysis
CVE-2022-20934 is exploitable with local system access, and requires user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality and integrity, and no impact on availability.
Weakness Type
What is a Command Injection Vulnerability?
The software constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.
CVE-2022-20934 has been classified to as a Command Injection vulnerability or weakness.
Products Associated with CVE-2022-20934
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2022-20934 are published in these products:
Affected Versions
Cisco Firepower Threat Defense Software:- Version 6.2.3 is affected.
- Version 6.2.3.1 is affected.
- Version 6.2.3.2 is affected.
- Version 6.2.3.3 is affected.
- Version 6.2.3.4 is affected.
- Version 6.2.3.5 is affected.
- Version 6.2.3.6 is affected.
- Version 6.2.3.7 is affected.
- Version 6.2.3.8 is affected.
- Version 6.2.3.10 is affected.
- Version 6.2.3.11 is affected.
- Version 6.2.3.9 is affected.
- Version 6.2.3.12 is affected.
- Version 6.2.3.13 is affected.
- Version 6.2.3.14 is affected.
- Version 6.2.3.15 is affected.
- Version 6.2.3.16 is affected.
- Version 6.2.3.17 is affected.
- Version 6.2.3.18 is affected.
- Version 6.6.0 is affected.
- Version 6.6.0.1 is affected.
- Version 6.6.1 is affected.
- Version 6.6.3 is affected.
- Version 6.6.4 is affected.
- Version 6.6.5 is affected.
- Version 6.6.5.1 is affected.
- Version 6.6.5.2 is affected.
- Version 6.6.7 is affected.
- Version 6.4.0 is affected.
- Version 6.4.0.1 is affected.
- Version 6.4.0.3 is affected.
- Version 6.4.0.2 is affected.
- Version 6.4.0.4 is affected.
- Version 6.4.0.5 is affected.
- Version 6.4.0.6 is affected.
- Version 6.4.0.7 is affected.
- Version 6.4.0.8 is affected.
- Version 6.4.0.9 is affected.
- Version 6.4.0.10 is affected.
- Version 6.4.0.11 is affected.
- Version 6.4.0.12 is affected.
- Version 6.4.0.13 is affected.
- Version 6.4.0.14 is affected.
- Version 6.4.0.15 is affected.
- Version 6.7.0 is affected.
- Version 6.7.0.1 is affected.
- Version 6.7.0.2 is affected.
- Version 6.7.0.3 is affected.
- Version 7.0.0 is affected.
- Version 7.0.0.1 is affected.
- Version 7.0.1 is affected.
- Version 7.0.1.1 is affected.
- Version 7.0.2 is affected.
- Version 7.0.2.1 is affected.
- Version 7.0.3 is affected.
- Version 7.0.4 is affected.
- Version 7.1.0 is affected.
- Version 7.1.0.1 is affected.
- Version 7.1.0.2 is affected.
- Version 7.2.0 is affected.
- Version 7.2.0.1 is affected.
- Version 2.2.1.63 is affected.
- Version 2.2.1.66 is affected.
- Version 2.2.1.70 is affected.
- Version 2.2.2.17 is affected.
- Version 2.2.2.19 is affected.
- Version 2.2.2.24 is affected.
- Version 2.2.2.26 is affected.
- Version 2.2.2.28 is affected.
- Version 2.2.2.54 is affected.
- Version 2.2.2.60 is affected.
- Version 2.2.2.71 is affected.
- Version 2.2.2.83 is affected.
- Version 2.2.2.86 is affected.
- Version 2.2.2.91 is affected.
- Version 2.2.2.97 is affected.
- Version 2.2.2.101 is affected.
- Version 2.2.2.137 is affected.
- Version 2.2.2.148 is affected.
- Version 2.2.2.149 is affected.
- Version 2.3.1.99 is affected.
- Version 2.3.1.93 is affected.
- Version 2.3.1.91 is affected.
- Version 2.3.1.88 is affected.
- Version 2.3.1.75 is affected.
- Version 2.3.1.73 is affected.
- Version 2.3.1.66 is affected.
- Version 2.3.1.58 is affected.
- Version 2.3.1.130 is affected.
- Version 2.3.1.111 is affected.
- Version 2.3.1.110 is affected.
- Version 2.3.1.144 is affected.
- Version 2.3.1.145 is affected.
- Version 2.3.1.155 is affected.
- Version 2.3.1.166 is affected.
- Version 2.3.1.173 is affected.
- Version 2.3.1.179 is affected.
- Version 2.3.1.180 is affected.
- Version 2.3.1.56 is affected.
- Version 2.3.1.190 is affected.
- Version 2.3.1.215 is affected.
- Version 2.3.1.216 is affected.
- Version 2.3.1.219 is affected.
- Version 2.6.1.131 is affected.
- Version 2.6.1.157 is affected.
- Version 2.6.1.166 is affected.
- Version 2.6.1.169 is affected.
- Version 2.6.1.174 is affected.
- Version 2.6.1.187 is affected.
- Version 2.6.1.192 is affected.
- Version 2.6.1.204 is affected.
- Version 2.6.1.214 is affected.
- Version 2.6.1.224 is affected.
- Version 2.6.1.229 is affected.
- Version 2.6.1.230 is affected.
- Version 2.6.1.238 is affected.
- Version 2.6.1.239 is affected.
- Version 2.6.1.254 is affected.
- Version 2.8.1.105 is affected.
- Version 2.8.1.125 is affected.
- Version 2.8.1.139 is affected.
- Version 2.8.1.143 is affected.
- Version 2.8.1.152 is affected.
- Version 2.8.1.162 is affected.
- Version 2.8.1.164 is affected.
- Version 2.8.1.172 is affected.
- Version 2.9.1.131 is affected.
- Version 2.9.1.135 is affected.
- Version 2.9.1.143 is affected.
- Version 2.9.1.150 is affected.
- Version 2.9.1.158 is affected.
- Version 2.10.1.159 is affected.
- Version 2.10.1.166 is affected.
- Version 2.10.1.179 is affected.
- Version 2.11.1.154 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.