CVE-2022-20719: Cisco IOx Application Hosting Environment Vulnerabilities
First published: Fri Apr 15 2022(Updated: )
Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software. For more information about these vulnerabilities, see the Details section of this advisory.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco IOS XE Software | =16.3.1 | |
| Cisco IOS XE Software | =16.3.1a | |
| Cisco IOS XE Software | =16.3.2 | |
| Cisco IOS XE Software | =16.3.3 | |
| Cisco IOS XE Software | =16.3.4 | |
| Cisco IOS XE Software | =16.3.5 | |
| Cisco IOS XE Software | =16.3.5b | |
| Cisco IOS XE Software | =16.3.6 | |
| Cisco IOS XE Software | =16.3.7 | |
| Cisco IOS XE Software | =16.3.8 | |
| Cisco IOS XE Software | =16.3.9 | |
| Cisco IOS XE Software | =16.3.10 | |
| Cisco IOS XE Software | =16.3.11 | |
| Cisco IOS XE Software | =16.4.1 | |
| Cisco IOS XE Software | =16.4.2 | |
| Cisco IOS XE Software | =16.4.3 | |
| Cisco IOS XE Software | =16.5.1 | |
| Cisco IOS XE Software | =16.5.1a | |
| Cisco IOS XE Software | =16.5.1b | |
| Cisco IOS XE Software | =16.5.2 | |
| Cisco IOS XE Software | =16.5.3 | |
| Cisco IOS XE Software | =16.6.1 | |
| Cisco IOS XE Software | =16.6.2 | |
| Cisco IOS XE Software | =16.6.3 | |
| Cisco IOS XE Software | =16.6.4 | |
| Cisco IOS XE Software | =16.6.4a | |
| Cisco IOS XE Software | =16.6.4s | |
| Cisco IOS XE Software | =16.6.5 | |
| Cisco IOS XE Software | =16.6.5a | |
| Cisco IOS XE Software | =16.6.5b | |
| Cisco IOS XE Software | =16.6.6 | |
| Cisco IOS XE Software | =16.6.7 | |
| Cisco IOS XE Software | =16.6.7a | |
| Cisco IOS XE Software | =16.6.8 | |
| Cisco IOS XE Software | =16.6.9 | |
| Cisco IOS XE Software | =16.6.10 | |
| Cisco IOS XE Software | =16.7.1 | |
| Cisco IOS XE Software | =16.7.1a | |
| Cisco IOS XE Software | =16.7.1b | |
| Cisco IOS XE Software | =16.7.2 | |
| Cisco IOS XE Software | =16.7.3 | |
| Cisco IOS XE Software | =16.7.4 | |
| Cisco IOS XE Software | =16.8.1 | |
| Cisco IOS XE Software | =16.8.1a | |
| Cisco IOS XE Software | =16.8.1b | |
| Cisco IOS XE Software | =16.8.1c | |
| Cisco IOS XE Software | =16.8.1d | |
| Cisco IOS XE Software | =16.8.1e | |
| Cisco IOS XE Software | =16.8.1s | |
| Cisco IOS XE Software | =16.8.2 | |
| Cisco IOS XE Software | =16.8.3 | |
| Cisco IOS XE Software | =16.9.1 | |
| Cisco IOS XE Software | =16.9.1a | |
| Cisco IOS XE Software | =16.9.1b | |
| Cisco IOS XE Software | =16.9.1c | |
| Cisco IOS XE Software | =16.9.1d | |
| Cisco IOS XE Software | =16.9.1s | |
| Cisco IOS XE Software | =16.9.2 | |
| Cisco IOS XE Software | =16.9.2a | |
| Cisco IOS XE Software | =16.9.2s | |
| Cisco IOS XE Software | =16.9.3 | |
| Cisco IOS XE Software | =16.9.3a | |
| Cisco IOS XE Software | =16.9.3h | |
| Cisco IOS XE Software | =16.9.3s | |
| Cisco IOS XE Software | =16.9.4 | |
| Cisco IOS XE Software | =16.9.4c | |
| Cisco IOS XE Software | =16.9.5 | |
| Cisco IOS XE Software | =16.9.5f | |
| Cisco IOS XE Software | =16.9.6 | |
| Cisco IOS XE Software | =16.9.7 | |
| Cisco IOS XE Software | =16.9.8 | |
| Cisco IOS XE Software | =16.10.1 | |
| Cisco IOS XE Software | =16.10.1a | |
| Cisco IOS XE Software | =16.10.1b | |
| Cisco IOS XE Software | =16.10.1c | |
| Cisco IOS XE Software | =16.10.1d | |
| Cisco IOS XE Software | =16.10.1e | |
| Cisco IOS XE Software | =16.10.1f | |
| Cisco IOS XE Software | =16.10.1g | |
| Cisco IOS XE Software | =16.10.1s | |
| Cisco IOS XE Software | =16.10.2 | |
| Cisco IOS XE Software | =16.10.3 | |
| Cisco IOS XE Software | =16.11.1 | |
| Cisco IOS XE Software | =16.11.1a | |
| Cisco IOS XE Software | =16.11.1b | |
| Cisco IOS XE Software | =16.11.1c | |
| Cisco IOS XE Software | =16.11.1s | |
| Cisco IOS XE Software | =16.11.2 | |
| Cisco IOS XE Software | =16.12.1 | |
| Cisco IOS XE Software | =16.12.1a | |
| Cisco IOS XE Software | =16.12.1c | |
| Cisco IOS XE Software | =16.12.1s | |
| Cisco IOS XE Software | =16.12.1t | |
| Cisco IOS XE Software | =16.12.1w | |
| Cisco IOS XE Software | =16.12.1x | |
| Cisco IOS XE Software | =16.12.1y | |
| Cisco IOS XE Software | =16.12.2 | |
| Cisco IOS XE Software | =16.12.2a | |
| Cisco IOS XE Software | =16.12.2s | |
| Cisco IOS XE Software | =16.12.2t | |
| Cisco IOS XE Software | =16.12.3 | |
| Cisco IOS XE Software | =16.12.3a | |
| Cisco IOS XE Software | =16.12.3s | |
| Cisco IOS XE Software | =16.12.4 | |
| Cisco IOS XE Software | =16.12.4a | |
| Cisco IOS XE Software | =16.12.5 | |
| Cisco IOS XE Software | =16.12.5a | |
| Cisco IOS XE Software | =17.1.1 | |
| Cisco IOS XE Software | =17.1.1a | |
| Cisco IOS XE Software | =17.1.1s | |
| Cisco IOS XE Software | =17.1.1t | |
| Cisco IOS XE Software | =17.1.2 | |
| Cisco IOS XE Software | =17.1.3 | |
| Cisco IOS XE Software | =17.2.1 | |
| Cisco IOS XE Software | =17.2.1a | |
| Cisco IOS XE Software | =17.2.1r | |
| Cisco IOS XE Software | =17.2.1v | |
| Cisco IOS XE Software | =17.2.2 | |
| Cisco IOS XE Software | =17.2.3 | |
| Cisco IOS XE Software | =17.3.1 | |
| Cisco IOS XE Software | =17.3.1a | |
| Cisco IOS XE Software | =17.3.1w | |
| Cisco IOS XE Software | =17.3.1x | |
| Cisco IOS XE Software | =17.3.1z | |
| Cisco IOS XE Software | =17.3.2 | |
| Cisco IOS XE Software | =17.3.2a | |
| Cisco IOS XE Software | =17.3.3 | |
| Cisco IOS XE Software | =17.3.3a | |
| Cisco IOS XE Software | =17.3.4 | |
| Cisco IOS XE Software | =17.3.4a | |
| Cisco IOS XE Software | =17.3.4b | |
| Cisco IOS XE Software | =17.3.4c | |
| Cisco IOS XE Software | =17.4.1 | |
| Cisco IOS XE Software | =17.4.1a | |
| Cisco IOS XE Software | =17.4.1b | |
| Cisco IOS XE Software | =17.4.1c | |
| Cisco IOS XE Software | =17.4.2 | |
| Cisco IOS XE Software | =17.4.2a | |
| Cisco IOS XE Software | =17.5.1 | |
| Cisco IOS XE Software | =17.5.1a | |
| Cisco IOS XE Software | =17.6.1 | |
| Cisco IOS XE Software | =17.6.1a | |
| Cisco IR510 Operating System | ||
| Cisco IOS XE Software |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2022-20719?
CVE-2022-20719 is rated as high severity due to its potential to allow arbitrary command injection and code execution on the underlying host operating system.
How do I fix CVE-2022-20719?
To fix CVE-2022-20719, you should update the affected Cisco IOS XE or IR510 Operating Systems to the latest versions recommended by Cisco.
What platforms are affected by CVE-2022-20719?
CVE-2022-20719 affects multiple Cisco platforms running the Cisco IOx application hosting environment.
What types of attacks can be executed through CVE-2022-20719?
Exploitation of CVE-2022-20719 can allow attackers to inject arbitrary commands and execute malicious code on the underlying host operating system.
Is CVE-2022-20719 actively being exploited?
As of now, there is no public indication that CVE-2022-20719 is actively being exploited in the wild, but organizations should still apply mitigations promptly.
- agent/weakness
- agent/references
- agent/type
- agent/description
- agent/severity
- agent/title
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/author
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/cisco
- canonical/cisco ios xe software
- version/cisco ios xe software/16.3.1
- version/cisco ios xe software/16.3.1a
- version/cisco ios xe software/16.3.2
- version/cisco ios xe software/16.3.3
- version/cisco ios xe software/16.3.4
- version/cisco ios xe software/16.3.5
- version/cisco ios xe software/16.3.5b
- version/cisco ios xe software/16.3.6
- version/cisco ios xe software/16.3.7
- version/cisco ios xe software/16.3.8
- version/cisco ios xe software/16.3.9
- version/cisco ios xe software/16.3.10
- version/cisco ios xe software/16.3.11
- version/cisco ios xe software/16.4.1
- version/cisco ios xe software/16.4.2
- version/cisco ios xe software/16.4.3
- version/cisco ios xe software/16.5.1
- version/cisco ios xe software/16.5.1a
- version/cisco ios xe software/16.5.1b
- version/cisco ios xe software/16.5.2
- version/cisco ios xe software/16.5.3
- version/cisco ios xe software/16.6.1
- version/cisco ios xe software/16.6.2
- version/cisco ios xe software/16.6.3
- version/cisco ios xe software/16.6.4
- version/cisco ios xe software/16.6.4a
- version/cisco ios xe software/16.6.4s
- version/cisco ios xe software/16.6.5
- version/cisco ios xe software/16.6.5a
- version/cisco ios xe software/16.6.5b
- version/cisco ios xe software/16.6.6
- version/cisco ios xe software/16.6.7
- version/cisco ios xe software/16.6.7a
- version/cisco ios xe software/16.6.8
- version/cisco ios xe software/16.6.9
- version/cisco ios xe software/16.6.10
- version/cisco ios xe software/16.7.1
- version/cisco ios xe software/16.7.1a
- version/cisco ios xe software/16.7.1b
- version/cisco ios xe software/16.7.2
- version/cisco ios xe software/16.7.3
- version/cisco ios xe software/16.7.4
- version/cisco ios xe software/16.8.1
- version/cisco ios xe software/16.8.1a
- version/cisco ios xe software/16.8.1b
- version/cisco ios xe software/16.8.1c
- version/cisco ios xe software/16.8.1d
- version/cisco ios xe software/16.8.1e
- version/cisco ios xe software/16.8.1s
- version/cisco ios xe software/16.8.2
- version/cisco ios xe software/16.8.3
- version/cisco ios xe software/16.9.1
- version/cisco ios xe software/16.9.1a
- version/cisco ios xe software/16.9.1b
- version/cisco ios xe software/16.9.1c
- version/cisco ios xe software/16.9.1d
- version/cisco ios xe software/16.9.1s
- version/cisco ios xe software/16.9.2
- version/cisco ios xe software/16.9.2a
- version/cisco ios xe software/16.9.2s
- version/cisco ios xe software/16.9.3
- version/cisco ios xe software/16.9.3a
- version/cisco ios xe software/16.9.3h
- version/cisco ios xe software/16.9.3s
- version/cisco ios xe software/16.9.4
- version/cisco ios xe software/16.9.4c
- version/cisco ios xe software/16.9.5
- version/cisco ios xe software/16.9.5f
- version/cisco ios xe software/16.9.6
- version/cisco ios xe software/16.9.7
- version/cisco ios xe software/16.9.8
- version/cisco ios xe software/16.10.1
- version/cisco ios xe software/16.10.1a
- version/cisco ios xe software/16.10.1b
- version/cisco ios xe software/16.10.1c
- version/cisco ios xe software/16.10.1d
- version/cisco ios xe software/16.10.1e
- version/cisco ios xe software/16.10.1f
- version/cisco ios xe software/16.10.1g
- version/cisco ios xe software/16.10.1s
- version/cisco ios xe software/16.10.2
- version/cisco ios xe software/16.10.3
- version/cisco ios xe software/16.11.1
- version/cisco ios xe software/16.11.1a
- version/cisco ios xe software/16.11.1b
- version/cisco ios xe software/16.11.1c
- version/cisco ios xe software/16.11.1s
- version/cisco ios xe software/16.11.2
- version/cisco ios xe software/16.12.1
- version/cisco ios xe software/16.12.1a
- version/cisco ios xe software/16.12.1c
- version/cisco ios xe software/16.12.1s
- version/cisco ios xe software/16.12.1t
- version/cisco ios xe software/16.12.1w
- version/cisco ios xe software/16.12.1x
- version/cisco ios xe software/16.12.1y
- version/cisco ios xe software/16.12.2
- version/cisco ios xe software/16.12.2a
- version/cisco ios xe software/16.12.2s
- version/cisco ios xe software/16.12.2t
- version/cisco ios xe software/16.12.3
- version/cisco ios xe software/16.12.3a
- version/cisco ios xe software/16.12.3s
- version/cisco ios xe software/16.12.4
- version/cisco ios xe software/16.12.4a
- version/cisco ios xe software/16.12.5
- version/cisco ios xe software/16.12.5a
- version/cisco ios xe software/17.1.1
- version/cisco ios xe software/17.1.1a
- version/cisco ios xe software/17.1.1s
- version/cisco ios xe software/17.1.1t
- version/cisco ios xe software/17.1.2
- version/cisco ios xe software/17.1.3
- version/cisco ios xe software/17.2.1
- version/cisco ios xe software/17.2.1a
- version/cisco ios xe software/17.2.1r
- version/cisco ios xe software/17.2.1v
- version/cisco ios xe software/17.2.2
- version/cisco ios xe software/17.2.3
- version/cisco ios xe software/17.3.1
- version/cisco ios xe software/17.3.1a
- version/cisco ios xe software/17.3.1w
- version/cisco ios xe software/17.3.1x
- version/cisco ios xe software/17.3.1z
- version/cisco ios xe software/17.3.2
- version/cisco ios xe software/17.3.2a
- version/cisco ios xe software/17.3.3
- version/cisco ios xe software/17.3.3a
- version/cisco ios xe software/17.3.4
- version/cisco ios xe software/17.3.4a
- version/cisco ios xe software/17.3.4b
- version/cisco ios xe software/17.3.4c
- version/cisco ios xe software/17.4.1
- version/cisco ios xe software/17.4.1a
- version/cisco ios xe software/17.4.1b
- version/cisco ios xe software/17.4.1c
- version/cisco ios xe software/17.4.2
- version/cisco ios xe software/17.4.2a
- version/cisco ios xe software/17.5.1
- version/cisco ios xe software/17.5.1a
- version/cisco ios xe software/17.6.1
- version/cisco ios xe software/17.6.1a
- canonical/cisco ir510 operating system