What is the severity of CVE-2022-20726?

CVE-2022-20726 is rated as critical due to its potential to allow remote code execution on affected Cisco devices.

How do I fix CVE-2022-20726?

To fix CVE-2022-20726, users should update affected devices to the latest Cisco IOS version that addresses this vulnerability.

What platforms are affected by CVE-2022-20726?

CVE-2022-20726 affects multiple Cisco platforms, including the CGR 1000 Compute Module and various versions of Cisco IOS.

How can CVE-2022-20726 be exploited?

Attackers can exploit CVE-2022-20726 by injecting malicious commands into the underlying host operating system of affected devices.

What are the potential impacts of CVE-2022-20726?

The potential impacts of CVE-2022-20726 include unauthorized access, data loss, system compromise, and the ability to execute arbitrary code.

Vulnerability/
CVE-2022-20726

high

7.5

CWE

755 22 79

15/4/2022

6/11/2024

CVE-2022-20726: Cisco IOx Application Hosting Environment Vulnerabilities

First published: Fri Apr 15 2022(Updated: )

Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software. For more information about these vulnerabilities, see the Details section of this advisory.

Credit: ykramarz@cisco.com ykramarz@cisco.com

Affected Software	Affected Version	How to fix
Cisco CGR 1000 Compute Module
Cisco IC3000 Industrial Compute Gateway firmware
Cisco IOS
Cisco IOS	=15.2\(5\)e1
Cisco IOS	=15.2\(5\)e2c
Cisco IOS	=15.2\(6\)e0a
Cisco IOS	=15.2\(6\)e1
Cisco IOS	=15.2\(6\)e2a
Cisco IOS	=15.2\(7\)e
Cisco IOS	=15.2\(7\)e0b
Cisco IOS	=15.2\(7\)e0s
Cisco IOS	=15.6\(1\)t1
Cisco IOS	=15.6\(1\)t2
Cisco IOS	=15.6\(1\)t3
Cisco IOS	=15.6\(2\)t
Cisco IOS	=15.6\(2\)t1
Cisco IOS	=15.6\(2\)t2
Cisco IOS	=15.6\(2\)t3
Cisco IOS	=15.6\(3\)m
Cisco IOS	=15.6\(3\)m0a
Cisco IOS	=15.6\(3\)m1
Cisco IOS	=15.6\(3\)m1b
Cisco IOS	=15.6\(3\)m2
Cisco IOS	=15.6\(3\)m3
Cisco IOS	=15.6\(3\)m3a
Cisco IOS	=15.6\(3\)m4
Cisco IOS	=15.6\(3\)m5
Cisco IOS	=15.6\(3\)m6
Cisco IOS	=15.6\(3\)m6a
Cisco IOS	=15.6\(3\)m6b
Cisco IOS	=15.6\(3\)m7
Cisco IOS	=15.6\(3\)m8
Cisco IOS	=15.7\(3\)m
Cisco IOS	=15.7\(3\)m0a
Cisco IOS	=15.7\(3\)m1
Cisco IOS	=15.7\(3\)m2
Cisco IOS	=15.7\(3\)m3
Cisco IOS	=15.7\(3\)m4
Cisco IOS	=15.7\(3\)m4a
Cisco IOS	=15.7\(3\)m4b
Cisco IOS	=15.7\(3\)m5
Cisco IOS	=15.7\(3\)m6
Cisco IOS	=15.8\(3\)m
Cisco IOS	=15.8\(3\)m0a
Cisco IOS	=15.8\(3\)m1
Cisco IOS	=15.8\(3\)m2
Cisco IOS	=15.8\(3\)m2a
Cisco IOS	=15.8\(3\)m3
Cisco IOS	=15.8\(3\)m4
Cisco IOS	=15.8\(3\)m5
Cisco IOS	=15.8\(3\)m6
Cisco IOS	=15.8\(3\)m7
Cisco IOS	=15.9\(3\)m
Cisco IOS	=15.9\(3\)m1
Cisco IOS	=15.9\(3\)m2
Cisco IOS	=15.9\(3\)m2a
Cisco IOS	=15.9\(3\)m3
Cisco IOS	=15.9\(3\)m4
Cisco IOS	=15.9\(3\)m4a

Never miss a vulnerability like this again

Reference Links

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iox-yuXQ6hFj

Frequently Asked Questions

What is the severity of CVE-2022-20726?
CVE-2022-20726 is rated as critical due to its potential to allow remote code execution on affected Cisco devices.
How do I fix CVE-2022-20726?
To fix CVE-2022-20726, users should update affected devices to the latest Cisco IOS version that addresses this vulnerability.
What platforms are affected by CVE-2022-20726?
CVE-2022-20726 affects multiple Cisco platforms, including the CGR 1000 Compute Module and various versions of Cisco IOS.
How can CVE-2022-20726 be exploited?
Attackers can exploit CVE-2022-20726 by injecting malicious commands into the underlying host operating system of affected devices.
What are the potential impacts of CVE-2022-20726?
The potential impacts of CVE-2022-20726 include unauthorized access, data loss, system compromise, and the ability to execute arbitrary code.

agent/type
agent/author
agent/references
agent/weakness
agent/severity
agent/title
agent/description
agent/event
agent/first-publish-date
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/source
agent/softwarecombine
agent/tags
collector/nvd-api
agent/software-canonical-lookup-request
collector/nvd-index
vendor/cisco
canonical/cisco cgr 1000 compute module
canonical/cisco ic3000 industrial compute gateway firmware
canonical/cisco ios
version/cisco ios/15.2\(5\)e1
version/cisco ios/15.2\(5\)e2c
version/cisco ios/15.2\(6\)e0a
version/cisco ios/15.2\(6\)e1
version/cisco ios/15.2\(6\)e2a
version/cisco ios/15.2\(7\)e
version/cisco ios/15.2\(7\)e0b
version/cisco ios/15.2\(7\)e0s
version/cisco ios/15.6\(1\)t1
version/cisco ios/15.6\(1\)t2
version/cisco ios/15.6\(1\)t3
version/cisco ios/15.6\(2\)t
version/cisco ios/15.6\(2\)t1
version/cisco ios/15.6\(2\)t2
version/cisco ios/15.6\(2\)t3
version/cisco ios/15.6\(3\)m
version/cisco ios/15.6\(3\)m0a
version/cisco ios/15.6\(3\)m1
version/cisco ios/15.6\(3\)m1b
version/cisco ios/15.6\(3\)m2
version/cisco ios/15.6\(3\)m3
version/cisco ios/15.6\(3\)m3a
version/cisco ios/15.6\(3\)m4
version/cisco ios/15.6\(3\)m5
version/cisco ios/15.6\(3\)m6
version/cisco ios/15.6\(3\)m6a
version/cisco ios/15.6\(3\)m6b
version/cisco ios/15.6\(3\)m7
version/cisco ios/15.6\(3\)m8
version/cisco ios/15.7\(3\)m
version/cisco ios/15.7\(3\)m0a
version/cisco ios/15.7\(3\)m1
version/cisco ios/15.7\(3\)m2
version/cisco ios/15.7\(3\)m3
version/cisco ios/15.7\(3\)m4
version/cisco ios/15.7\(3\)m4a
version/cisco ios/15.7\(3\)m4b
version/cisco ios/15.7\(3\)m5
version/cisco ios/15.7\(3\)m6
version/cisco ios/15.8\(3\)m
version/cisco ios/15.8\(3\)m0a
version/cisco ios/15.8\(3\)m1
version/cisco ios/15.8\(3\)m2
version/cisco ios/15.8\(3\)m2a
version/cisco ios/15.8\(3\)m3
version/cisco ios/15.8\(3\)m4
version/cisco ios/15.8\(3\)m5
version/cisco ios/15.8\(3\)m6
version/cisco ios/15.8\(3\)m7
version/cisco ios/15.9\(3\)m
version/cisco ios/15.9\(3\)m1
version/cisco ios/15.9\(3\)m2
version/cisco ios/15.9\(3\)m2a
version/cisco ios/15.9\(3\)m3
version/cisco ios/15.9\(3\)m4
version/cisco ios/15.9\(3\)m4a