Cisco Tetration Vulnerability Allowing Arbitrary Command Execution
CVE-2022-20652

6.5MEDIUM

Key Information:

Vendor: Cisco
Status: Cisco Secure Workload
Vendor: CVE Published:; 15 November 2024

Summary

A security flaw in the web-based management interface and API subsystem of Cisco Tetration enables an authenticated, remote attacker to inject arbitrary commands that execute with root-level privileges on the underlying operating system. Due to insufficient input validation, an attacker can craft a malicious HTTP message targeting the vulnerable system. Successful exploitation of this issue requires valid administrator-level credentials, which allows the attacker to gain control over critical system functions. Cisco has acknowledged the issue and released software updates to remediate the vulnerability, while no effective workarounds are available.

Affected Version(s)

Cisco Secure Workload 2.2.1.41

Cisco Secure Workload 3.2.1.18

Cisco Secure Workload 3.3.2.50

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 15, 2024
Vulnerability Reserved
Nov 2, 2021