How severe is CVE-2022-20799?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.2 out of 10.

What type of vulnerability is CVE-2022-20799?

This is classified as CWE-77, which is a common weakness in software security.

CVE-2022-20799 - HIGH Severity | CVSS 7.2

Vulnerability Description

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV340 and RV345 Routers could allow an authenticated, remote attacker to inject and execute arbitrary commands on the underlying operating system of an affected device. These vulnerabilities are due to insufficient validation of user-supplied input. An attacker could exploit these vulnerabilities by sending malicious input to an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system of the affected device. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device.

Related Vulnerabilities

CVE-2015-4046

HIGH

CVSS:7.2(High)

The asset discovery scanner in AlienVault OSSIM before 5.0.1 allows remote authenticated users to execute arbitrary commands via the assets array parameter to netscan/do_scan.php.

CWE-772015

CVE-2016-6656

HIGH

CVSS:7.2(High)

An issue was discovered in Pivotal Greenplum before 4.3.10.0. Creation of external tables using GPHDFS protocol has a vulnerability whereby arbitrary commands can be injected into the system. In order...

CWE-772016

CVE-2016-8801

HIGH

CVSS:7.2(High)

Huawei OceanStor 5600 V3 with V300R003C00C10 and earlier versions allows attackers with administrator privilege to inject a command into a specific command's parameters, and run this injected command ...

CWE-772016

CVE-2016-9553

HIGH

CVSS:7.2(High)

The Sophos Web Appliance (version 4.2.1.3) is vulnerable to two Remote Command Injection vulnerabilities affecting its web administrative interface. These vulnerabilities occur in the MgrReport.php (/...

CWE-772016

CVE-2016-9554

HIGH

CVSS:7.2(High)

The Sophos Web Appliance Remote / Secure Web Gateway server (version 4.2.1.3) is vulnerable to a Remote Command Injection vulnerability in its web administrative interface. These vulnerabilities occur...

CWE-772016

CVE-2017-12075

HIGH

CVSS:7.2(High)

Command injection vulnerability in EZ-Internet in Synology DiskStation Manager (DSM) before 6.2-23739 allows remote authenticated users to execute arbitrary command via the username parameter.

CWE-772017