20220928 Cisco IOS XE Software for Embedded Wireless Controllers on Catalyst Access Points Privilege Escalation Vulnerability

According to its self-reported version, Cisco IOS-XE Software is affected by a vulnerability.

  - A vulnerability in the self-healing functionality of Cisco IOS XE Software for Embedded Wireless     Controllers on Catalyst Access Points could allow an authenticated, local attacker to escape the     restricted controller shell and execute arbitrary commands on the underlying operating system of the     access point. This vulnerability is due to improper checks throughout the restart of certain system     processes. An attacker could exploit this vulnerability by logging on to an affected device and executing     certain CLI commands. A successful exploit could allow the attacker to execute arbitrary commands on the     underlying OS as root. To successfully exploit this vulnerability, an attacker would need valid     credentials for a privilege level 15 user of the wireless controller. (CVE-2022-20855)

Please see the included Cisco BIDs and Cisco Security Advisory for more information.

CVE-2022-20855

medium

Tenable Plugins

medium