How severe is CVE-2022-20649?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.1 out of 10.

What type of vulnerability is CVE-2022-20649?

This is classified as CWE-489, which is a common weakness in software security.

CVE-2022-20649 - HIGH Severity | CVSS 8.1

Vulnerability Description

A vulnerability in Cisco RCM for Cisco StarOS Software could allow an unauthenticated, remote attacker to perform remote code execution on the application with root-level privileges in the context of the configured container. This vulnerability exists because the debug mode is incorrectly enabled for specific services. An attacker could exploit this vulnerability by connecting to the device and navigating to the service with debug mode enabled. A successful exploit could allow the attacker to execute arbitrary commands as the root user. The attacker would need to perform detailed reconnaissance to allow for unauthenticated access. The vulnerability can also be exploited by an authenticated attacker. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

Related Vulnerabilities

CVE-2018-5454

HIGH

CVSS:8.1(High)

Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have a vulnerability where code debugging methods are enabled, which could allow an attacker to remotely execute arbitrary code during runt...

CWE-4892018

CVE-2022-29520

HIGH

CVSS:8.1(High)

An OS command injection vulnerability exists in the console_main_loop :sys functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z. A specially-crafted XCMD can lead to arbitrary comman...

CWE-4892022

CVE-2022-32760

HIGH

CVSS:8.6(High)

A denial of service vulnerability exists in the XCMD doDebug functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted XCMD can lead to denial of service. An...

CWE-4892022

CVE-2023-1618

HIGH

CVSS:8.6(High)

Active Debug Code vulnerability in Mitsubishi Electric Corporation MELSEC WS Series WS0-GETH00200 Serial number 2310 **** and prior allows a remote unauthenticated attacker to bypass authentication an...

CWE-4892023

CVE-2022-33323

HIGH

CVSS:7.5(High)

Active Debug Code vulnerability in robot controller of Mitsubishi Electric Corporation industrial robot MELFA SD/SQ Series and MELFA F-Series allows a remote unauthenticated attacker to gain unauthori...

CWE-4892022

CVE-2024-29511

HIGH

CVSS:7.5(High)

Artifex Ghostscript before 10.03.1, when Tesseract is used for OCR, has a directory traversal issue that allows arbitrary file reading (and writing of error messages to arbitrary files) via OCRLanguag...

CWE-4892024