Cisco Crosswork
CVE-2026-20220
MEDIUM
Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Network vector via web interface, low complexity once credentials held; PR:L reflects mandatory write-permissioned template account; limited C/I/A due to scoped filesystem access.
Primary rating from Vendor (cisco).
CVSS VectorVendor: cisco
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Lifecycle Timeline
2DescriptionCVE.org
A vulnerability in the web-based management interface of Cisco Crosswork Network Controller could allow an authenticated, remote attacker to execute arbitrary commands on an affected device.
This vulnerability is due to insufficient input validation in the configuration template engine of the web-based management interface. An attacker could exploit this vulnerability by sending a crafted request to the affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system in limited areas of the file system. This vulnerability affects only areas of the operating system for which the template user has write permissions. To exploit this vulnerability, the attacker must have valid template user credentials with write permissions. Template users with read permissions cannot exploit this vulnerability.
AnalysisAI
Authenticated remote OS command injection in Cisco Crosswork Network Controller's web-based management interface allows a threat actor holding valid template user credentials with write permissions to execute arbitrary commands on the underlying operating system. The flaw resides in the configuration template engine, which fails to adequately validate attacker-supplied input before processing it, enabling CWE-74 injection. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires valid Cisco Crosswork template user credentials specifically assigned write permissions - template users with read-only permissions are explicitly confirmed not exploitable. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The vendor-assigned CVSS 3.1 score of 6.3 (Medium) with vector AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L is internally consistent and proportionate given the authentication requirement. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker who has obtained valid Cisco Crosswork template user credentials with write permissions - through phishing, credential reuse, or insider access - logs into the web-based management interface and submits a crafted HTTP request containing template injection payloads targeting the configuration template engine. The unsanitized input is processed by the template engine and passed to the underlying OS command interpreter, resulting in execution of attacker-controlled commands within the filesystem areas accessible to the template user. … |
| Remediation | Consult the Cisco Security Advisory cisco-sa-cnc-inj-QNMeEmxk at https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cnc-inj-QNMeEmxk for exact fixed software versions and upgrade instructions, as no specific patched version was enumerated in the available intelligence data - patch availability is confirmed per vendor advisory but the precise fix version must be obtained from Cisco directly. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today