Published: 06/04/2022 Updated: 07/11/2023

CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 642

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

A vulnerability in the Common Execution Environment (CEE) ConfD CLI of Cisco Ultra Cloud Core - Subscriber Microservices Infrastructure (SMI) software could allow an authenticated, local malicious user to escalate privileges on an affected device. This vulnerability is due to insufficient access control in the affected CLI. An attacker could exploit this vulnerability by authenticating as a CEE ConfD CLI user and executing a specific CLI command. A successful exploit could allow an malicious user to access privileged containers with root privileges.

Vulnerable Product	Search on Vulmon	Subscribe to Product
cisco ultra cloud core - subscriber microservices infrastructure

A vulnerability in the Common Execution Environment (CEE) ConfD CLI of Cisco Ultra Cloud Core - Subscriber Microservices Infrastructure (SMI) software could allow an authenticated, local attacker to escalate privileges on an affected device This vulnerability is due to insufficient access control in the affected CLI An attacker could exploit this ...

NVD-CWE-Other https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-uccsmi-prvesc-BQHGe4cm https://nvd.nist.gov https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-uccsmi-prvesc-BQHGe4cm

CVE-2022-20762

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect