CVE-2022-20732 HIGH

CVE-2022-20732: Cisco Virtualized Infrastructure Manager Privilege Escalation Vulnerability

Vendor Cisco
Product Cisco Virtualized Infrastructure Manager
Weakness CWE-284
Published April 21, 2022
Last update November 6, 2024
View on NVD All CVEs

CVSS base score

7.8/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

A vulnerability in the configuration file protections of Cisco Virtualized Infrastructure Manager (VIM) could allow an authenticated, local attacker to access confidential information and elevate privileges on an affected device. This vulnerability is due to improper access permissions for certain configuration files. An attacker with low-privileged credentials could exploit this vulnerability by accessing an affected device and reading the affected configuration files. A successful exploit could allow the attacker to obtain internal database credentials, which the attacker could use to view and modify the contents of the database. The attacker could use this access to the database to elevate privileges on the affected device.

Key dates

02Disclosure timeline

April 21, 2022 CVE published
November 6, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2026-32220 UEFI Secure Boot Security Feature Bypass Vulnerability CVE-2024-21666 Pimcore Customer Data Framework Improper Access Control allows unprivileged user to access customers duplicates list CVE-2021-21020 Magento Commerce Improper Access Control Vulnerability CVE-2024-1088 Password Protected Store for WooCommerce <= 2.2 - Information Exposure via REST API CVE-2020-3284 Cisco IOS XR Software Enhanced Preboot eXecution Environment Unsigned Code Execution Vulnerability