CVE-2022-20762 HIGH

CVE-2022-20762: Cisco Ultra Cloud Core - Subscriber Microservices Infrastructure Privilege Escalation Vulnerability

Vendor Cisco

Product Cisco Ultra Cloud Core - Subscriber Microservices Infrastructure

Weakness CWE-284

Published April 6, 2022

Last update November 6, 2024

View on NVD All CVEs

CVSS base score

7.8/10

Attack vector Local

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

A vulnerability in the Common Execution Environment (CEE) ConfD CLI of Cisco Ultra Cloud Core - Subscriber Microservices Infrastructure (SMI) software could allow an authenticated, local attacker to escalate privileges on an affected device. This vulnerability is due to insufficient access control in the affected CLI. An attacker could exploit this vulnerability by authenticating as a CEE ConfD CLI user and executing a specific CLI command. A successful exploit could allow an attacker to access privileged containers with root privileges.

Key dates

02Disclosure timeline

April 6, 2022 CVE published

November 6, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-20762 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/284.html

Related vulnerabilities

Identifiers

CVE CVE-2022-20762

CWE CWE-284

CVSS 7.8 / HIGH

Affected versions