CVE-2022-20762

Published: Apr 6, 2022Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

A vulnerability in the Common Execution Environment (CEE) ConfD CLI of Cisco Ultra Cloud Core - Subscriber Microservices Infrastructure (SMI) software could allow an authenticated, local attacker to escalate privileges on an affected device. This vulnerability is due to insufficient access control in the affected CLI. An attacker could exploit this vulnerability by authenticating as a CEE ConfD CLI user and executing a specific CLI command. A successful exploit could allow an attacker to access privileged containers with root privileges.

Affected (2)

Products: Cisco: Ultra Cloud Core Subscriber Microservices Infrastructure

Cisco

1 product

Ultra Cloud Core Subscriber Microservices Infrastructure

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Cisco Ultra Cloud Core Subscriber Microservices Infrastructure	From 2020.02.2.0 to 2020.02.2.47
Cisco Ultra Cloud Core Subscriber Microservices Infrastructure	From 2020.02.6.0 to 2020.02.7.07

Related CWEs

CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (2)

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-uccsmi-prvesc-BQHGe4cm

Source: psirt@cisco.com

Vendor Advisory

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-uccsmi-prvesc-BQHGe4cm

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.