VDB

CISCO-SA-VIM-PRIVESC-T2TSFUF

CISCO-SA-VIM-PRIVESC-T2TSFUF PUBLISHED CVSS 7.800000190734863 HIGH

A vulnerability in the configuration file protections of Cisco Virtualized Infrastructure Manager (VIM) could allow an authenticated, local attacker to access confidential information and elevate privileges on an affected device. This vulnerability is due to improper access permissions for certain configuration files. An attacker with low-privileged credentials could exploit this vulnerability by accessing an affected device and reading the affected configuration files. A successful exploit could allow the attacker to obtain internal database credentials, which the attacker could use to view and modify the contents of the database. The attacker could use this access to the database to elevate privileges on the affected device. Cisco has released software updates that address this vulnerability. There are workarounds that address this vulnerability.

Risk Scores

CVSS 3.1
7.800000190734863
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products

VendorProductVersions
Cisco Virtualized Infrastructure Manager

Timeline

  • Apr 20, 2022 CVE Published
Open in Interactive Console →
$ Console Community · 100/wk Open console ›