CVE-2022-20732 — Vulnetix

CVE-2022-20732 PUBLISHED CVSS 7.800000190734863 HIGH

A vulnerability in the configuration file protections of Cisco Virtualized Infrastructure Manager (VIM) could allow an authenticated, local attacker to access confidential information and elevate privileges on an affected device. This vulnerability is due to improper access permissions for certain configuration files. An attacker with low-privileged credentials could exploit this vulnerability by accessing an affected device and reading the affected configuration files. A successful exploit could allow the attacker to obtain internal database credentials, which the attacker could use to view and modify the contents of the database. The attacker could use this access to the database to elevate privileges on the affected device.

EPSS 0.12% · 30.5th percentile

Risk Scores

CVSS 3.1

7.800000190734863

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score

0.12%

30.5th percentile

Affected Products

Vendor	Product	Versions
cisco	virtualized_infrastructure_manager	0
Cisco	Cisco Virtualized Infrastructure Manager	n/a

Exploit Intelligence

20220420 Cisco Virtualized Infrastructure Manager Privilege Escalation Vulnerability (circl)
nids_rules.yar (github-yara)
nids_rules.yar (github-yara)
nids_rules.yar (github-yara)
nids_rules.yar (github-yara)
Spring4Shell.yara (github-yara)
Spring4Shell.yara (github-yara)
Spring4Shell.yara (github-yara)
Spring4Shell.yara (github-yara)
spring_core_rce.yara (github-yara)

…and 15 more exploits

Timeline

Apr 7, 2022 PoC Published
Apr 21, 2022 CVE Published
Apr 22, 2022 EPSS Score
Jun 11, 2022 EPSS Score
Aug 1, 2022 EPSS Score
Sep 20, 2022 EPSS Score
Nov 9, 2022 EPSS Score
Dec 29, 2022 EPSS Score
Feb 17, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Apr 8, 2023 EPSS Score
May 27, 2023 EPSS Score

References

Open in Interactive Console →