VDB
CVE-2022-20762
CVE-2022-20762
PUBLISHED
CVSS 7.800000190734863 HIGH
A vulnerability in the Common Execution Environment (CEE) ConfD CLI of Cisco Ultra Cloud Core - Subscriber Microservices Infrastructure (SMI) software could allow an authenticated, local attacker to escalate privileges on an affected device. This vulnerability is due to insufficient access control in the affected CLI. An attacker could exploit this vulnerability by authenticating as a CEE ConfD CLI user and executing a specific CLI command. A successful exploit could allow an attacker to access privileged containers with root privileges.
EPSS 0.05% · 14.8th percentile
Risk Scores
CVSS 3.1
7.800000190734863
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
0.05%
14.8th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Cisco Ultra Cloud Core - Subscriber Microservices Infrastructure | n/a |
| cisco | ultra_cloud_core_-_subscriber_microservices_infrastructure | 2020.02.2.0, 2020.02.6.0 |
Exploit Intelligence
Timeline
- Apr 6, 2022 CVE Published
- Apr 9, 2022 EPSS Score
- Apr 15, 2022 EPSS Score
- May 29, 2022 EPSS Score
- Jul 20, 2022 EPSS Score
- Sep 8, 2022 EPSS Score
- Oct 29, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 6, 2023 EPSS Score
- Mar 29, 2023 EPSS Score
- May 18, 2023 EPSS Score
- Jul 7, 2023 EPSS Score
References
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-uccsmi-prvesc-BQHGe4cm advisory
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-dos-JLh9TxBp advisory
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-filewrite-87Q5YRk advisory
- https://nvd.nist.gov/vuln/detail/CVE-2022-20762 advisory