CVE-2022-20681Incorrect Privilege Assignment in Cisco IOS XE Software

CWE-266Incorrect Privilege Assignment4 documents4 sources
Severity
7.8HIGHNVD
EPSS
0.1%
top 69.75%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco IOS XE SoftwareCisco IOS XE
Timeline
PublishedApr 15
Latest updateApr 16

Description

A vulnerability in the CLI of Cisco IOS XE Software for Cisco Catalyst 9000 Family Switches and Cisco Catalyst 9000 Family Wireless Controllers could allow an authenticated, local attacker to elevate privileges to level 15 on an affected device. This vulnerability is due to insufficient validation of user privileges after the user executes certain CLI commands. An attacker could exploit this vulnerability by logging in to an affected device as a low-privileged user and then executing certain CLI

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

NVDcisco/ios_xe67 versions+66

🔴Vulnerability Details

2
GHSA
GHSA-m8cx-f5qj-q68r: A vulnerability in the CLI of Cisco IOS XE Software for Cisco Catalyst 9000 Family Switches and Cisco Catalyst 9000 Family Wireless Controllers could2022-04-16
CVEList
Cisco IOS XE Software for Cisco Catalyst 9000 Family Switches and Catalyst 9000 Family Wireless Controllers Privilege Escalation Vulnerability2022-04-15

📋Vendor Advisories

1
Cisco
Cisco IOS XE Software for Cisco Catalyst 9000 Family Switches and Catalyst 9000 Family Wireless Controllers Privilege Escalation Vulnerability2022-04-13
CVE-2022-20681 — Incorrect Privilege Assignment | cvebase