CVE-2022-20929

CWE-34731 documents4 sources

Severity

7.8HIGH

EPSS

0.3%

top 46.87%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Enterprise NFV Infrastructure Software Cisco Cisco Enterprise NFV Infrastructure Software

Timeline

Latest updateMar 8

PublishedMar 10

Description

A vulnerability in the upgrade signature verification of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an unauthenticated, local attacker to provide an unauthentic upgrade file for upload. This vulnerability is due to insufficient cryptographic signature verification of upgrade files. An attacker could exploit this vulnerability by providing an administrator with an unauthentic upgrade file. A successful exploit could allow the attacker to fully compromise the Cisco NFVIS syst…

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

▶NVDcisco/enterprise_nfv_infrastructure_software3.5.1 — 4.9.1

▶CVEListV5cisco/cisco_enterprise_nfv_infrastructure_software33 versions+32

🔴Vulnerability Details

CVEList

CVE-2022-20929: A vulnerability in the upgrade signature verification of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an unauthenticated, local at↗2023-03-08

▶

📋Vendor Advisories

Cisco

Cisco Enterprise NFV Infrastructure Software Improper Signature Verification Vulnerability↗2022-10-05

▶