First published: Thu Apr 21 2022(Updated: )
A vulnerability in the configuration file protections of Cisco Virtualized Infrastructure Manager (VIM) could allow an authenticated, local attacker to access confidential information and elevate privileges on an affected device. This vulnerability is due to improper access permissions for certain configuration files. An attacker with low-privileged credentials could exploit this vulnerability by accessing an affected device and reading the affected configuration files. A successful exploit could allow the attacker to obtain internal database credentials, which the attacker could use to view and modify the contents of the database. The attacker could use this access to the database to elevate privileges on the affected device.
Credit: ykramarz@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Cisco Virtualized Infrastructure Manager | <4.2.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Vulnerability CVE-2022-20732 is a vulnerability in the configuration file protections of Cisco Virtualized Infrastructure Manager (VIM) that could allow an authenticated, local attacker to access confidential information and elevate privileges on an affected device.
The severity of vulnerability CVE-2022-20732 is high with a CVSS score of 7.8.
The Cisco Virtualized Infrastructure Manager (VIM) version up to and exclusive of 4.2.2 is affected by vulnerability CVE-2022-20732.
Vulnerability CVE-2022-20732 is associated with CWE IDs 276 and 284.
To fix vulnerability CVE-2022-20732, users should update to a version of Cisco Virtualized Infrastructure Manager (VIM) that is above 4.2.2.