CVE-2022-20921
First published: Thu Aug 25 2022(Updated: )
A vulnerability in the API implementation of Cisco ACI Multi-Site Orchestrator (MSO) could allow an authenticated, remote attacker to elevate privileges on an affected device. This vulnerability is due to improper authorization on specific APIs. An attacker could exploit this vulnerability by sending crafted HTTP requests. A successful exploit could allow an attacker who is authenticated with non-Administrator privileges to elevate to Administrator privileges on an affected device.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco ACI Multi-Site Orchestrator | <3.1\(1n\) |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this Cisco ACI Multi-Site Orchestrator vulnerability?
The vulnerability ID for this Cisco ACI Multi-Site Orchestrator vulnerability is CVE-2022-20921.
What is the severity of CVE-2022-20921?
The severity rating for CVE-2022-20921 is high, with a CVSS score of 8.8.
What is the affected software for CVE-2022-20921?
The affected software for CVE-2022-20921 is Cisco ACI Multi-Site Orchestrator version up to 3.1(1n).
How can an attacker exploit CVE-2022-20921?
An attacker can exploit CVE-2022-20921 by sending malicious requests to specific APIs, allowing them to elevate privileges on the affected device.
Where can I find more information about CVE-2022-20921?
You can find more information about CVE-2022-20921 in the Cisco Security Advisory at https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-mso-prvesc-BPFp9cZs.
- collector/nvd-index
- vendor/cisco
- canonical/cisco aci multi-site orchestrator