Details of VAR-202203-1409

ID

VAR-202203-1409

CVE

CVE-2022-20762

TITLE

Cisco Ultra Cloud Core - Subscriber Microservices Infrastructure Software vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2022-009358

DESCRIPTION

A vulnerability in the Common Execution Environment (CEE) ConfD CLI of Cisco Ultra Cloud Core - Subscriber Microservices Infrastructure (SMI) software could allow an authenticated, local attacker to escalate privileges on an affected device. This vulnerability is due to insufficient access control in the affected CLI. An attacker could exploit this vulnerability by authenticating as a CEE ConfD CLI user and executing a specific CLI command. A successful exploit could allow an attacker to access privileged containers with root privileges. (DoS) It may be in a state

Trust: 1.8

sources: NVD: CVE-2022-20762 // JVNDB: JVNDB-2022-009358 // VULHUB: VHN-405315 // VULMON: CVE-2022-20762

AFFECTED PRODUCTS

vendor:	cisco	model:	ultra cloud core - subscriber microservices infrastructure	scope:	lt	version:	2020.02.7.07	Trust: 1.0
vendor:	cisco	model:	ultra cloud core - subscriber microservices infrastructure	scope:	lt	version:	2020.02.2.47	Trust: 1.0
vendor:	cisco	model:	ultra cloud core - subscriber microservices infrastructure	scope:	gte	version:	2020.02.2.0	Trust: 1.0
vendor:	cisco	model:	ultra cloud core - subscriber microservices infrastructure	scope:	gte	version:	2020.02.6.0	Trust: 1.0
vendor:	シスコシステムズ	model:	cisco ultra cloud core - subscriber microservices infrastructure	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco ultra cloud core - subscriber microservices infrastructure	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2022-009358 // NVD: CVE-2022-20762

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-20762
value:	HIGH
Trust: 1.0
ykramarz@cisco.com:	CVE-2022-20762
value:	HIGH
Trust: 1.0
NVD:	CVE-2022-20762
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202203-104
value:	HIGH
Trust: 0.6
VULHUB:	VHN-405315
value:	HIGH
Trust: 0.1
VULMON:	CVE-2022-20762
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2022-20762
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-405315
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2022-20762
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 2.0
NVD:	CVE-2022-20762
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-405315 // VULMON: CVE-2022-20762 // JVNDB: JVNDB-2022-009358 // CNNVD: CNNVD-202203-104 // NVD: CVE-2022-20762 // NVD: CVE-2022-20762

PROBLEMTYPE DATA

problemtype:	CWE-284	Trust: 1.0
problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	others (CWE-Other) [NVD evaluation ]	Trust: 0.8
problemtype:	CWE-863	Trust: 0.1

sources: VULHUB: VHN-405315 // JVNDB: JVNDB-2022-009358 // NVD: CVE-2022-20762

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202203-104

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202203-104

PATCH

title:	cisco-sa-uccsmi-prvesc-BQHGe4cm	url:	https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-uccsmi-prvesc-BQHGe4cm	Trust: 0.8
title:	Cisco Ultra Cloud Core Fixes for access control error vulnerabilities	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=184424	Trust: 0.6
title:	Cisco: Cisco Ultra Cloud Core - Subscriber Microservices Infrastructure Privilege Escalation Vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-uccsmi-prvesc-BQHGe4cm	Trust: 0.1
title:	CVE-2022-XXXX	url:	https://github.com/AlphabugX/CVE-2022-23305	Trust: 0.1
title:	CVE-2022-XXXX	url:	https://github.com/AlphabugX/CVE-2022-RCE	Trust: 0.1

sources: VULMON: CVE-2022-20762 // JVNDB: JVNDB-2022-009358 // CNNVD: CNNVD-202203-104

EXTERNAL IDS

db:	NVD	id:	CVE-2022-20762	Trust: 3.4
db:	JVNDB	id:	JVNDB-2022-009358	Trust: 0.8
db:	CS-HELP	id:	SB2022030222	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.0888	Trust: 0.6
db:	CNNVD	id:	CNNVD-202203-104	Trust: 0.6
db:	VULHUB	id:	VHN-405315	Trust: 0.1
db:	VULMON	id:	CVE-2022-20762	Trust: 0.1

sources: VULHUB: VHN-405315 // VULMON: CVE-2022-20762 // JVNDB: JVNDB-2022-009358 // CNNVD: CNNVD-202203-104 // NVD: CVE-2022-20762

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-uccsmi-prvesc-bqhge4cm	Trust: 2.5
url:	https://nvd.nist.gov/vuln/detail/cve-2022-20762	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2022-20762/	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022030222	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.0888	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://github.com/alphabugx/cve-2022-23305	Trust: 0.1

sources: VULHUB: VHN-405315 // VULMON: CVE-2022-20762 // JVNDB: JVNDB-2022-009358 // CNNVD: CNNVD-202203-104 // NVD: CVE-2022-20762

SOURCES

db:	VULHUB	id:	VHN-405315
db:	VULMON	id:	CVE-2022-20762
db:	JVNDB	id:	JVNDB-2022-009358
db:	CNNVD	id:	CNNVD-202203-104
db:	NVD	id:	CVE-2022-20762

LAST UPDATE DATE

2024-11-23T22:47:29.014000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-405315	date:	2022-04-14T00:00:00
db:	VULMON	id:	CVE-2022-20762	date:	2023-11-07T00:00:00
db:	JVNDB	id:	JVNDB-2022-009358	date:	2023-08-04T05:53:00
db:	CNNVD	id:	CNNVD-202203-104	date:	2023-07-25T00:00:00
db:	NVD	id:	CVE-2022-20762	date:	2024-11-21T06:43:30.183

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-405315	date:	2022-04-06T00:00:00
db:	VULMON	id:	CVE-2022-20762	date:	2022-04-06T00:00:00
db:	JVNDB	id:	JVNDB-2022-009358	date:	2023-08-04T00:00:00
db:	CNNVD	id:	CNNVD-202203-104	date:	2022-03-02T00:00:00
db:	NVD	id:	CVE-2022-20762	date:	2022-04-06T19:15:08.273