Cisco Security Advisory - Cisco Ultra Cloud Core - Subscriber Microservices Infrastructure Privilege Escalation Vulnerability

Started by Netwörkheäd, April 04, 2022, 12:05:54 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions

Netwörkheäd

April 04, 2022, 12:05:54 PM
Cisco Ultra Cloud Core - Subscriber Microservices Infrastructure Privilege Escalation Vulnerability

<p>A vulnerability in the Common Execution Environment (CEE) ConfD CLI of Cisco&nbsp;Ultra Cloud Core - Subscriber Microservices Infrastructure (SMI) software could allow an authenticated, local attacker to escalate privileges on an affected device.</p>
<p>This vulnerability is due to insufficient access control in the affected CLI. An attacker could exploit this vulnerability by authenticating as a CEE ConfD CLI user and executing a specific CLI command. A successful exploit could allow an attacker to access privileged containers with <em>root</em> privileges.</p>
<p>Cisco&nbsp;has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.</p>
<p>This advisory is available at the following link:<br><a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-uccsmi-prvesc-BQHGe4cm" target="_blank">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-uccsmi-prvesc-BQHGe4cm</a></p>

     
         
Security Impact Rating:  High
   
   
       
CVE: CVE-2022-20762
Source: Cisco Ultra Cloud Core - Subscriber Microservices Infrastructure Privilege Escalation Vulnerability
Let's not argue. Let's network!
Print
Go Up Pages1
User actions