How severe is CVE-2022-20774?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.1 out of 10.

What type of vulnerability is CVE-2022-20774?

This is classified as CWE-345, which is a common weakness in software security.

CVE-2022-20774

HIGH Year: 2022

CVSS v3 Score

8.1

High

CVSS v2 Score

4.9

Medium

Weakness Type

CWE-345

View all →

Vulnerability Description

A vulnerability in the web-based management interface of Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against a user of the web-based interface of an affected system. This vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading an authenticated user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform configuration changes on the affected device, resulting in a denial of service (DoS) condition.

CVE-2016-2346

HIGH

CVSS:8.1(High)

Allround Automations PL/SQL Developer 11 before 11.0.6 relies on unverified HTTP data for updates, which allows man-in-the-middle attackers to execute arbitrary code by modifying fields in the client-...

CWE-3452016

CVE-2017-11103

HIGH

CVSS:8.1(High)

Heimdal before 7.4 allows remote attackers to impersonate services with Orpheus' Lyre attacks because it obtains service-principal names in a way that violates the Kerberos 5 protocol specification. I...

CWE-3452017

CVE-2017-11130

HIGH

CVSS:8.1(High)

An issue was discovered in heinekingmedia StashCat through 1.7.5 for Android, through 0.0.80w for Web, and through 0.0.86 for Desktop. The product's protocol only tries to ensure confidentiality. In t...

CWE-3452017

CVE-2017-17023

HIGH

CVSS:8.1(High)

The Sophos UTM VPN endpoint interacts with client software provided by NPC Engineering (www.ncp-e.com). The affected client software, "Sophos IPSec Client" 11.04 is a rebranded version of NCP "Secure ...

CWE-3452017

CVE-2017-2667

HIGH

CVSS:8.1(High)

Hammer CLI, a CLI utility for Foreman, before version 0.10.0, did not explicitly set the verify_ssl flag for apipie-bindings that disable it by default. As a result the server certificates are not che...

CWE-3452017

CVE-2018-12333

HIGH

CVSS:8.1(High)

Insufficient Verification of Data Authenticity vulnerability in ECOS Secure Boot Stick (aka SBS) 5.6.5 allows an attacker to manipulate security relevant configurations and execute malicious code.

CWE-3452018

CVE-2022-20774

Vulnerability Description

Related Vulnerabilities

CVE-2016-2346

CVE-2017-11103

CVE-2017-11130

CVE-2017-17023

CVE-2017-2667

CVE-2018-12333