How severe is CVE-2022-20864?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.6 out of 10.

What type of vulnerability is CVE-2022-20864?

This is classified as CWE-538, which is a common weakness in software security.

CVE-2022-20864 - MEDIUM Severity | CVSS 4.6

Vulnerability Description

A vulnerability in the password-recovery disable feature of Cisco IOS XE ROM Monitor (ROMMON) Software for Cisco Catalyst Switches could allow an unauthenticated, local attacker to recover the configuration or reset the enable password. This vulnerability is due to a problem with the file and boot variable permissions in ROMMON. An attacker could exploit this vulnerability by rebooting the switch into ROMMON and entering specific commands through the console. A successful exploit could allow the attacker to read any file or reset the enable password.

Related Vulnerabilities

CVE-2018-4847

MEDIUM

CVSS:4.6(Medium)

A vulnerability has been identified in SIMATIC WinCC OA Operator iOS App (All versions < V1.4). Insufficient protection of sensitive information (e.g. session key for accessing server) in Siemens WinC...

CWE-5382018

CVE-2022-43933

MEDIUM

CVSS:4.4(Medium)

An information exposure through log file vulnerability exists in Brocade SANnav before Brocade SANnav 2.2.2, where configuration secrets are logged in supportsave. Supportsave file is generated by an ...

CWE-5382022

CVE-2018-16970

MEDIUM

CVSS:4.3(Medium)

Wisetail Learning Ecosystem (LE) through v4.11.6 allows insecure direct object reference (IDOR) attacks to download non-purchased course files via a modified id parameter.

CWE-5382018

CVE-2019-10320

MEDIUM

CVSS:4.3(Medium)

Jenkins Credentials Plugin 2.1.18 and earlier allowed users with permission to create or update credentials to confirm the existence of files on the Jenkins master with an attacker-specified path, and...

CWE-5382019

CVE-2019-12623

MEDIUM

CVSS:4.3(Medium)

A vulnerability in the web server functionality of Cisco Enterprise Network Functions Virtualization Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to perform file enume...

CWE-5382019

CVE-2021-1406

MEDIUM

CVSS:4.9(Medium)

A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker ...

CWE-5382021