How severe is CVE-2022-20906?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.7 out of 10.

What type of vulnerability is CVE-2022-20906?

This is classified as CWE-367, which is a common weakness in software security.

CVE-2022-20906 - MEDIUM Severity | CVSS 6.7

Vulnerability Description

Multiple vulnerabilities in Cisco Nexus Dashboard could allow an authenticated, local attacker to elevate privileges on an affected device. These vulnerabilities are due to insufficient input validation during CLI command execution on an affected device. An attacker could exploit these vulnerabilities by authenticating as the rescue-user and executing vulnerable CLI commands using a malicious payload. A successful exploit could allow the attacker to elevate privileges to root on an affected device.

Related Vulnerabilities

CVE-2020-0003

MEDIUM

CVSS:6.7(Medium)

In onCreate of InstallStart.java, there is a possible package validation bypass due to a time-of-check time-of-use vulnerability. This could lead to local escalation of privilege with no additional ex...

CWE-3672020

CVE-2020-8354

MEDIUM

CVSS:6.7(Medium)

A potential vulnerability in the SMI callback function used in the VariableServiceSmm driver in some Lenovo Notebook models may allow arbitrary code execution.

CWE-3672020

CVE-2021-0897

MEDIUM

CVSS:6.7(Medium)

In apusys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not need...

CWE-3672021

CVE-2021-1567

MEDIUM

CVSS:6.7(Medium)

A vulnerability in the DLL loading mechanism of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack on an affected device...

CWE-3672021

CVE-2022-20907

MEDIUM

CVSS:6.7(Medium)

CWE-3672022

CVE-2022-20908

MEDIUM

CVSS:6.7(Medium)

CWE-3672022