How severe is CVE-2022-20962?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.8 out of 10.

What type of vulnerability is CVE-2022-20962?

This is classified as CWE-37, which is a common weakness in software security.

CVE-2022-20962 - HIGH Severity | CVSS 8.8

Vulnerability Description

A vulnerability in the Localdisk Management feature of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to make unauthorized changes to the file system of an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted HTTP request with absolute path sequences. A successful exploit could allow the attacker to upload malicious files to arbitrary locations within the file system. Using this method, it is possible to access the underlying operating system and execute commands with system privileges.

Related Vulnerabilities

CVE-2022-25347

HIGH

CVSS:7.5(High)

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) is vulnerable to path traversal attacks, which may allow an attacker to write arbitrary files to locations on the file system.

CWE-372022

CVE-2022-25347

HIGH

CVSS:7.5(High)

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) is vulnerable to path traversal attacks, which may allow an attacker to write arbitrary files to locations on the file system.

CWE-372022

CVE-2023-20077

MEDIUM

CVSS:6.5(Medium)

Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to download arbitrary files from the filesystem of ...

CWE-372023

CVE-2023-20087

MEDIUM

CVSS:6.5(Medium)

CWE-372023

CVE-2018-10498

MEDIUM

CVSS:5.5(Medium)

This vulnerability allows local attackers to disclose sensitive information on vulnerable installations of Samsung Email Fixed in version 5.0.02.16. An attacker must first obtain the ability to execut...

CWE-372018

CVE-2024-12806

MEDIUM

CVSS:4.9(Medium)

A post-authentication absolute path traversal vulnerability in SonicOS management allows a remote attacker to read an arbitrary file.

CWE-372024