How severe is CVE-2022-20658?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.6 out of 10.

What type of vulnerability is CVE-2022-20658?

This is classified as CWE-602, which is a common weakness in software security.

CVE-2022-20658

CRITICAL Year: 2022

CVSS v3 Score

9.6

Critical

CVSS v2 Score

8.5

High

Weakness Type

CWE-602

View all →

Vulnerability Description

A vulnerability in the web-based management interface of Cisco Unified Contact Center Management Portal (Unified CCMP) and Cisco Unified Contact Center Domain Manager (Unified CCDM) could allow an authenticated, remote attacker to elevate their privileges to Administrator. This vulnerability is due to the lack of server-side validation of user permissions. An attacker could exploit this vulnerability by submitting a crafted HTTP request to a vulnerable system. A successful exploit could allow the attacker to create Administrator accounts. With these accounts, the attacker could access and modify telephony and user resources across all the Unified platforms that are associated to the vulnerable Cisco Unified CCMP. To successfully exploit this vulnerability, an attacker would need valid Advanced User credentials.

CVE-2023-0750

CRITICAL

CVSS:9.8(Critical)

Yellobrik PEC-1864 implements authentication checks via javascript in the frontend interface. When the device can be accessed over the network an attacker could bypass authentication. This would allow...

CWE-6022023

CVE-2025-27681

CRITICAL

CVSS:9.8(Critical)

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 1.0.735 Application 20.0.1330 mishandles Client Inter-process Security V-2022-004.

CWE-6022025

CVE-2025-32469

CRITICAL

CVSS:9.9(Critical)

A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.5), RUGGEDCOM ROX MX5000RE (All versions < V2.16.5), RUGGEDCOM ROX RX1400 (All versions < V2.16.5), RUGGEDCOM ROX RX15...

CWE-6022025

CVE-2025-33024

CRITICAL

CVSS:9.9(Critical)

CWE-6022025

CVE-2025-33025

CRITICAL

CVSS:9.9(Critical)

CWE-6022025

CVE-2022-1525

CRITICAL

CVSS:9.1(Critical)

The Cognex 3D-A1000 Dimensioning System in firmware version 1.0.3 (3354) and prior is vulnerable to CWE-602: Client-Side Enforcement of Server-Side Security, which could allow attackers to bypass web ...

CWE-6022022

CVE-2022-20658

Vulnerability Description

Related Vulnerabilities

CVE-2023-0750

CVE-2025-27681

CVE-2025-32469

CVE-2025-33024

CVE-2025-33025

CVE-2022-1525