How severe is CVE-2022-20676?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.7 out of 10.

What type of vulnerability is CVE-2022-20676?

This is classified as CWE-250, which is a common weakness in software security.

CVE-2022-20676 - MEDIUM Severity | CVSS 6.7

Vulnerability Description

A vulnerability in the Tool Command Language (Tcl) interpreter of Cisco IOS XE Software could allow an authenticated, local attacker to escalate from privilege level 15 to root-level privileges. This vulnerability is due to insufficient input validation of data that is passed into the Tcl interpreter. An attacker could exploit this vulnerability by loading malicious Tcl code on an affected device. A successful exploit could allow the attacker to execute arbitrary commands as root. By default, Tcl shell access requires privilege level 15.

Related Vulnerabilities

CVE-2023-6006

MEDIUM

CVSS:6.7(Medium)

This vulnerability potentially allows local attackers to escalate privileges on affected installations of PaperCut NG. An attacker must have local write access to the C Drive. In addition, Print Archi...

CWE-2502023

CVE-2024-25967

MEDIUM

CVSS:6.7(Medium)

Dell PowerScale OneFS versions 8.2.x through 9.7.0.1 contains an execution with unnecessary privileges vulnerability. A local high privileged attacker could potentially exploit this vulnerability, lea...

CWE-2502024

CVE-2024-27146

MEDIUM

CVSS:6.7(Medium)

The Toshiba printers do not implement privileges separation. As for the affected products/models/versions, see the reference URL.

CWE-2502024

CVE-2025-3364

MEDIUM

CVSS:6.7(Medium)

The SSH service of PowerStation from HGiga has a Chroot Escape vulnerability, allowing attackers with root privileges to bypass chroot restrictions and access the entire file system.

CWE-2502025

CVE-2020-10290

MEDIUM

CVSS:6.8(Medium)

Universal Robots controller execute URCaps (zip files containing Java-powered applications) without any permission restrictions and a wide API that presents many primitives that can compromise the ove...

CWE-2502020

CVE-2022-1744

MEDIUM

CVSS:6.8(Medium)

Applications on the tested version of Dominion Voting Systems ImageCast X can execute code with elevated privileges by exploiting a system level service. An attacker could leverage this vulnerability ...

CWE-2502022