How severe is CVE-2022-20739?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.3 out of 10.

What type of vulnerability is CVE-2022-20739?

This is classified as CWE-269, which is a common weakness in software security.

CVE-2022-20739 - HIGH Severity | CVSS 7.3

Vulnerability Description

A vulnerability in the CLI of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system as the root user. The attacker must be authenticated on the affected system as a low-privileged user to exploit this vulnerability. This vulnerability exists because a file leveraged by a root user is executed when a low-privileged user runs specific commands on an affected system. An attacker could exploit this vulnerability by injecting arbitrary commands to a specific file as a lower-privileged user and then waiting until an admin user executes specific commands. The commands would then be executed on the device by the root user. A successful exploit could allow the attacker to escalate their privileges on the affected system from a low-privileged user to the root user.

Related Vulnerabilities

CVE-2013-2012

HIGH

CVSS:7.3(High)

autojump before 21.5.8 allows local users to gain privileges via a Trojan horse custom_install directory in the current working directory.

CWE-2692013

CVE-2017-14484

HIGH

CVSS:7.3(High)

The Gentoo sci-mathematics/gimps package before 28.10-r1 for Great Internet Mersenne Prime Search (GIMPS) allows local users to gain privileges by creating a hard link under /var/lib/gimps, because an...

CWE-2692017

CVE-2019-11270

HIGH

CVSS:7.3(High)

Cloud Foundry UAA versions prior to v73.4.0 contain a vulnerability where a malicious client possessing the 'clients.write' authority or scope can bypass the restrictions imposed on clients created vi...

CWE-2692019

CVE-2019-11288

HIGH

CVSS:7.3(High)

In Pivotal tc Server, 3.x versions prior to 3.2.19 and 4.x versions prior to 4.0.10, and Pivotal tc Runtimes, 7.x versions prior to 7.0.99.B, 8.x versions prior to 8.5.47.A, and 9.x versions prior to ...

CWE-2692019

CVE-2022-44732

HIGH

CVSS:7.3(High)

Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 39900.

CWE-2692022

CVE-2022-44733

HIGH

CVSS:7.3(High)

Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 39900.

CWE-2692022