How severe is CVE-2022-20759?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.8 out of 10.

What type of vulnerability is CVE-2022-20759?

This is classified as CWE-266, which is a common weakness in software security.

CVE-2022-20759

HIGH Year: 2022

CVSS v3 Score

8.8

High

CVSS v2 Score

8.5

High

Weakness Type

CWE-266

View all →

Vulnerability Description

A vulnerability in the web services interface for remote access VPN features of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, but unprivileged, remote attacker to elevate privileges to level 15. This vulnerability is due to improper separation of authentication and authorization scopes. An attacker could exploit this vulnerability by sending crafted HTTPS messages to the web services interface of an affected device. A successful exploit could allow the attacker to gain privilege level 15 access to the web management interface of the device. This includes privilege level 15 access to the device using management tools like the Cisco Adaptive Security Device Manager (ASDM) or the Cisco Security Manager (CSM). Note: With Cisco FTD Software, the impact is lower than the CVSS score suggests because the affected web management interface allows for read access only.

CVE-2020-7009

HIGH

CVSS:8.8(High)

Elasticsearch versions from 6.7.0 before 6.8.8 and 7.0.0 before 7.6.2 contain a privilege escalation flaw if an attacker is able to create API keys. An attacker who is able to generate an API key can ...

CWE-2662020

CVE-2020-7014

HIGH

CVSS:8.8(High)

The fix for CVE-2020-7009 was found to be incomplete. Elasticsearch versions from 6.7.0 to 6.8.7 and 7.0.0 to 7.6.1 contain a privilege escalation flaw if an attacker is able to create API keys and al...

CWE-2662020

CVE-2020-7018

HIGH

CVSS:8.8(High)

Elastic Enterprise Search before 7.9.0 contain a credential exposure flaw in the App Search interface. If a user is given the ï¿½developerï¿½ role, they will be able to view the administrator API cred...

CWE-2662020

CVE-2022-2637

HIGH

CVSS:8.8(High)

Incorrect Privilege Assignment vulnerability in Hitachi Hitachi Storage Plug-in for VMware vCenter allows remote authenticated users to cause privilege escalation.This issue affects Hitachi Storage Pl...

CWE-2662022

CVE-2022-3496

HIGH

CVSS:8.8(High)

A vulnerability was found in SourceCodester Human Resource Management System 1.0 and classified as critical. This issue affects some unknown processing of the file employeeadd.php of the component Adm...

CWE-2662022

CVE-2022-3770

HIGH

CVSS:8.8(High)

A vulnerability classified as critical was found in Yunjing CMS. This vulnerability affects unknown code of the file /index/user/upload_img.html. The manipulation of the argument file leads to unrestr...

CWE-2662022

CVE-2022-20759

Vulnerability Description

Related Vulnerabilities

CVE-2020-7009

CVE-2020-7014

CVE-2020-7018

CVE-2022-2637

CVE-2022-3496

CVE-2022-3770