How severe is CVE-2022-20773?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.1 out of 10.

What type of vulnerability is CVE-2022-20773?

This is classified as CWE-321, which is a common weakness in software security.

CVE-2022-20773 - HIGH Severity | CVSS 8.1

Vulnerability Description

A vulnerability in the key-based SSH authentication mechanism of Cisco Umbrella Virtual Appliance (VA) could allow an unauthenticated, remote attacker to impersonate a VA. This vulnerability is due to the presence of a static SSH host key. An attacker could exploit this vulnerability by performing a man-in-the-middle attack on an SSH connection to the Umbrella VA. A successful exploit could allow the attacker to learn the administrator credentials, change configurations, or reload the VA. Note: SSH is not enabled by default on the Umbrella VA.

Related Vulnerabilities

CVE-2020-10884

HIGH

CVSS:8.1(High)

This vulnerability allows network-adjacent attackers execute arbitrary code on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. Authentication is not required to exploi...

CWE-3212020

CVE-2023-0391

HIGH

CVSS:8.1(High)

MGT-COMMERCE CloudPanel ships with a static SSL certificate to encrypt communications to the administrative interface, shared across every installation of CloudPanel. This behavior was observed in ver...

CWE-3212023

CVE-2024-1920

HIGH

CVSS:8.1(High)

A vulnerability, which was classified as critical, has been found in osuuu LightPicture up to 1.2.2. This issue affects the function handle of the file /app/middleware/TokenVerify.php. The manipulatio...

CWE-3212024

CVE-2024-30407

CRITICAL

CVSS:8.1(High)

The Use of a Hard-coded Cryptographic Key vulnerability in Juniper Networks Juniper Cloud Native Router (JCNR) and containerized routing Protocol Deamon (cRPD) products allows an attacker to perform P...

CWE-3212024

CVE-2024-58134

HIGH

CVSS:8.1(High)

Mojolicious versions from 0.999922 through 9.40 for Perl uses a hard coded string, or the application's class name, as a HMAC session secret by default. These predictable default secrets can be exploi...

CWE-3212024

CVE-2021-38461

HIGH

CVSS:8.2(High)

The affected product uses a hard-coded blowfish key for encryption/decryption processes. The key can be easily extracted from binaries.

CWE-3212021