How severe is CVE-2022-20855?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.7 out of 10.

What type of vulnerability is CVE-2022-20855?

This is classified as CWE-266, which is a common weakness in software security.

CVE-2022-20855 - MEDIUM Severity | CVSS 6.7

Vulnerability Description

A vulnerability in the self-healing functionality of Cisco IOS XE Software for Embedded Wireless Controllers on Catalyst Access Points could allow an authenticated, local attacker to escape the restricted controller shell and execute arbitrary commands on the underlying operating system of the access point. This vulnerability is due to improper checks throughout the restart of certain system processes. An attacker could exploit this vulnerability by logging on to an affected device and executing certain CLI commands. A successful exploit could allow the attacker to execute arbitrary commands on the underlying OS as root. To successfully exploit this vulnerability, an attacker would need valid credentials for a privilege level 15 user of the wireless controller.

Related Vulnerabilities

CVE-2023-6477

MEDIUM

CVSS:6.7(Medium)

An issue has been discovered in GitLab EE affecting all versions starting from 16.5 before 16.7.6, all versions starting from 16.8 before 16.8.3, all versions starting from 16.9 before 16.9.1. When a ...

CWE-2662023

CVE-2024-27460

MEDIUM

CVSS:6.7(Medium)

A privilege escalation exists in the updater for Plantronics Hub 3.25.1 and below.

CWE-2662024

CVE-2024-37132

MEDIUM

CVSS:6.7(Medium)

Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contain an incorrect privilege assignment vulnerability. A high privileged attacker with local access could potentially exploit this vulnerabilit...

CWE-2662024

CVE-2024-37134

MEDIUM

CVSS:6.7(Medium)

Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contain an improper privilege management vulnerability. A local high privileged attacker could potentially exploit this vulnerability to gain roo...

CWE-2662024

CVE-2024-39579

MEDIUM

CVSS:6.7(Medium)

Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contains an incorrect privilege assignment vulnerability. A local high privileged attacker could potentially exploit this vulnerability to gain r...

CWE-2662024

CVE-2025-4692

MEDIUM

CVSS:6.8(Medium)

Actors can use a maliciously crafted JavaScript object notation (JSON) web token (JWT) to perform privilege escalation by submitting the malicious JWT to a vulnerable method exposed on the cloud platf...

CWE-2662025