CVE-2022-20732

Name of the Vulnerable Software and Affected Versions Cisco Virtualized Infrastructure Manager (VIM) (affected versions not specified)

Description The issue is related to insufficient access control in the configuration file protections of Cisco Virtualized Infrastructure Manager (VIM). This could allow an authenticated, local attacker to access confidential information and elevate privileges on an affected device. The vulnerability is due to improper access permissions for certain configuration files. An attacker with low-privileged credentials could exploit this by accessing an affected device and reading the affected configuration files, potentially obtaining internal database credentials. This access could be used to view and modify the database contents and elevate privileges on the device.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.