Vulnerability Description
A vulnerability in the API implementation of Cisco ACI Multi-Site Orchestrator (MSO) could allow an authenticated, remote attacker to elevate privileges on an affected device. This vulnerability is due to improper authorization on specific APIs. An attacker could exploit this vulnerability by sending crafted HTTP requests. A successful exploit could allow an attacker who is authenticated with non-Administrator privileges to elevate to Administrator privileges on an affected device.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Aci Multi-Site Orchestrator | < 3.1\(1n\) |
Related Weaknesses (CWE)
References
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-mVendor Advisory
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-mVendor Advisory
FAQ
What is CVE-2022-20921?
CVE-2022-20921 is a vulnerability with a CVSS score of 8.8 (HIGH). A vulnerability in the API implementation of Cisco ACI Multi-Site Orchestrator (MSO) could allow an authenticated, remote attacker to elevate privileges on an affected device. This vulnerability is du...
How severe is CVE-2022-20921?
CVE-2022-20921 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-20921?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Aci Multi-Site Orchestrator.