CVE-2022-20921
HIGHCisco ACI Multi-Site Orchestrator < 3.1(1n) - Authenticated Privilege Escalation via API
Title source: llmDescription
A vulnerability in the API implementation of Cisco ACI Multi-Site Orchestrator (MSO) could allow an authenticated, remote attacker to elevate privileges on an affected device. This vulnerability is due to improper authorization on specific APIs. An attacker could exploit this vulnerability by sending crafted HTTP requests. A successful exploit could allow an attacker who is authenticated with non-Administrator privileges to elevate to Administrator privileges on an affected device.
References (1)
Core 1
Core References
Vendor Advisory vendor-advisory
x_refsource_cisco
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-mso-prvesc-BPFp9cZs
Scores
CVSS v3
8.8
EPSS
0.0053
EPSS Percentile
67.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-285
Status
published
Products (1)
cisco/aci_multi-site_orchestrator
< 3.1\(1n\)
Published
Aug 25, 2022
Tracked Since
Feb 18, 2026