• Home
  • |
  • Blog
  • |
  • How To Fix CVE-2022-20732- A Privilege Escalation Vulnerability In Cisco VIM
How to Fix CVE-2022-20732- A Privilege Escalation Vulnerability in Cisco VIM

The network appliances manufacturer giant Cisco published an advisory on 21at April in which Cisco detailed a privilege escalation vulnerability in Cisco VIM (Virtualized Infrastructure Manager). The vulnerability tracked as CVE-2022-20732 is a high severity vulnerability with a CVSS score of 7.8 out of 10. The flaw allows an authenticated, local attacker to access confidential information and elevate privileges on an affected device. Since this flaw poses unauthorized access to confidential information and privilege escalation, users of Cisco VIM should be aware of this flaw and address it as soon as possible. Let’s see how to fix CVE-2022-20732, a privilege escalation vulnerability in Cisco VIM (Virtualized Infrastructure Manager).

About Cisco Virtualized Infrastructure Manager:

Virtualized Infrastructure Manager (VIM) is Cisco’s enterprise-class solution for managing virtualized infrastructures. It enables customers to centrally manage and provision their Cisco Unified Computing System™ (Cisco UCS®), Cisco Nexus®, and Cisco MDS 9000 Series Switches, as well as other third-party devices in the data center. Cisco VIM provides a unified view of all devices in the data center, making it easy to provision and manage them from a single console.

Cisco VIM offers many benefits, including:

  • Reduced complexity: Cisco VIM simplifies management of virtualized infrastructures by providing a unified view of all devices in the data center.
  • Improved efficiency: Cisco VIM enables customers to provision and manage Cisco UCS, Cisco Nexus, and Cisco MDS 9000 Series Switches from a single console.
  • ncreased agility: Cisco VIM helps customers quickly respond to changes in their data center environment by enabling them to rapidly provision new services and applications.
  • Enhanced security: Cisco VIM provides role-based access control, which helps ensure that only authorized users can access the system.

Cisco VIM is an ideal solution for managing virtualized infrastructures, providing customers with the benefits of reduced complexity, increased efficiency, improved agility, and enhanced security.

Summary Of CVE-2022-20732:

This is a privilege escalation vulnerability in Cisco VIM (Virtualized Infrastructure Manager). The advisory says that this vulnerability is due to improper access permissions for certain configuration files. This could lead to protection issues and allowed users with low-privileged credentials to read affected configuration files.

This unauthorized access flaw allows an authenticated, local attacker to access confidential information such as internal database credentials. Attackers further use these database credentials to view and modify the contents of the database and elevate privileges on an affected device

Associated CVE IDCVE-2022-20732
DescriptionA Privilege Escalation Vulnerability in Cisco VIM
Associated ZDI ID
CVSS Score7.8 High
VectorCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Impact Score
Exploitability Score
Attack Vector (AV)Local
Attack Complexity (AC)Low
Privilege Required (PR)Low
User Interaction (UI)None
ScopeUnchanged
Confidentiality (C)High
Integrity (I)High
availability (a)High

Products Affected By CVE-2022-20732:

This vulnerability affects all versions of  Cisco VIM 3.6 and earlier. Please check the version of your Cisco VIM and fix the CVE-2022-20732 flaw as per your change schedule.

How To Fix CVE-2022-20732- A Privilege Escalation Vulnerability In Cisco VIM?

The issue is very simple and easy to mitigate. Set the permissions of ‘app.conf’ file to ‘600’. You can easily set the permission using chmod command.

# chmod 600 /opt/cisco/mercury_restapi/app.conf

If you want to permanently fix the CVE-2022-20732 vulnerability. Upgrade your Cisco VIM to v4.2.2.

Cisco Virtualized Infrastructure Manager SoftwareFirst Fixed Release
3.6 and earlierMigrate to a fixed release.
4.0.04.2.2

We hope this post will help you know how to fix CVE-2022-20732, a privilege escalation vulnerability in Cisco VIM (Virtualized Infrastructure Manager). Please share this post and help to secure the digital world. Visit our social media page on FacebookLinkedInTwitterTelegramTumblr, & Medium and subscribe to receive updates like this. 

About the author

Arun KL

Hi All, I am Arun KL, an IT Security Professional. Founder of “thesecmaster.com”. Enthusiast, Security Blogger, Technical Writer, Editor, Author at TheSecMaster. To know more about me. Follow me on LinkedIn

Leave a Reply

Your email address will not be published. Required fields are marked

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}

Learn Something New with Free Email subscription

Email is also one of the ways to be in touch with us. Our free subscription plan offers you to receive post updates straight to your inbox.