CVE-2022-20630

{"id": "CVE-2022-20630", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Secondary", "source": "ykramarz@cisco.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.4, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 0.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.4, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 0.8}]}, "published": "2022-02-10T18:15:08.860", "references": [{"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dnac-info-disc-8QEynKEj", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}, {"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dnac-info-disc-8QEynKEj", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "ykramarz@cisco.com", "description": [{"lang": "en", "value": "CWE-200"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-532"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the audit log of Cisco DNA Center could allow an authenticated, local attacker to view sensitive information in clear text. This vulnerability is due to the unsecured logging of sensitive information on an affected system. An attacker with administrative privileges could exploit this vulnerability by accessing the audit logs through the CLI. A successful exploit could allow the attacker to retrieve sensitive information that includes user credentials."}, {"lang": "es", "value": "Una vulnerabilidad en el registro de auditor\u00eda de Cisco DNA Center podr\u00eda permitir a un atacante local autenticado visualizar informaci\u00f3n confidencial en texto sin cifrar. Esta vulnerabilidad es debido a una falta de seguridad en el registro de informaci\u00f3n confidencial en el sistema afectado. Un atacante con privilegios administrativos podr\u00eda explotar esta vulnerabilidad al acceder a los registros de auditor\u00eda mediante la CLI. Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir al atacante recuperar informaci\u00f3n confidencial que incluye credenciales de usuario"}], "lastModified": "2024-11-21T06:43:11.887", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cisco:dna_center:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "66415B51-F19E-4383-AEF8-6A7502EB0F68", "versionEndExcluding": "2.2.2.8", "versionStartIncluding": "2.1.2.0"}, {"criteria": "cpe:2.3:a:cisco:dna_center:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "01FD99C4-BCB1-417E-ADCE-73314AD2E857", "versionEndExcluding": "2.2.3.4", "versionStartIncluding": "2.2.3.0"}], "operator": "OR"}]}], "sourceIdentifier": "ykramarz@cisco.com"}