Lucene search

CiscoCVE-2022-20930

HistorySep 30, 2022 - 7:15 p.m.

CVE-2022-20930

2022-09-3019:15:13

CWE-78

CWE-88

cisco

web.nvd.nist.gov

cve-2022-20930

cisco

sd-wan

software

vulnerability

authenticated

local attacker

overwrite

files

dos

CVSS3

6.7

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

5.2%

JSON

A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to overwrite and possibly corrupt files on an affected system. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by injecting arbitrary commands that are executed as the root user account. A successful exploit could allow the attacker to overwrite arbitrary system files, which could result in a denial of service (DoS) condition.

Affected configurations

Nvd

Node

ciscocatalyst_sd-wan_managerMatch20.8

ciscocatalyst_sd-wan_managerMatch20.9

ciscosd-wan_vbond_orchestratorRange<20.6.2

ciscosd-wan_vbond_orchestratorMatch20.8

ciscosd-wan_vbond_orchestratorMatch20.9

ciscosd-wan_vmanageRange<20.6.2

ciscosd-wan_vsmart_controllerRange<20.6.2

ciscosd-wan_vsmart_controllerMatch20.8

ciscosd-wan_vsmart_controllerMatch20.9

Node

ciscosd-wanRange<20.6.2

ciscosd-wanMatch20.8

ciscosd-wanMatch20.9

AND

ciscovedge_100Match-

ciscovedge_1000Match-

ciscovedge_100bMatch-

ciscovedge_100mMatch-

ciscovedge_100wmMatch-

ciscovedge_2000Match-

ciscovedge_5000Match-

VendorProductVersionCPE
ciscocatalyst_sd-wan_manager20.8cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.8:*:*:*:*:*:*:*
ciscocatalyst_sd-wan_manager20.9cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.9:*:*:*:*:*:*:*
ciscosd-wan_vbond_orchestrator*cpe:2.3:a:cisco:sd-wan_vbond_orchestrator:*:*:*:*:*:*:*:*
ciscosd-wan_vbond_orchestrator20.8cpe:2.3:a:cisco:sd-wan_vbond_orchestrator:20.8:*:*:*:*:*:*:*
ciscosd-wan_vbond_orchestrator20.9cpe:2.3:a:cisco:sd-wan_vbond_orchestrator:20.9:*:*:*:*:*:*:*
ciscosd-wan_vmanage*cpe:2.3:a:cisco:sd-wan_vmanage:*:*:*:*:*:*:*:*
ciscosd-wan_vsmart_controller*cpe:2.3:a:cisco:sd-wan_vsmart_controller:*:*:*:*:*:*:*:*
ciscosd-wan_vsmart_controller20.8cpe:2.3:a:cisco:sd-wan_vsmart_controller:20.8:*:*:*:*:*:*:*
ciscosd-wan_vsmart_controller20.9cpe:2.3:a:cisco:sd-wan_vsmart_controller:20.9:*:*:*:*:*:*:*
ciscosd-wan*cpe:2.3:a:cisco:sd-wan:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	catalyst_sd-wan_manager	20.8	cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.8:::::::*
cisco	catalyst_sd-wan_manager	20.9	cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.9:::::::*
cisco	sd-wan_vbond_orchestrator	*	cpe:2.3:a:cisco:sd-wan_vbond_orchestrator::::::::
cisco	sd-wan_vbond_orchestrator	20.8	cpe:2.3:a:cisco:sd-wan_vbond_orchestrator:20.8:::::::*
cisco	sd-wan_vbond_orchestrator	20.9	cpe:2.3:a:cisco:sd-wan_vbond_orchestrator:20.9:::::::*
cisco	sd-wan_vmanage	*	cpe:2.3:a:cisco:sd-wan_vmanage::::::::
cisco	sd-wan_vsmart_controller	*	cpe:2.3:a:cisco:sd-wan_vsmart_controller::::::::
cisco	sd-wan_vsmart_controller	20.8	cpe:2.3:a:cisco:sd-wan_vsmart_controller:20.8:::::::*
cisco	sd-wan_vsmart_controller	20.9	cpe:2.3:a:cisco:sd-wan_vsmart_controller:20.9:::::::*
cisco	sd-wan	*	cpe:2.3:a:cisco:sd-wan::::::::

Rows per page:

1-10 of 191

CNA Affected

[
  {
    "product": "Cisco SD-WAN vManage",
    "vendor": "Cisco",
    "versions": [
      {
        "status": "affected",
        "version": "n/a"
      }
    ]
  }
]