Lucene search

[email protected]NVD:CVE-2023-20098

HistoryMay 09, 2023 - 6:15 p.m.

CVE-2023-20098

2023-05-0918:15:11

CWE-24

CWE-22

[email protected]

web.nvd.nist.gov

cve-2023-20098

cisco sdwan vmanage

directory traversal

administrative privileges

system commands

arbitrary files

6 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H

5.1 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.9%

JSON

A vulnerability in the CLI of Cisco SDWAN vManage Software could allow an authenticated, local attacker to delete arbitrary files.

This vulnerability is due to improper filtering of directory traversal character sequences within system commands. An attacker with administrative privileges could exploit this vulnerability by running a system command containing directory traversal character sequences to target an arbitrary file. A successful exploit could allow the attacker to delete arbitrary files from the system, including files owned by root.

Affected configurations

NVD

Node

ciscocatalyst_sd-wan_managerMatch20.11

ciscosd-wan_vmanageRange<20.9.1

References

sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-vmanage-wfnqmYhN

6 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H

5.1 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.9%

JSON

Related for NVD:CVE-2023-20098

cve1 prion1 nessus1 cisco1 cvelist1