CVE-2022-20930

MEDIUM

Cisco Catalyst Sd-wan Manager < 20.6.2 - Denial of Service

Title source: rule

Description

A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to overwrite and possibly corrupt files on an affected system. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by injecting arbitrary commands that are executed as the root user account. A successful exploit could allow the attacker to overwrite arbitrary system files, which could result in a denial of service (DoS) condition.

References (1)

[Vendor Advisory] https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-privesc-cli-xkGwmqKu

Scores

CVSS v3 6.7

EPSS 0.0033

EPSS Percentile 55.7%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-78 CWE-88

Status published

Products (12)

cisco/catalyst_sd-wan_manager 20.8

cisco/catalyst_sd-wan_manager 20.9

cisco/sd-wan 20.8

cisco/sd-wan 20.9

cisco/sd-wan < 20.6.2

cisco/sd-wan_vbond_orchestrator 20.8

cisco/sd-wan_vbond_orchestrator 20.9

cisco/sd-wan_vbond_orchestrator < 20.6.2

cisco/sd-wan_vmanage < 20.6.2

cisco/sd-wan_vsmart_controller 20.8

... and 2 more

Published Sep 30, 2022

Tracked Since Feb 18, 2026