CVE-2022-20930

MEDIUM

Cisco Catalyst Sd-wan Manager < 20.6.2 - Denial of Service

Title source: rule

Description

A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to overwrite and possibly corrupt files on an affected system. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by injecting arbitrary commands that are executed as the root user account. A successful exploit could allow the attacker to overwrite arbitrary system files, which could result in a denial of service (DoS) condition.

References (1)

[Vendor Advisory] https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-privesc-cli-xkGwmqKu

Scores

CVSS v3 6.7

EPSS 0.0033

EPSS Percentile 55.4%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-78 CWE-88

Status published

Affected Products (12)

cisco/catalyst_sd-wan_manager

cisco/sd-wan_vbond_orchestrator < 20.6.2

cisco/sd-wan_vbond_orchestrator

cisco/sd-wan_vmanage < 20.6.2

cisco/sd-wan_vsmart_controller < 20.6.2

cisco/sd-wan_vsmart_controller

cisco/sd-wan < 20.6.2

cisco/sd-wan

Timeline

Published Sep 30, 2022

Tracked Since Feb 18, 2026