Lucene search

CiscoCISCO-SA-ARB-FILE-DELETE-VB2RVCQV

HistorySep 28, 2022 - 4:00 p.m.

Cisco SD-WAN Arbitrary File Deletion Vulnerability

2022-09-2816:00:00

tools.cisco.com

cisco sd-wan

arbitrary file deletion

cli

cisco ios xe

local attacker

input validation

software updates

EPSS

Percentile

9.9%

JSON

A vulnerability in the CLI of stand-alone Cisco IOS XE SD-WAN Software and Cisco SD-WAN Software could allow an authenticated, local attacker to delete arbitrary files from the file system of an affected device.

This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by injecting arbitrary file path information when using commands in the CLI of an affected device. A successful exploit could allow the attacker to delete arbitrary files from the file system of the affected device.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-arb-file-delete-VB2rVcQv [“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-arb-file-delete-VB2rVcQv”]

Affected configurations

Vulners

Node

ciscosd-wan_solutionMatchany

ciscosd-wan_vmanageMatchany

ciscoios_xe_sd-wanMatch16.9

ciscoios_xe_sd-wan_16.10.4_when_installed_on_1000_series_integrated_servicesMatchany

ciscoasr_1000_series_softwareMatchany

ciscoios_xe_sd-wan_16.11.1_when_installed_on_4000_series_integrated_servicesMatchany

ciscointegrated_services_virtual_router_firmwareMatchany

ciscoios_xe_sd-wanMatchany

ciscosd-wan_solutionMatchany

ciscosd-wan_vmanageMatchany

ciscoios_xe_sd-wanMatch16.9.1

ciscoios_xe_sd-wanMatch16.9.2

ciscoios_xe_sd-wanMatch16.9.3

ciscoios_xe_sd-wanMatch16.9.4

ciscoios_xe_sd-wanMatch1000_series_integrated_services_routers

ciscoios_xe_sd-wanMatch1000_series_aggregation_services_routers

ciscoios_xe_sd-wanMatch4000_series_integrated_services_routers

ciscoios_xe_sd-wan_16.10.3b_when_installed_on_integrated_services_virtualMatchany

ciscoios_xe_sd-wanMatchany

ciscoios_xe_sd-wan_16.9.1_when_installed_on_integrated_services_virtualMatch1000_series_integrated_services_routers

ciscoios_xe_sd-wan_16.9.1_when_installed_on_integrated_services_virtualMatch1000_series_aggregation_services_routers

ciscoios_xe_sd-wan_16.9.1_when_installed_on_integrated_services_virtualMatch4000_series_integrated_services_routers

ciscoios_xe_sd-wanMatch16.9.1_when_installed_on_cisco_integrated_services_virtual_router

ciscoios_xe_sd-wan_16.9.2_when_installed_on_integrated_services_virtualMatch1000_series_integrated_services_routers

ciscoios_xe_sd-wan_16.9.2_when_installed_on_asr_1000_series_aggregation_servicesMatch1000_series_aggregation_services_routers

ciscoios_xe_sd-wan_16.9.2_when_installed_on_integrated_services_virtualMatch4000_series_integrated_services_routers

ciscoios_xe_sd-wanMatch16.9.2_when_installed_on_cisco_integrated_services_virtual_router

ciscoios_xe_sd-wan_16.9.3_when_installed_on_integrated_services_virtualMatch1000_series_integrated_services_routers

ciscoios_xe_sd-wan_16.9.3_when_installed_on_asr_1000_series_aggregation_servicesMatch1000_series_aggregation_services_routers

ciscoios_xe_sd-wan_16.9.3_when_installed_on_integrated_services_virtualMatch4000_series_integrated_services_routers

ciscoios_xe_sd-wanMatch16.9.3_when_installed_on_cisco_integrated_services_virtual_router

ciscoios_xe_sd-wan_16.9.4_when_installed_on_integrated_services_virtualMatch1000_series_integrated_services_routers

ciscoios_xe_sd-wan_16.9.4_when_installed_on_asr_1000_series_aggregation_servicesMatch1000_series_aggregation_services_routers

ciscoios_xe_sd-wanMatch16.9.4_when_installed_on_cisco_integrated_services_virtual_router

VendorProductVersionCPE
ciscosd-wan_solutionanycpe:2.3:a:cisco:sd-wan_solution:any:*:*:*:*:*:*:*
ciscosd-wan_vmanageanycpe:2.3:a:cisco:sd-wan_vmanage:any:*:*:*:*:*:*:*
ciscoios_xe_sd-wan16.9cpe:2.3:o:cisco:ios_xe_sd-wan:16.9:*:*:*:*:*:*:*
ciscoios_xe_sd-wan_16.10.4_when_installed_on_1000_series_integrated_servicesanycpe:2.3:o:cisco:ios_xe_sd-wan_16.10.4_when_installed_on_1000_series_integrated_services:any:*:*:*:*:*:*:*
ciscoasr_1000_series_softwareanycpe:2.3:a:cisco:asr_1000_series_software:any:*:*:*:*:*:*:*
ciscoios_xe_sd-wan_16.11.1_when_installed_on_4000_series_integrated_servicesanycpe:2.3:o:cisco:ios_xe_sd-wan_16.11.1_when_installed_on_4000_series_integrated_services:any:*:*:*:*:*:*:*
ciscointegrated_services_virtual_router_firmwareanycpe:2.3:o:cisco:integrated_services_virtual_router_firmware:any:*:*:*:*:*:*:*
ciscoios_xe_sd-wananycpe:2.3:o:cisco:ios_xe_sd-wan:any:*:*:*:*:*:*:*
ciscoios_xe_sd-wan16.9.1cpe:2.3:o:cisco:ios_xe_sd-wan:16.9.1:*:*:*:*:*:*:*
ciscoios_xe_sd-wan16.9.2cpe:2.3:o:cisco:ios_xe_sd-wan:16.9.2:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	sd-wan_solution	any	cpe:2.3:a:cisco:sd-wan_solution:any:::::::*
cisco	sd-wan_vmanage	any	cpe:2.3:a:cisco:sd-wan_vmanage:any:::::::*
cisco	ios_xe_sd-wan	16.9	cpe:2.3:o:cisco:ios_xe_sd-wan:16.9:::::::*
cisco	ios_xe_sd-wan_16.10.4_when_installed_on_1000_series_integrated_services	any	cpe:2.3:o:cisco:ios_xe_sd-wan_16.10.4_when_installed_on_1000_series_integrated_services:any:::::::*
cisco	asr_1000_series_software	any	cpe:2.3:a:cisco:asr_1000_series_software:any:::::::*
cisco	ios_xe_sd-wan_16.11.1_when_installed_on_4000_series_integrated_services	any	cpe:2.3:o:cisco:ios_xe_sd-wan_16.11.1_when_installed_on_4000_series_integrated_services:any:::::::*
cisco	integrated_services_virtual_router_firmware	any	cpe:2.3:o:cisco:integrated_services_virtual_router_firmware:any:::::::*
cisco	ios_xe_sd-wan	any	cpe:2.3:o:cisco:ios_xe_sd-wan:any:::::::*
cisco	ios_xe_sd-wan	16.9.1	cpe:2.3:o:cisco:ios_xe_sd-wan:16.9.1:::::::*
cisco	ios_xe_sd-wan	16.9.2	cpe:2.3:o:cisco:ios_xe_sd-wan:16.9.2:::::::*