Lucene search

[email protected]CVE-2022-20716

HistoryApr 15, 2022 - 3:15 p.m.

CVE-2022-20716

2022-04-1515:15:13

CWE-284

[email protected]

web.nvd.nist.gov

cisco

sd-wan

software

vulnerability

local attacker

escalated privileges

access control

nvd

cve-2022-20716

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.7 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain escalated privileges. This vulnerability is due to improper access control on files within the affected system. A local attacker could exploit this vulnerability by modifying certain files on the vulnerable device. If successful, the attacker could gain escalated privileges and take actions on the system with the privileges of the root user.

Affected configurations

NVD

Node

ciscocatalyst_sd-wan_managerMatch-

ciscosd-wan_solutionMatch-

ciscosd-wan_vbond_orchestratorMatch-

ciscosd-wan_vedge_cloudMatch-

ciscosd-wan_vedge_routerMatch-

ciscosd-wan_vsmart_controller_softwareMatch-

Node

ciscosd-wanRange18.4–20.6.1

ciscosd-wanRange20.7–20.7.1

CPENameOperatorVersion
cisco:catalyst_sd-wan_managercisco catalyst sd-wan managereq-
cisco:sd-wan_solutioncisco sd-wan solutioneq-
cisco:sd-wan_vbond_orchestratorcisco sd-wan vbond orchestratoreq-
cisco:sd-wan_vedge_cloudcisco sd-wan vedge cloudeq-
cisco:sd-wan_vedge_routercisco sd-wan vedge routereq-
cisco:sd-wan_vsmart_controller_softwarecisco sd-wan vsmart controller softwareeq-

CPE	Name	Operator	Version
cisco:catalyst_sd-wan_manager	cisco catalyst sd-wan manager	eq	-
cisco:sd-wan_solution	cisco sd-wan solution	eq	-
cisco:sd-wan_vbond_orchestrator	cisco sd-wan vbond orchestrator	eq	-
cisco:sd-wan_vedge_cloud	cisco sd-wan vedge cloud	eq	-
cisco:sd-wan_vedge_router	cisco sd-wan vedge router	eq	-
cisco:sd-wan_vsmart_controller_software	cisco sd-wan vsmart controller software	eq	-

CNA Affected

[
  {
    "product": "Cisco SD-WAN Solution ",
    "vendor": "Cisco",
    "versions": [
      {
        "status": "affected",
        "version": "n/a"
      }
    ]
  }
]

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sd-wan-file-access-VW36d28P

Social References

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.7 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2022-20716

prion1 cvelist1 cisco1 nvd1 nessus1