CVE-2022-20830

2022-10-1021:15:10

CWE-306

[email protected]

web.nvd.nist.gov

cisco

sd-avc

vulnerability

remote access

gui

authentication

exploit

dns server

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

EPSS

0.001

Percentile

45.4%

JSON

A vulnerability in authentication mechanism of Cisco Software-Defined Application Visibility and Control (SD-AVC) on Cisco vManage could allow an unauthenticated, remote attacker to access the GUI of Cisco SD-AVC without authentication. This vulnerability exists because the GUI is accessible on self-managed cloud installations or local server installations of Cisco vManage. An attacker could exploit this vulnerability by accessing the exposed GUI of Cisco SD-AVC. A successful exploit could allow the attacker to view managed device names, SD-AVC logs, and SD-AVC DNS server IP addresses.

Affected configurations

Nvd

Node

ciscocatalyst_sd-wan_managerRange20.4–20.6.1

ciscocatalyst_sd-wan_managerMatch20.7

ciscosd-wan_vmanageRange18.4–20.3.4.1

VendorProductVersionCPE
ciscocatalyst_sd-wan_manager*cpe:2.3:a:cisco:catalyst_sd-wan_manager:*:*:*:*:*:*:*:*
ciscocatalyst_sd-wan_manager20.7cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.7:*:*:*:*:*:*:*
ciscosd-wan_vmanage*cpe:2.3:a:cisco:sd-wan_vmanage:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	catalyst_sd-wan_manager	*	cpe:2.3:a:cisco:catalyst_sd-wan_manager::::::::
cisco	catalyst_sd-wan_manager	20.7	cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.7:::::::*
cisco	sd-wan_vmanage	*	cpe:2.3:a:cisco:sd-wan_vmanage::::::::