Lucene search

PRIOn knowledge basePRION:CVE-2023-20098

HistoryMay 09, 2023 - 6:15 p.m.

Directory traversal

2023-05-0918:15:00

PRIOn knowledge base

www.prio-n.com

vulnerability

cisco sdwan

cli

deletion

arbitrary files

system commands

directory traversal

administrative privileges

6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

10.0%

JSON

A vulnerability in the CLI of Cisco SDWAN vManage Software could allow an authenticated, local attacker to delete arbitrary files.

This vulnerability is due to improper filtering of directory traversal character sequences within system commands. An attacker with administrative privileges could exploit this vulnerability by running a system command containing directory traversal character sequences to target an arbitrary file. A successful exploit could allow the attacker to delete arbitrary files from the system, including files owned by root.

CPENameOperatorVersion
catalyst_sd-wan_managereq20.11
sd-wan_vmanagelt20.9.1

CPE	Name	Operator	Version
	catalyst_sd-wan_manager	eq	20.11
	sd-wan_vmanage	lt	20.9.1

References

sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-vmanage-wfnqmYhN