CVE-2022-20716

A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain escalated privileges. This vulnerability is due to improper access control on files within the affected system. A local attacker could exploit this vulnerability by modifying certain files on the vulnerable device. If successful, the attacker could gain escalated privileges and take actions on the system with the privileges of the root user.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:cisco:sd-wan_vbond_orchestrator:-:*:*:*:*:*:*:*
cpe:2.3:a:cisco:sd-wan_vmanage:-:*:*:*:*:*:*:*
cpe:2.3:a:cisco:sd-wan_vedge_router:-:*:*:*:*:*:*:*
cpe:2.3:a:cisco:sd-wan_solution:-:*:*:*:*:*:*:*
cpe:2.3:a:cisco:sd-wan_vedge_cloud:-:*:*:*:*:*:*:*
cpe:2.3:a:cisco:sd-wan_vsmart_controller_software:-:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:cisco:sd-wan:*:*:*:*:*:*:*:*
cpe:2.3:a:cisco:sd-wan:*:*:*:*:*:*:*:*

History

13 May 2022, 17:50

Type Values Removed Values Added
First Time Cisco sd-wan Vedge Router
Cisco sd-wan Vmanage
Cisco sd-wan Vbond Orchestrator
Cisco sd-wan Solution
Cisco sd-wan Vsmart Controller Software
Cisco sd-wan
Cisco
Cisco sd-wan Vedge Cloud
References (CISCO) https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sd-wan-file-access-VW36d28P - (CISCO) https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sd-wan-file-access-VW36d28P - Vendor Advisory
CWE NVD-CWE-noinfo
CVSS v2 : unknown
v3 : unknown
v2 : 7.2
v3 : 7.8
CPE cpe:2.3:a:cisco:sd-wan_vbond_orchestrator:-:*:*:*:*:*:*:*
cpe:2.3:a:cisco:sd-wan_vmanage:-:*:*:*:*:*:*:*
cpe:2.3:a:cisco:sd-wan_solution:-:*:*:*:*:*:*:*
cpe:2.3:a:cisco:sd-wan_vedge_router:-:*:*:*:*:*:*:*
cpe:2.3:a:cisco:sd-wan_vedge_cloud:-:*:*:*:*:*:*:*
cpe:2.3:a:cisco:sd-wan_vsmart_controller_software:-:*:*:*:*:*:*:*
cpe:2.3:a:cisco:sd-wan:*:*:*:*:*:*:*:*

15 Apr 2022, 15:22

Type Values Removed Values Added
New CVE

Information

Published : 2022-04-15 15:15

Updated : 2022-05-13 17:50


NVD link : CVE-2022-20716

Mitre link : CVE-2022-20716


JSON object : View

Products Affected

cisco

  • sd-wan_vedge_router
  • sd-wan_solution
  • sd-wan_vsmart_controller_software
  • sd-wan_vedge_cloud
  • sd-wan_vbond_orchestrator
  • sd-wan_vmanage
  • sd-wan