CVE-2022-20734

A vulnerability in Cisco SD-WAN vManage Software could allow an authenticated, local attacker to view sensitive information on an affected system. This vulnerability is due to insufficient file system restrictions. An authenticated attacker with netadmin privileges could exploit this vulnerability by accessing the vshell of an affected system. A successful exploit could allow the attacker to read sensitive information on the underlying operating system.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:cisco:sd-wan_vmanage:*:*:*:*:*:*:*:*
cpe:2.3:a:cisco:sd-wan_vmanage:*:*:*:*:*:*:*:*

History

11 May 2022, 20:28

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : 4.9
v3 : 4.4
CPE cpe:2.3:a:cisco:sd-wan_vmanage:*:*:*:*:*:*:*:*
CWE CWE-200
First Time Cisco
Cisco sd-wan Vmanage
References (CISCO) https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmge-infodc-WPSkAMhp - (CISCO) https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmge-infodc-WPSkAMhp - Vendor Advisory

04 May 2022, 18:15

Type Values Removed Values Added
Summary A vulnerability in Cisco SD-WAN vManage Software could allow an authenticated, local attacker to view sensitive information on an affected system. This vulnerability is due to insufficient file system restrictions. An authenticated attacker with netadmin privileges could exploit this vulnerability by accessing the vshell of an affected system. A successful exploit could allow the attacker to read sensitive information on the underlying operating system. A vulnerability in Cisco SD-WAN vManage Software could allow an authenticated, local attacker to view sensitive information on an affected system. This vulnerability is due to insufficient file system restrictions. An authenticated attacker with netadmin privileges could exploit this vulnerability by accessing the vshell of an affected system. A successful exploit could allow the attacker to read sensitive information on the underlying operating system.

04 May 2022, 17:15

Type Values Removed Values Added
New CVE

Information

Published : 2022-05-04 17:15

Updated : 2022-05-11 20:28


NVD link : CVE-2022-20734

Mitre link : CVE-2022-20734


JSON object : View

Products Affected

cisco

  • sd-wan_vmanage
CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor