CVE-2022-20818

Multiple vulnerabilities in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain elevated privileges. These vulnerabilities are due to improper access controls on commands within the application CLI. An attacker could exploit these vulnerabilities by running a malicious command on the application CLI. A successful exploit could allow the attacker to execute arbitrary commands as the root user.

Published: Sep 30, 2022
Updated: Apr 14, 2023
CVE: CVE-2022-20818
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.8
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-22

OWASP TOP 10:

A5 - Broken Access Control

Affected Software
References

Software	From	Fixed in
cisco / sd-wan_vbond_orchestrator	-	20.9
cisco / sd-wan_vmanage	-	20.9
cisco / sd-wan_vsmart_controller	-	20.9
cisco / sd-wan	-	20.9

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sd-wan-priv-E6e8tEdF

Vulnerability Database

289,599

CVE-2022-20818