CVE-2022-20930

A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to overwrite and possibly corrupt files on an affected system. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by injecting arbitrary commands that are executed as the root user account. A successful exploit could allow the attacker to overwrite arbitrary system files, which could result in a denial of service (DoS) condition.

Published: Sep 30, 2022
Updated: Apr 14, 2023
CVE: CVE-2022-20930
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.7
AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-78

OWASP TOP 10:

A1 - Injection

Affected Software
References

Software	From	Fixed in
cisco / sd-wan_vbond_orchestrator	20.8	20.8.x
cisco / sd-wan_vsmart_controller	20.8	20.8.x
cisco / sd-wan_vsmart_controller	-	20.6.2
cisco / sd-wan_vmanage	-	20.6.2
cisco / sd-wan_vbond_orchestrator	-	20.6.2
cisco / sd-wan_vbond_orchestrator	20.9	20.9.x
cisco / sd-wan_vsmart_controller	20.9	20.9.x
cisco / sd-wan	-	20.6.2
cisco / sd-wan	20.8	20.8.x
cisco / sd-wan	20.9	20.9.x
cisco / catalyst_sd-wan_manager	20.9	20.9.x
cisco / catalyst_sd-wan_manager	20.8	20.8.x

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-privesc-cli-xkGwmqKu

Vulnerability Database

289,599

CVE-2022-20930