var-202204-0949
Vulnerability from variot
A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain escalated privileges. This vulnerability is due to improper access control on files within the affected system. A local attacker could exploit this vulnerability by modifying certain files on the vulnerable device. If successful, the attacker could gain escalated privileges and take actions on the system with the privileges of the root user. Cisco SD-WAN Software Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202204-0949", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "sd-wan", "scope": "gte", "trust": 1.0, "vendor": "cisco", "version": "20.7" }, { "model": "sd-wan", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "20.6.1" }, { "model": "sd-wan vedge cloud", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": null }, { "model": "sd-wan vedge router", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": null }, { "model": "sd-wan solution", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": null }, { "model": "sd-wan vsmart controller software", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": null }, { "model": "sd-wan", "scope": "lt", "trust": 1.0, "vendor": "cisco", "version": "20.7.1" }, { "model": "sd-wan vbond orchestrator", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": null }, { "model": "sd-wan", "scope": "gte", "trust": 1.0, "vendor": "cisco", "version": "18.4" }, { "model": "catalyst sd-wan manager", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": null }, { "model": "cisco sd-wan vmanage", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba", "version": null }, { "model": "cisco sd-wan", "scope": "eq", "trust": 0.8, "vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba", "version": "solution" }, { "model": "cisco sd-wan", "scope": "eq", "trust": 0.8, "vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba", "version": "vmanage" }, { "model": "cisco sd-wan solution", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba", "version": null }, { "model": "cisco sd-wan vedge cloud router", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba", "version": null }, { "model": "cisco sd-wan", "scope": "eq", "trust": 0.8, "vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba", "version": "vedge cloud router" }, { "model": "cisco sd-wan", "scope": "eq", "trust": 0.8, "vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba", "version": null }, { "model": "cisco sd-wan", "scope": "eq", "trust": 0.8, "vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba", "version": "vedge router" }, { "model": "cisco sd-wan vedge router", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba", "version": null }, { "model": "cisco sd-wan", "scope": "eq", "trust": 0.8, "vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba", "version": "vbond orchestrator" }, { "model": "cisco sd-wan vbond orchestrator", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba", "version": null }, { "model": "cisco sd-wan", "scope": "eq", "trust": 0.8, "vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba", "version": "vsmart controller software" }, { "model": "cisco sd-wan vsmart controller software", "scope": "eq", "trust": 0.8, "vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba", "version": null } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-011196" }, { "db": "NVD", "id": "CVE-2022-20716" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:cisco:sd-wan_vbond_orchestrator:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:sd-wan_vedge_router:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:sd-wan_solution:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:sd-wan_vedge_cloud:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:sd-wan_vsmart_controller_software:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:cisco:sd-wan:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "20.7.1", "versionStartIncluding": "20.7", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:cisco:sd-wan:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "20.6.1", "versionStartIncluding": "18.4", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2022-20716" } ] }, "cve": "CVE-2022-20716", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "author": "NVD", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 3.9, "impactScore": 10.0, "integrityImpact": "COMPLETE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Local", "authentication": "None", "author": "NVD", "availabilityImpact": "Complete", "baseScore": 7.2, "confidentialityImpact": "Complete", "exploitabilityScore": null, "id": "CVE-2022-20716", "impactScore": null, "integrityImpact": "Complete", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "High", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 3.9, "id": "VHN-405269", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.1, "vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 2.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "NVD", "availabilityImpact": "High", "baseScore": 7.8, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2022-20716", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "Low", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2022-20716", "trust": 1.8, "value": "HIGH" }, { "author": "ykramarz@cisco.com", "id": "CVE-2022-20716", "trust": 1.0, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202204-3356", "trust": 0.6, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-405269", "trust": 0.1, "value": "HIGH" }, { "author": "VULMON", "id": "CVE-2022-20716", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-405269" }, { "db": "VULMON", "id": "CVE-2022-20716" }, { "db": "JVNDB", "id": "JVNDB-2022-011196" }, { "db": "CNNVD", "id": "CNNVD-202204-3356" }, { "db": "NVD", "id": "CVE-2022-20716" }, { "db": "NVD", "id": "CVE-2022-20716" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain escalated privileges. This vulnerability is due to improper access control on files within the affected system. A local attacker could exploit this vulnerability by modifying certain files on the vulnerable device. If successful, the attacker could gain escalated privileges and take actions on the system with the privileges of the root user. Cisco SD-WAN Software Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state", "sources": [ { "db": "NVD", "id": "CVE-2022-20716" }, { "db": "JVNDB", "id": "JVNDB-2022-011196" }, { "db": "VULHUB", "id": "VHN-405269" }, { "db": "VULMON", "id": "CVE-2022-20716" } ], "trust": 1.8 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2022-20716", "trust": 3.4 }, { "db": "JVNDB", "id": "JVNDB-2022-011196", "trust": 0.8 }, { "db": "CS-HELP", "id": "SB2022041503", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202204-3356", "trust": 0.6 }, { "db": "VULHUB", "id": "VHN-405269", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2022-20716", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-405269" }, { "db": "VULMON", "id": "CVE-2022-20716" }, { "db": "JVNDB", "id": "JVNDB-2022-011196" }, { "db": "CNNVD", "id": "CNNVD-202204-3356" }, { "db": "NVD", "id": "CVE-2022-20716" } ] }, "id": "VAR-202204-0949", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-405269" } ], "trust": 0.9398085749999999 }, "last_update_date": "2024-02-13T01:49:01.238000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "cisco-sa-sd-wan-file-access-VW36d28P", "trust": 0.8, "url": "https://sec.cloudapps.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-sd-wan-file-access-vw36d28p" }, { "title": "Cisco: Cisco SD-WAN Solution Improper Access Control Vulnerability", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-sd-wan-file-access-vw36d28p" }, { "title": "CVE-2022-XXXX", "trust": 0.1, "url": "https://github.com/alphabugx/cve-2022-23305 " }, { "title": "CVE-2022-XXXX", "trust": 0.1, "url": "https://github.com/alphabugx/cve-2022-rce " } ], "sources": [ { "db": "VULMON", "id": "CVE-2022-20716" }, { "db": "JVNDB", "id": "JVNDB-2022-011196" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-Other", "trust": 1.0 }, { "problemtype": "others (CWE-Other) [NVD evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-011196" }, { "db": "NVD", "id": "CVE-2022-20716" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.8, "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-sd-wan-file-access-vw36d28p" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-20716" }, { "trust": 0.6, "url": "https://cxsecurity.com/cveshow/cve-2022-20716/" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/cisco-sd-wan-solution-privilege-escalation-via-cli-38059" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022041503" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://sec.cloudapps.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-sd-wan-file-access-vw36d28p" }, { "trust": 0.1, "url": "https://github.com/alphabugx/cve-2022-23305" } ], "sources": [ { "db": "VULHUB", "id": "VHN-405269" }, { "db": "VULMON", "id": "CVE-2022-20716" }, { "db": "JVNDB", "id": "JVNDB-2022-011196" }, { "db": "CNNVD", "id": "CNNVD-202204-3356" }, { "db": "NVD", "id": "CVE-2022-20716" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-405269" }, { "db": "VULMON", "id": "CVE-2022-20716" }, { "db": "JVNDB", "id": "JVNDB-2022-011196" }, { "db": "CNNVD", "id": "CNNVD-202204-3356" }, { "db": "NVD", "id": "CVE-2022-20716" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-04-15T00:00:00", "db": "VULHUB", "id": "VHN-405269" }, { "date": "2022-04-15T00:00:00", "db": "VULMON", "id": "CVE-2022-20716" }, { "date": "2023-08-21T00:00:00", "db": "JVNDB", "id": "JVNDB-2022-011196" }, { "date": "2022-04-13T00:00:00", "db": "CNNVD", "id": "CNNVD-202204-3356" }, { "date": "2022-04-15T15:15:13.063000", "db": "NVD", "id": "CVE-2022-20716" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-05-13T00:00:00", "db": "VULHUB", "id": "VHN-405269" }, { "date": "2023-11-07T00:00:00", "db": "VULMON", "id": "CVE-2022-20716" }, { "date": "2023-08-21T04:13:00", "db": "JVNDB", "id": "JVNDB-2022-011196" }, { "date": "2023-06-28T00:00:00", "db": "CNNVD", "id": "CNNVD-202204-3356" }, { "date": "2023-11-07T03:42:42.747000", "db": "NVD", "id": "CVE-2022-20716" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202204-3356" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Cisco\u00a0SD-WAN\u00a0Software\u00a0 Vulnerability in", "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-011196" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "other", "sources": [ { "db": "CNNVD", "id": "CNNVD-202204-3356" } ], "trust": 0.6 } }
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.