var-202209-1949
Vulnerability from variot
A vulnerability in the CLI of stand-alone Cisco IOS XE SD-WAN Software and Cisco SD-WAN Software could allow an authenticated, local attacker to delete arbitrary files from the file system of an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by injecting arbitrary file path information when using commands in the CLI of an affected device. A successful exploit could allow the attacker to delete arbitrary files from the file system of the affected device. Cisco SD-WAN vBond Orchestrator , Cisco SD-WAN vManage , Cisco SD-WAN vSmart Controller A number of Cisco Systems products, including vulnerabilities related to input validation, exist.Information is tampered with and service operation is interrupted (DoS) It may be in a state. Both Cisco IOS XE SD-WAN Software and Cisco SD-WAN are products of Cisco. Cisco IOS XE SD-WAN Software is a software for network management (software-defined networking) applied to the Cisco IOS XE network operating system. Cisco SD-WAN is a highly secure cloud-scale architecture that is open, programmable, and scalable
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202209-1949",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "sd-wan",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "18.4.5"
},
{
"model": "ios xe sd-wan",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "16.10.1"
},
{
"model": "sd-wan vbond orchestrator",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "18.4.5"
},
{
"model": "sd-wan vmanage",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "18.4.5"
},
{
"model": "sd-wan vsmart controller",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "18.4.5"
},
{
"model": "cisco sd-wan vmanage",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "cisco sd-wan vsmart controller",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "cisco ios xe sd-wan",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": "16.10.1"
},
{
"model": "cisco sd-wan vbond orchestrator",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "cisco sd-wan",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-018763"
},
{
"db": "NVD",
"id": "CVE-2022-20850"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:cisco:sd-wan_vsmart_controller:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "18.4.5",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:sd-wan_vmanage:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "18.4.5",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:sd-wan_vbond_orchestrator:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "18.4.5",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios_xe_sd-wan:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "16.10.1",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:cisco:sd-wan:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "18.4.5",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:cisco:1100-4g_integrated_services_router:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:1100-6g_integrated_services_router:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:1100_integrated_services_router:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:vedge_100:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:vedge_1000:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:vedge_100b:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:vedge_100m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:vedge_2000:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:vedge_5000:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-20850"
}
]
},
"cve": "CVE-2022-20850",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 1.8,
"impactScore": 5.2,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "ykramarz@cisco.com",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.1,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2022-20850",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2022-20850",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "ykramarz@cisco.com",
"id": "CVE-2022-20850",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202209-2888",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-018763"
},
{
"db": "NVD",
"id": "CVE-2022-20850"
},
{
"db": "NVD",
"id": "CVE-2022-20850"
},
{
"db": "CNNVD",
"id": "CNNVD-202209-2888"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability in the CLI of stand-alone Cisco IOS XE SD-WAN Software and Cisco SD-WAN Software could allow an authenticated, local attacker to delete arbitrary files from the file system of an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by injecting arbitrary file path information when using commands in the CLI of an affected device. A successful exploit could allow the attacker to delete arbitrary files from the file system of the affected device. Cisco SD-WAN vBond Orchestrator , Cisco SD-WAN vManage , Cisco SD-WAN vSmart Controller A number of Cisco Systems products, including vulnerabilities related to input validation, exist.Information is tampered with and service operation is interrupted (DoS) It may be in a state. Both Cisco IOS XE SD-WAN Software and Cisco SD-WAN are products of Cisco. Cisco IOS XE SD-WAN Software is a software for network management (software-defined networking) applied to the Cisco IOS XE network operating system. Cisco SD-WAN is a highly secure cloud-scale architecture that is open, programmable, and scalable",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-20850"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-018763"
},
{
"db": "VULHUB",
"id": "VHN-405403"
},
{
"db": "VULMON",
"id": "CVE-2022-20850"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-20850",
"trust": 3.4
},
{
"db": "JVNDB",
"id": "JVNDB-2022-018763",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202209-2888",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2022.4842",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-405403",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-20850",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-405403"
},
{
"db": "VULMON",
"id": "CVE-2022-20850"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-018763"
},
{
"db": "NVD",
"id": "CVE-2022-20850"
},
{
"db": "CNNVD",
"id": "CNNVD-202209-2888"
}
]
},
"id": "VAR-202209-1949",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-405403"
}
],
"trust": 0.6675675999999999
},
"last_update_date": "2023-12-18T12:54:47.709000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-arb-file-delete-VB2rVcQv",
"trust": 0.8,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-arb-file-delete-vb2rvcqv"
},
{
"title": "Cisco IOS XE SD-WAN Software and Cisco SD-WAN Enter the fix for the verification error vulnerability",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=209692"
},
{
"title": "Cisco: Cisco SD-WAN Arbitrary File Deletion Vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-arb-file-delete-vb2rvcqv"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-20850"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-018763"
},
{
"db": "CNNVD",
"id": "CNNVD-202209-2888"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.1
},
{
"problemtype": "Inappropriate input confirmation (CWE-20) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-405403"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-018763"
},
{
"db": "NVD",
"id": "CVE-2022-20850"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-arb-file-delete-vb2rvcqv"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-20850"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/cisco-sd-wan-software-sd-wan-vedge-routers-file-deletion-39410"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-20850/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.4842"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-405403"
},
{
"db": "VULMON",
"id": "CVE-2022-20850"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-018763"
},
{
"db": "NVD",
"id": "CVE-2022-20850"
},
{
"db": "CNNVD",
"id": "CNNVD-202209-2888"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-405403"
},
{
"db": "VULMON",
"id": "CVE-2022-20850"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-018763"
},
{
"db": "NVD",
"id": "CVE-2022-20850"
},
{
"db": "CNNVD",
"id": "CNNVD-202209-2888"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-09-30T00:00:00",
"db": "VULHUB",
"id": "VHN-405403"
},
{
"date": "2022-09-30T00:00:00",
"db": "VULMON",
"id": "CVE-2022-20850"
},
{
"date": "2023-10-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-018763"
},
{
"date": "2022-09-30T19:15:12.543000",
"db": "NVD",
"id": "CVE-2022-20850"
},
{
"date": "2022-09-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202209-2888"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-10-05T00:00:00",
"db": "VULHUB",
"id": "VHN-405403"
},
{
"date": "2022-09-30T00:00:00",
"db": "VULMON",
"id": "CVE-2022-20850"
},
{
"date": "2023-10-23T07:26:00",
"db": "JVNDB",
"id": "JVNDB-2022-018763"
},
{
"date": "2023-11-07T03:43:07.130000",
"db": "NVD",
"id": "CVE-2022-20850"
},
{
"date": "2022-10-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202209-2888"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202209-2888"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Input validation vulnerability in multiple Cisco Systems products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-018763"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202209-2888"
}
],
"trust": 0.6
}
}
Loading...