Sign-up

ID

VAR-202202-1098


CVE

CVE-2022-20630


TITLE

Cisco DNA Center  Vulnerability regarding information leakage from log files in

Trust: 0.8

sources: JVNDB: JVNDB-2022-004919

DESCRIPTION

A vulnerability in the audit log of Cisco DNA Center could allow an authenticated, local attacker to view sensitive information in clear text. This vulnerability is due to the unsecured logging of sensitive information on an affected system. An attacker with administrative privileges could exploit this vulnerability by accessing the audit logs through the CLI. A successful exploit could allow the attacker to retrieve sensitive information that includes user credentials

Trust: 1.8

sources: NVD: CVE-2022-20630 // JVNDB: JVNDB-2022-004919 // VULHUB: VHN-405183 // VULMON: CVE-2022-20630

AFFECTED PRODUCTS

vendor:ciscomodel:dna centerscope:gteversion:2.1.2.0

Trust: 1.0

vendor:ciscomodel:dna centerscope:ltversion:2.2.2.8

Trust: 1.0

vendor:ciscomodel:dna centerscope:ltversion:2.2.3.4

Trust: 1.0

vendor:ciscomodel:dna centerscope:gteversion:2.2.3.0

Trust: 1.0

vendor:シスコシステムズmodel:cisco dna centerscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco dna centerscope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2022-004919 // NVD: CVE-2022-20630

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-20630
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2022-20630
value: MEDIUM

Trust: 1.0

NVD: CVE-2022-20630
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202202-119
value: MEDIUM

Trust: 0.6

VULHUB: VHN-405183
value: LOW

Trust: 0.1

VULMON: CVE-2022-20630
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2022-20630
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-405183
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2022-20630
baseSeverity: MEDIUM
baseScore: 4.4
vectorString: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 0.8
impactScore: 3.6
version: 3.1

Trust: 2.0

NVD: CVE-2022-20630
baseSeverity: MEDIUM
baseScore: 4.4
vectorString: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-405183 // VULMON: CVE-2022-20630 // JVNDB: JVNDB-2022-004919 // CNNVD: CNNVD-202202-119 // NVD: CVE-2022-20630 // NVD: CVE-2022-20630

PROBLEMTYPE DATA

problemtype:CWE-532

Trust: 1.1

problemtype:CWE-200

Trust: 1.0

problemtype:Information leakage from log files (CWE-532) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-405183 // JVNDB: JVNDB-2022-004919 // NVD: CVE-2022-20630

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202202-119

TYPE

log information leak

Trust: 0.6

sources: CNNVD: CNNVD-202202-119

PATCH

title:cisco-sa-dnac-info-disc-8QEynKEjurl:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dnac-info-disc-8QEynKEj

Trust: 0.8

title:Cisco DNA Center Repair measures for log information disclosure vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=180213

Trust: 0.6

title:Cisco: Cisco DNA Center Information Disclosure Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-dnac-info-disc-8QEynKEj

Trust: 0.1

title:CVE-2022-XXXXurl:https://github.com/AlphabugX/CVE-2022-23305

Trust: 0.1

title:CVE-2022-XXXXurl:https://github.com/AlphabugX/CVE-2022-RCE

Trust: 0.1

sources: VULMON: CVE-2022-20630 // JVNDB: JVNDB-2022-004919 // CNNVD: CNNVD-202202-119

EXTERNAL IDS

db:NVDid:CVE-2022-20630

Trust: 3.4

db:JVNDBid:JVNDB-2022-004919

Trust: 0.8

db:CS-HELPid:SB2022020209

Trust: 0.6

db:CNNVDid:CNNVD-202202-119

Trust: 0.6

db:VULHUBid:VHN-405183

Trust: 0.1

db:VULMONid:CVE-2022-20630

Trust: 0.1

sources: VULHUB: VHN-405183 // VULMON: CVE-2022-20630 // JVNDB: JVNDB-2022-004919 // CNNVD: CNNVD-202202-119 // NVD: CVE-2022-20630

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-dnac-info-disc-8qeynkej

Trust: 1.9

url:https://nvd.nist.gov/vuln/detail/cve-2022-20630

Trust: 0.8

url:https://www.cybersecurity-help.cz/vdb/sb2022020209

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/532.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://github.com/alphabugx/cve-2022-23305

Trust: 0.1

sources: VULHUB: VHN-405183 // VULMON: CVE-2022-20630 // JVNDB: JVNDB-2022-004919 // CNNVD: CNNVD-202202-119 // NVD: CVE-2022-20630

SOURCES

db:VULHUBid:VHN-405183
db:VULMONid:CVE-2022-20630
db:JVNDBid:JVNDB-2022-004919
db:CNNVDid:CNNVD-202202-119
db:NVDid:CVE-2022-20630

LAST UPDATE DATE

2024-08-14T14:24:58.618000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-405183date:2022-02-17T00:00:00
db:VULMONid:CVE-2022-20630date:2023-11-07T00:00:00
db:JVNDBid:JVNDB-2022-004919date:2023-05-11T07:09:00
db:CNNVDid:CNNVD-202202-119date:2022-02-18T00:00:00
db:NVDid:CVE-2022-20630date:2023-11-07T03:42:29.340

SOURCES RELEASE DATE

db:VULHUBid:VHN-405183date:2022-02-10T00:00:00
db:VULMONid:CVE-2022-20630date:2022-02-10T00:00:00
db:JVNDBid:JVNDB-2022-004919date:2023-05-11T00:00:00
db:CNNVDid:CNNVD-202202-119date:2022-02-02T00:00:00
db:NVDid:CVE-2022-20630date:2022-02-10T18:15:08.860