Sign-up

ID

VAR-202204-0845


CVE

CVE-2022-20747


TITLE

Cisco SD-WAN vManage Software  Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-011005

DESCRIPTION

A vulnerability in the History API of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to gain access to sensitive information on an affected system. This vulnerability is due to insufficient API authorization checking on the underlying operating system. An attacker could exploit this vulnerability by sending a crafted API request to Cisco vManage as a lower-privileged user and gaining access to sensitive information that they would not normally be authorized to access. Cisco SD-WAN vManage Software Exists in unspecified vulnerabilities.Information may be obtained

Trust: 1.8

sources: NVD: CVE-2022-20747 // JVNDB: JVNDB-2022-011005 // VULHUB: VHN-405300 // VULMON: CVE-2022-20747

AFFECTED PRODUCTS

vendor:ciscomodel:catalyst sd-wan managerscope:eqversion:20.7

Trust: 1.0

vendor:ciscomodel:sd-wan vmanagescope:ltversion:20.6.1

Trust: 1.0

vendor:シスコシステムズmodel:cisco sd-wan vmanagescope:eqversion: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco sd-wan vmanagescope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2022-011005 // NVD: CVE-2022-20747

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-20747
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2022-20747
value: MEDIUM

Trust: 1.0

NVD: CVE-2022-20747
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202204-3455
value: MEDIUM

Trust: 0.6

VULHUB: VHN-405300
value: MEDIUM

Trust: 0.1

VULMON: CVE-2022-20747
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2022-20747
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-405300
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2022-20747
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 2.0

NVD: CVE-2022-20747
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-405300 // VULMON: CVE-2022-20747 // JVNDB: JVNDB-2022-011005 // CNNVD: CNNVD-202204-3455 // NVD: CVE-2022-20747 // NVD: CVE-2022-20747

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:CWE-202

Trust: 1.0

problemtype:others (CWE-Other) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-011005 // NVD: CVE-2022-20747

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202204-3455

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202204-3455

PATCH

title:cisco-sa-sdwan-vman-infodis-73sHJNEqurl:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-vman-infodis-73sHJNEq

Trust: 0.8

title:Cisco SD-WAN vManage Software Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=192811

Trust: 0.6

title:Cisco: Cisco SD-WAN vManage Software Information Disclosure Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-sdwan-vman-infodis-73sHJNEq

Trust: 0.1

title:CVE-2022-XXXXurl:https://github.com/AlphabugX/CVE-2022-23305

Trust: 0.1

title:CVE-2022-XXXXurl:https://github.com/AlphabugX/CVE-2022-RCE

Trust: 0.1

sources: VULMON: CVE-2022-20747 // JVNDB: JVNDB-2022-011005 // CNNVD: CNNVD-202204-3455

EXTERNAL IDS

db:NVDid:CVE-2022-20747

Trust: 3.4

db:JVNDBid:JVNDB-2022-011005

Trust: 0.8

db:CS-HELPid:SB2022041502

Trust: 0.6

db:CNNVDid:CNNVD-202204-3455

Trust: 0.6

db:CNVDid:CNVD-2022-46480

Trust: 0.1

db:VULHUBid:VHN-405300

Trust: 0.1

db:VULMONid:CVE-2022-20747

Trust: 0.1

sources: VULHUB: VHN-405300 // VULMON: CVE-2022-20747 // JVNDB: JVNDB-2022-011005 // CNNVD: CNNVD-202204-3455 // NVD: CVE-2022-20747

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-sdwan-vman-infodis-73shjneq

Trust: 1.9

url:https://nvd.nist.gov/vuln/detail/cve-2022-20747

Trust: 0.8

url:https://cxsecurity.com/cveshow/cve-2022-20747/

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022041502

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://github.com/alphabugx/cve-2022-23305

Trust: 0.1

sources: VULHUB: VHN-405300 // VULMON: CVE-2022-20747 // JVNDB: JVNDB-2022-011005 // CNNVD: CNNVD-202204-3455 // NVD: CVE-2022-20747

SOURCES

db:VULHUBid:VHN-405300
db:VULMONid:CVE-2022-20747
db:JVNDBid:JVNDB-2022-011005
db:CNNVDid:CNNVD-202204-3455
db:NVDid:CVE-2022-20747

LAST UPDATE DATE

2024-11-23T22:04:55.653000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-405300date:2022-05-13T00:00:00
db:VULMONid:CVE-2022-20747date:2023-11-07T00:00:00
db:JVNDBid:JVNDB-2022-011005date:2023-08-18T06:07:00
db:CNNVDid:CNNVD-202204-3455date:2022-05-16T00:00:00
db:NVDid:CVE-2022-20747date:2024-11-21T06:43:28.160

SOURCES RELEASE DATE

db:VULHUBid:VHN-405300date:2022-04-15T00:00:00
db:VULMONid:CVE-2022-20747date:2022-04-15T00:00:00
db:JVNDBid:JVNDB-2022-011005date:2023-08-18T00:00:00
db:CNNVDid:CNNVD-202204-3455date:2022-04-15T00:00:00
db:NVDid:CVE-2022-20747date:2022-04-15T15:15:13.827