ID

VAR-202204-0846


CVE

CVE-2022-20735


TITLE

Cisco SD-WAN vManage Software  Cross-site request forgery vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-011008

DESCRIPTION

A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. This vulnerability is due to insufficient CSRF protections for the web-based management interface on an affected system. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the affected user. These actions could include modifying the system configuration and deleting accounts. Cisco SD-WAN vManage Software is a management software for SD-WAN (Software Defined Wide Area Network) solutions from Cisco

Trust: 1.8

sources: NVD: CVE-2022-20735 // JVNDB: JVNDB-2022-011008 // VULHUB: VHN-405288 // VULMON: CVE-2022-20735

AFFECTED PRODUCTS

vendor:ciscomodel:catalyst sd-wan managerscope:eqversion:20.7

Trust: 1.0

vendor:ciscomodel:sd-wan vmanagescope:ltversion:20.6.1

Trust: 1.0

vendor:シスコシステムズmodel:cisco sd-wan vmanagescope:eqversion: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco sd-wan vmanagescope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2022-011008 // NVD: CVE-2022-20735

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-20735
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2022-20735
value: MEDIUM

Trust: 1.0

NVD: CVE-2022-20735
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202204-3459
value: MEDIUM

Trust: 0.6

VULHUB: VHN-405288
value: MEDIUM

Trust: 0.1

VULMON: CVE-2022-20735
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2022-20735
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-405288
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2022-20735
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 2.0

NVD: CVE-2022-20735
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-405288 // VULMON: CVE-2022-20735 // JVNDB: JVNDB-2022-011008 // CNNVD: CNNVD-202204-3459 // NVD: CVE-2022-20735 // NVD: CVE-2022-20735

PROBLEMTYPE DATA

problemtype:CWE-352

Trust: 1.1

problemtype:Cross-site request forgery (CWE-352) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-405288 // JVNDB: JVNDB-2022-011008 // NVD: CVE-2022-20735

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202204-3459

TYPE

cross-site request forgery

Trust: 0.6

sources: CNNVD: CNNVD-202204-3459

PATCH

title:cisco-sa-sdwan-vmanage-csrf-rxQL4tXRurl:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-vmanage-csrf-rxQL4tXR

Trust: 0.8

title:Cisco SD-WAN vManage Software Fixes for cross-site request forgery vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=189516

Trust: 0.6

title:Cisco: Cisco SD-WAN vManage Software Cross-Site Request Forgery Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-sdwan-vmanage-csrf-rxQL4tXR

Trust: 0.1

title:CVE-2022-XXXXurl:https://github.com/AlphabugX/CVE-2022-23305

Trust: 0.1

title:CVE-2022-XXXXurl:https://github.com/AlphabugX/CVE-2022-RCE

Trust: 0.1

sources: VULMON: CVE-2022-20735 // JVNDB: JVNDB-2022-011008 // CNNVD: CNNVD-202204-3459

EXTERNAL IDS

db:NVDid:CVE-2022-20735

Trust: 3.4

db:JVNDBid:JVNDB-2022-011008

Trust: 0.8

db:CS-HELPid:SB2022041502

Trust: 0.6

db:CNNVDid:CNNVD-202204-3459

Trust: 0.6

db:CNVDid:CNVD-2022-46477

Trust: 0.1

db:VULHUBid:VHN-405288

Trust: 0.1

db:VULMONid:CVE-2022-20735

Trust: 0.1

sources: VULHUB: VHN-405288 // VULMON: CVE-2022-20735 // JVNDB: JVNDB-2022-011008 // CNNVD: CNNVD-202204-3459 // NVD: CVE-2022-20735

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-sdwan-vmanage-csrf-rxql4txr

Trust: 1.9

url:https://nvd.nist.gov/vuln/detail/cve-2022-20735

Trust: 0.8

url:https://cxsecurity.com/cveshow/cve-2022-20735/

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022041502

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/352.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://github.com/alphabugx/cve-2022-23305

Trust: 0.1

sources: VULHUB: VHN-405288 // VULMON: CVE-2022-20735 // JVNDB: JVNDB-2022-011008 // CNNVD: CNNVD-202204-3459 // NVD: CVE-2022-20735

SOURCES

db:VULHUBid:VHN-405288
db:VULMONid:CVE-2022-20735
db:JVNDBid:JVNDB-2022-011008
db:CNNVDid:CNNVD-202204-3459
db:NVDid:CVE-2022-20735

LAST UPDATE DATE

2024-11-23T22:04:55.681000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-405288date:2022-05-13T00:00:00
db:VULMONid:CVE-2022-20735date:2023-11-07T00:00:00
db:JVNDBid:JVNDB-2022-011008date:2023-08-18T06:12:00
db:CNNVDid:CNNVD-202204-3459date:2022-05-16T00:00:00
db:NVDid:CVE-2022-20735date:2024-11-21T06:43:26.663

SOURCES RELEASE DATE

db:VULHUBid:VHN-405288date:2022-04-15T00:00:00
db:VULMONid:CVE-2022-20735date:2022-04-15T00:00:00
db:JVNDBid:JVNDB-2022-011008date:2023-08-18T00:00:00
db:CNNVDid:CNNVD-202204-3459date:2022-04-15T00:00:00
db:NVDid:CVE-2022-20735date:2022-04-15T15:15:13.723