Details of VAR-202204-0949

ID

VAR-202204-0949

CVE

CVE-2022-20716

TITLE

Cisco SD-WAN Software Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-011196

DESCRIPTION

A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain escalated privileges. This vulnerability is due to improper access control on files within the affected system. A local attacker could exploit this vulnerability by modifying certain files on the vulnerable device. If successful, the attacker could gain escalated privileges and take actions on the system with the privileges of the root user. Cisco SD-WAN Software Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.8

sources: NVD: CVE-2022-20716 // JVNDB: JVNDB-2022-011196 // VULHUB: VHN-405269 // VULMON: CVE-2022-20716

AFFECTED PRODUCTS

vendor:	cisco	model:	sd-wan	scope:	gte	version:	20.7	Trust: 1.0
vendor:	cisco	model:	sd-wan	scope:	gte	version:	18.4	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	sd-wan solution	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	sd-wan vedge cloud	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	sd-wan	scope:	lt	version:	20.6.1	Trust: 1.0
vendor:	cisco	model:	sd-wan vsmart controller software	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	sd-wan vbond orchestrator	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	sd-wan	scope:	lt	version:	20.7.1	Trust: 1.0
vendor:	cisco	model:	sd-wan vedge router	scope:	eq	version:	-	Trust: 1.0
vendor:	シスコシステムズ	model:	cisco sd-wan vmanage	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco sd-wan	scope:	eq	version:	solution	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco sd-wan	scope:	eq	version:	vmanage	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco sd-wan solution	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco sd-wan vedge cloud router	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco sd-wan	scope:	eq	version:	vedge cloud router	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco sd-wan	scope:	eq	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco sd-wan	scope:	eq	version:	vedge router	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco sd-wan vedge router	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco sd-wan	scope:	eq	version:	vbond orchestrator	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco sd-wan vbond orchestrator	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco sd-wan	scope:	eq	version:	vsmart controller software	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco sd-wan vsmart controller software	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2022-011196 // NVD: CVE-2022-20716

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-20716
value:	HIGH
Trust: 1.0
ykramarz@cisco.com:	CVE-2022-20716
value:	HIGH
Trust: 1.0
NVD:	CVE-2022-20716
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202204-3356
value:	HIGH
Trust: 0.6
VULHUB:	VHN-405269
value:	HIGH
Trust: 0.1
VULMON:	CVE-2022-20716
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2022-20716
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-405269
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2022-20716
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 2.0
NVD:	CVE-2022-20716
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-405269 // VULMON: CVE-2022-20716 // JVNDB: JVNDB-2022-011196 // CNNVD: CNNVD-202204-3356 // NVD: CVE-2022-20716 // NVD: CVE-2022-20716

PROBLEMTYPE DATA

problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	CWE-284	Trust: 1.0
problemtype:	others (CWE-Other) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2022-011196 // NVD: CVE-2022-20716

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202204-3356

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202204-3356

PATCH

title:	cisco-sa-sd-wan-file-access-VW36d28P	url:	https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sd-wan-file-access-VW36d28P	Trust: 0.8
title:	Cisco: Cisco SD-WAN Solution Improper Access Control Vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-sd-wan-file-access-VW36d28P	Trust: 0.1
title:	CVE-2022-XXXX	url:	https://github.com/AlphabugX/CVE-2022-23305	Trust: 0.1
title:	CVE-2022-XXXX	url:	https://github.com/AlphabugX/CVE-2022-RCE	Trust: 0.1

sources: VULMON: CVE-2022-20716 // JVNDB: JVNDB-2022-011196

EXTERNAL IDS

db:	NVD	id:	CVE-2022-20716	Trust: 3.4
db:	JVNDB	id:	JVNDB-2022-011196	Trust: 0.8
db:	CS-HELP	id:	SB2022041503	Trust: 0.6
db:	CNNVD	id:	CNNVD-202204-3356	Trust: 0.6
db:	VULHUB	id:	VHN-405269	Trust: 0.1
db:	VULMON	id:	CVE-2022-20716	Trust: 0.1

sources: VULHUB: VHN-405269 // VULMON: CVE-2022-20716 // JVNDB: JVNDB-2022-011196 // CNNVD: CNNVD-202204-3356 // NVD: CVE-2022-20716

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-sd-wan-file-access-vw36d28p	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2022-20716	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2022-20716/	Trust: 0.6
url:	https://vigilance.fr/vulnerability/cisco-sd-wan-solution-privilege-escalation-via-cli-38059	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022041503	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://sec.cloudapps.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-sd-wan-file-access-vw36d28p	Trust: 0.1
url:	https://github.com/alphabugx/cve-2022-23305	Trust: 0.1

sources: VULHUB: VHN-405269 // VULMON: CVE-2022-20716 // JVNDB: JVNDB-2022-011196 // CNNVD: CNNVD-202204-3356 // NVD: CVE-2022-20716

SOURCES

db:	VULHUB	id:	VHN-405269
db:	VULMON	id:	CVE-2022-20716
db:	JVNDB	id:	JVNDB-2022-011196
db:	CNNVD	id:	CNNVD-202204-3356
db:	NVD	id:	CVE-2022-20716

LAST UPDATE DATE

2024-08-14T14:02:41.643000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-405269	date:	2022-05-13T00:00:00
db:	VULMON	id:	CVE-2022-20716	date:	2023-11-07T00:00:00
db:	JVNDB	id:	JVNDB-2022-011196	date:	2023-08-21T04:13:00
db:	CNNVD	id:	CNNVD-202204-3356	date:	2023-06-28T00:00:00
db:	NVD	id:	CVE-2022-20716	date:	2023-11-07T03:42:42.747

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-405269	date:	2022-04-15T00:00:00
db:	VULMON	id:	CVE-2022-20716	date:	2022-04-15T00:00:00
db:	JVNDB	id:	JVNDB-2022-011196	date:	2023-08-21T00:00:00
db:	CNNVD	id:	CNNVD-202204-3356	date:	2022-04-13T00:00:00
db:	NVD	id:	CVE-2022-20716	date:	2022-04-15T15:15:13.063