ID

VAR-202204-0949


CVE

CVE-2022-20716


TITLE

Cisco SD-WAN Software  Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-011196

DESCRIPTION

A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain escalated privileges. This vulnerability is due to improper access control on files within the affected system. A local attacker could exploit this vulnerability by modifying certain files on the vulnerable device. If successful, the attacker could gain escalated privileges and take actions on the system with the privileges of the root user. Cisco SD-WAN Software Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.8

sources: NVD: CVE-2022-20716 // JVNDB: JVNDB-2022-011196 // VULHUB: VHN-405269 // VULMON: CVE-2022-20716

AFFECTED PRODUCTS

vendor:ciscomodel:sd-wanscope:gteversion:20.7

Trust: 1.0

vendor:ciscomodel:sd-wanscope:gteversion:18.4

Trust: 1.0

vendor:ciscomodel:catalyst sd-wan managerscope:eqversion: -

Trust: 1.0

vendor:ciscomodel:sd-wan solutionscope:eqversion: -

Trust: 1.0

vendor:ciscomodel:sd-wan vedge cloudscope:eqversion: -

Trust: 1.0

vendor:ciscomodel:sd-wanscope:ltversion:20.6.1

Trust: 1.0

vendor:ciscomodel:sd-wan vsmart controller softwarescope:eqversion: -

Trust: 1.0

vendor:ciscomodel:sd-wan vbond orchestratorscope:eqversion: -

Trust: 1.0

vendor:ciscomodel:sd-wanscope:ltversion:20.7.1

Trust: 1.0

vendor:ciscomodel:sd-wan vedge routerscope:eqversion: -

Trust: 1.0

vendor:シスコシステムズmodel:cisco sd-wan vmanagescope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco sd-wanscope:eqversion:solution

Trust: 0.8

vendor:シスコシステムズmodel:cisco sd-wanscope:eqversion:vmanage

Trust: 0.8

vendor:シスコシステムズmodel:cisco sd-wan solutionscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco sd-wan vedge cloud routerscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco sd-wanscope:eqversion:vedge cloud router

Trust: 0.8

vendor:シスコシステムズmodel:cisco sd-wanscope:eqversion: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco sd-wanscope:eqversion:vedge router

Trust: 0.8

vendor:シスコシステムズmodel:cisco sd-wan vedge routerscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco sd-wanscope:eqversion:vbond orchestrator

Trust: 0.8

vendor:シスコシステムズmodel:cisco sd-wan vbond orchestratorscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco sd-wanscope:eqversion:vsmart controller software

Trust: 0.8

vendor:シスコシステムズmodel:cisco sd-wan vsmart controller softwarescope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2022-011196 // NVD: CVE-2022-20716

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-20716
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2022-20716
value: HIGH

Trust: 1.0

NVD: CVE-2022-20716
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202204-3356
value: HIGH

Trust: 0.6

VULHUB: VHN-405269
value: HIGH

Trust: 0.1

VULMON: CVE-2022-20716
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2022-20716
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-405269
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2022-20716
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 2.0

NVD: CVE-2022-20716
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-405269 // VULMON: CVE-2022-20716 // JVNDB: JVNDB-2022-011196 // CNNVD: CNNVD-202204-3356 // NVD: CVE-2022-20716 // NVD: CVE-2022-20716

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:CWE-284

Trust: 1.0

problemtype:others (CWE-Other) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-011196 // NVD: CVE-2022-20716

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202204-3356

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202204-3356

PATCH

title:cisco-sa-sd-wan-file-access-VW36d28Purl:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sd-wan-file-access-VW36d28P

Trust: 0.8

title:Cisco: Cisco SD-WAN Solution Improper Access Control Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-sd-wan-file-access-VW36d28P

Trust: 0.1

title:CVE-2022-XXXXurl:https://github.com/AlphabugX/CVE-2022-23305

Trust: 0.1

title:CVE-2022-XXXXurl:https://github.com/AlphabugX/CVE-2022-RCE

Trust: 0.1

sources: VULMON: CVE-2022-20716 // JVNDB: JVNDB-2022-011196

EXTERNAL IDS

db:NVDid:CVE-2022-20716

Trust: 3.4

db:JVNDBid:JVNDB-2022-011196

Trust: 0.8

db:CS-HELPid:SB2022041503

Trust: 0.6

db:CNNVDid:CNNVD-202204-3356

Trust: 0.6

db:VULHUBid:VHN-405269

Trust: 0.1

db:VULMONid:CVE-2022-20716

Trust: 0.1

sources: VULHUB: VHN-405269 // VULMON: CVE-2022-20716 // JVNDB: JVNDB-2022-011196 // CNNVD: CNNVD-202204-3356 // NVD: CVE-2022-20716

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-sd-wan-file-access-vw36d28p

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2022-20716

Trust: 0.8

url:https://cxsecurity.com/cveshow/cve-2022-20716/

Trust: 0.6

url:https://vigilance.fr/vulnerability/cisco-sd-wan-solution-privilege-escalation-via-cli-38059

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022041503

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://sec.cloudapps.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-sd-wan-file-access-vw36d28p

Trust: 0.1

url:https://github.com/alphabugx/cve-2022-23305

Trust: 0.1

sources: VULHUB: VHN-405269 // VULMON: CVE-2022-20716 // JVNDB: JVNDB-2022-011196 // CNNVD: CNNVD-202204-3356 // NVD: CVE-2022-20716

SOURCES

db:VULHUBid:VHN-405269
db:VULMONid:CVE-2022-20716
db:JVNDBid:JVNDB-2022-011196
db:CNNVDid:CNNVD-202204-3356
db:NVDid:CVE-2022-20716

LAST UPDATE DATE

2024-08-14T14:02:41.643000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-405269date:2022-05-13T00:00:00
db:VULMONid:CVE-2022-20716date:2023-11-07T00:00:00
db:JVNDBid:JVNDB-2022-011196date:2023-08-21T04:13:00
db:CNNVDid:CNNVD-202204-3356date:2023-06-28T00:00:00
db:NVDid:CVE-2022-20716date:2023-11-07T03:42:42.747

SOURCES RELEASE DATE

db:VULHUBid:VHN-405269date:2022-04-15T00:00:00
db:VULMONid:CVE-2022-20716date:2022-04-15T00:00:00
db:JVNDBid:JVNDB-2022-011196date:2023-08-21T00:00:00
db:CNNVDid:CNNVD-202204-3356date:2022-04-13T00:00:00
db:NVDid:CVE-2022-20716date:2022-04-15T15:15:13.063