ID

VAR-202205-0313


CVE

CVE-2022-20734


TITLE

Cisco SD-WAN vManage Software  Vulnerability regarding information leakage in

Trust: 0.8

sources: JVNDB: JVNDB-2022-010070

DESCRIPTION

A vulnerability in Cisco SD-WAN vManage Software could allow an authenticated, local attacker to view sensitive information on an affected system. This vulnerability is due to insufficient file system restrictions. An authenticated attacker with netadmin privileges could exploit this vulnerability by accessing the vshell of an affected system. A successful exploit could allow the attacker to read sensitive information on the underlying operating system

Trust: 1.8

sources: NVD: CVE-2022-20734 // JVNDB: JVNDB-2022-010070 // VULHUB: VHN-405287 // VULMON: CVE-2022-20734

AFFECTED PRODUCTS

vendor:ciscomodel:catalyst sd-wan managerscope:ltversion:20.6.3

Trust: 1.0

vendor:ciscomodel:catalyst sd-wan managerscope:gteversion:20.7

Trust: 1.0

vendor:ciscomodel:catalyst sd-wan managerscope:ltversion:20.7.2

Trust: 1.0

vendor:ciscomodel:catalyst sd-wan managerscope:gteversion:20.6

Trust: 1.0

vendor:シスコシステムズmodel:cisco sd-wan vmanagescope:eqversion: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco sd-wan vmanagescope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2022-010070 // NVD: CVE-2022-20734

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-20734
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2022-20734
value: MEDIUM

Trust: 1.0

NVD: CVE-2022-20734
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202205-2135
value: MEDIUM

Trust: 0.6

VULHUB: VHN-405287
value: MEDIUM

Trust: 0.1

VULMON: CVE-2022-20734
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2022-20734
severity: MEDIUM
baseScore: 4.9
vectorString: AV:L/AC:L/AU:N/C:C/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-405287
severity: MEDIUM
baseScore: 4.9
vectorString: AV:L/AC:L/AU:N/C:C/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2022-20734
baseSeverity: MEDIUM
baseScore: 4.4
vectorString: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 0.8
impactScore: 3.6
version: 3.1

Trust: 2.0

NVD: CVE-2022-20734
baseSeverity: MEDIUM
baseScore: 4.4
vectorString: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-405287 // VULMON: CVE-2022-20734 // JVNDB: JVNDB-2022-010070 // CNNVD: CNNVD-202205-2135 // NVD: CVE-2022-20734 // NVD: CVE-2022-20734

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.1

problemtype:CWE-497

Trust: 1.0

problemtype:information leak (CWE-200) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-405287 // JVNDB: JVNDB-2022-010070 // NVD: CVE-2022-20734

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202205-2135

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-202205-2135

PATCH

title:cisco-sa-vmge-infodc-WPSkAMhpurl:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmge-infodc-WPSkAMhp

Trust: 0.8

title:Cisco SD-WAN vManage Software Repair measures for information disclosure vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=192435

Trust: 0.6

title:Cisco: Cisco SD-WAN vManage Software Information Disclosure Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-vmge-infodc-WPSkAMhp

Trust: 0.1

title:CVE-2022-XXXXurl:https://github.com/AlphabugX/CVE-2022-23305

Trust: 0.1

title:CVE-2022-XXXXurl:https://github.com/AlphabugX/CVE-2022-RCE

Trust: 0.1

sources: VULMON: CVE-2022-20734 // JVNDB: JVNDB-2022-010070 // CNNVD: CNNVD-202205-2135

EXTERNAL IDS

db:NVDid:CVE-2022-20734

Trust: 3.4

db:JVNDBid:JVNDB-2022-010070

Trust: 0.8

db:CS-HELPid:SB2022050506

Trust: 0.6

db:CNNVDid:CNNVD-202205-2135

Trust: 0.6

db:VULHUBid:VHN-405287

Trust: 0.1

db:VULMONid:CVE-2022-20734

Trust: 0.1

sources: VULHUB: VHN-405287 // VULMON: CVE-2022-20734 // JVNDB: JVNDB-2022-010070 // CNNVD: CNNVD-202205-2135 // NVD: CVE-2022-20734

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-vmge-infodc-wpskamhp

Trust: 2.5

url:https://nvd.nist.gov/vuln/detail/cve-2022-20734

Trust: 1.4

url:https://www.cybersecurity-help.cz/vdb/sb2022050506

Trust: 0.6

url:https://cxsecurity.com/cveshow/cve-2022-20734/

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/200.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://github.com/alphabugx/cve-2022-23305

Trust: 0.1

sources: VULHUB: VHN-405287 // VULMON: CVE-2022-20734 // JVNDB: JVNDB-2022-010070 // CNNVD: CNNVD-202205-2135 // NVD: CVE-2022-20734

SOURCES

db:VULHUBid:VHN-405287
db:VULMONid:CVE-2022-20734
db:JVNDBid:JVNDB-2022-010070
db:CNNVDid:CNNVD-202205-2135
db:NVDid:CVE-2022-20734

LAST UPDATE DATE

2024-08-14T14:10:50.393000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-405287date:2022-05-11T00:00:00
db:VULMONid:CVE-2022-20734date:2023-11-07T00:00:00
db:JVNDBid:JVNDB-2022-010070date:2023-08-10T05:34:00
db:CNNVDid:CNNVD-202205-2135date:2022-05-12T00:00:00
db:NVDid:CVE-2022-20734date:2023-11-07T03:42:47.403

SOURCES RELEASE DATE

db:VULHUBid:VHN-405287date:2022-05-04T00:00:00
db:VULMONid:CVE-2022-20734date:2022-05-04T00:00:00
db:JVNDBid:JVNDB-2022-010070date:2023-08-10T00:00:00
db:CNNVDid:CNNVD-202205-2135date:2022-05-04T00:00:00
db:NVDid:CVE-2022-20734date:2022-05-04T17:15:08.180