Details of VAR-202205-0313

ID

VAR-202205-0313

CVE

CVE-2022-20734

TITLE

Cisco SD-WAN vManage Software Vulnerability regarding information leakage in

Trust: 0.8

sources: JVNDB: JVNDB-2022-010070

DESCRIPTION

A vulnerability in Cisco SD-WAN vManage Software could allow an authenticated, local attacker to view sensitive information on an affected system. This vulnerability is due to insufficient file system restrictions. An authenticated attacker with netadmin privileges could exploit this vulnerability by accessing the vshell of an affected system. A successful exploit could allow the attacker to read sensitive information on the underlying operating system

Trust: 1.8

sources: NVD: CVE-2022-20734 // JVNDB: JVNDB-2022-010070 // VULHUB: VHN-405287 // VULMON: CVE-2022-20734

AFFECTED PRODUCTS

vendor:	cisco	model:	catalyst sd-wan manager	scope:	gte	version:	20.6	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	lt	version:	20.6.3	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	lt	version:	20.7.2	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	gte	version:	20.7	Trust: 1.0
vendor:	シスコシステムズ	model:	cisco sd-wan vmanage	scope:	eq	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco sd-wan vmanage	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2022-010070 // NVD: CVE-2022-20734

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-20734
value:	MEDIUM
Trust: 1.0
ykramarz@cisco.com:	CVE-2022-20734
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2022-20734
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202205-2135
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-405287
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2022-20734
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2022-20734
severity:	MEDIUM
baseScore:	4.9
vectorString:	AV:L/AC:L/AU:N/C:C/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-405287
severity:	MEDIUM
baseScore:	4.9
vectorString:	AV:L/AC:L/AU:N/C:C/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2022-20734
baseSeverity:	MEDIUM
baseScore:	4.4
vectorString:	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	0.8
impactScore:	3.6
version:	3.1
Trust: 2.0
NVD:	CVE-2022-20734
baseSeverity:	MEDIUM
baseScore:	4.4
vectorString:	CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-405287 // VULMON: CVE-2022-20734 // JVNDB: JVNDB-2022-010070 // CNNVD: CNNVD-202205-2135 // NVD: CVE-2022-20734 // NVD: CVE-2022-20734

PROBLEMTYPE DATA

problemtype:	CWE-200	Trust: 1.1
problemtype:	CWE-497	Trust: 1.0
problemtype:	information leak (CWE-200) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-405287 // JVNDB: JVNDB-2022-010070 // NVD: CVE-2022-20734

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202205-2135

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-202205-2135

PATCH

title:	cisco-sa-vmge-infodc-WPSkAMhp	url:	https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmge-infodc-WPSkAMhp	Trust: 0.8
title:	Cisco SD-WAN vManage Software Repair measures for information disclosure vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=192435	Trust: 0.6
title:	Cisco: Cisco SD-WAN vManage Software Information Disclosure Vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-vmge-infodc-WPSkAMhp	Trust: 0.1
title:	CVE-2022-XXXX	url:	https://github.com/AlphabugX/CVE-2022-23305	Trust: 0.1
title:	CVE-2022-XXXX	url:	https://github.com/AlphabugX/CVE-2022-RCE	Trust: 0.1

sources: VULMON: CVE-2022-20734 // JVNDB: JVNDB-2022-010070 // CNNVD: CNNVD-202205-2135

EXTERNAL IDS

db:	NVD	id:	CVE-2022-20734	Trust: 3.4
db:	JVNDB	id:	JVNDB-2022-010070	Trust: 0.8
db:	CS-HELP	id:	SB2022050506	Trust: 0.6
db:	CNNVD	id:	CNNVD-202205-2135	Trust: 0.6
db:	VULHUB	id:	VHN-405287	Trust: 0.1
db:	VULMON	id:	CVE-2022-20734	Trust: 0.1

sources: VULHUB: VHN-405287 // VULMON: CVE-2022-20734 // JVNDB: JVNDB-2022-010070 // CNNVD: CNNVD-202205-2135 // NVD: CVE-2022-20734

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-vmge-infodc-wpskamhp	Trust: 2.5
url:	https://nvd.nist.gov/vuln/detail/cve-2022-20734	Trust: 1.4
url:	https://www.cybersecurity-help.cz/vdb/sb2022050506	Trust: 0.6
url:	https://cxsecurity.com/cveshow/cve-2022-20734/	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/200.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://github.com/alphabugx/cve-2022-23305	Trust: 0.1

sources: VULHUB: VHN-405287 // VULMON: CVE-2022-20734 // JVNDB: JVNDB-2022-010070 // CNNVD: CNNVD-202205-2135 // NVD: CVE-2022-20734

SOURCES

db:	VULHUB	id:	VHN-405287
db:	VULMON	id:	CVE-2022-20734
db:	JVNDB	id:	JVNDB-2022-010070
db:	CNNVD	id:	CNNVD-202205-2135
db:	NVD	id:	CVE-2022-20734

LAST UPDATE DATE

2024-11-23T22:10:46.665000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-405287	date:	2022-05-11T00:00:00
db:	VULMON	id:	CVE-2022-20734	date:	2023-11-07T00:00:00
db:	JVNDB	id:	JVNDB-2022-010070	date:	2023-08-10T05:34:00
db:	CNNVD	id:	CNNVD-202205-2135	date:	2022-05-12T00:00:00
db:	NVD	id:	CVE-2022-20734	date:	2024-11-21T06:43:26.540

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-405287	date:	2022-05-04T00:00:00
db:	VULMON	id:	CVE-2022-20734	date:	2022-05-04T00:00:00
db:	JVNDB	id:	JVNDB-2022-010070	date:	2023-08-10T00:00:00
db:	CNNVD	id:	CNNVD-202205-2135	date:	2022-05-04T00:00:00
db:	NVD	id:	CVE-2022-20734	date:	2022-05-04T17:15:08.180