ID

VAR-202209-1970


CVE

CVE-2022-20818


TITLE

Path traversal vulnerability in multiple Cisco Systems products

Trust: 0.8

sources: JVNDB: JVNDB-2022-018180

DESCRIPTION

Multiple vulnerabilities in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain elevated privileges. These vulnerabilities are due to improper access controls on commands within the application CLI. An attacker could exploit these vulnerabilities by running a malicious command on the application CLI. A successful exploit could allow the attacker to execute arbitrary commands as the root user. Cisco SD-WAN vBond Orchestrator , Cisco SD-WAN vManage , Cisco SD-WAN vSmart Controller Path traversal vulnerabilities exist in multiple Cisco Systems products.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.8

sources: NVD: CVE-2022-20818 // JVNDB: JVNDB-2022-018180 // VULHUB: VHN-405371 // VULMON: CVE-2022-20818

AFFECTED PRODUCTS

vendor:ciscomodel:sd-wan vbond orchestratorscope:ltversion:20.9

Trust: 1.0

vendor:ciscomodel:sd-wan vmanagescope:ltversion:20.9

Trust: 1.0

vendor:ciscomodel:sd-wanscope:ltversion:20.9

Trust: 1.0

vendor:ciscomodel:sd-wan vsmart controllerscope:ltversion:20.9

Trust: 1.0

vendor:シスコシステムズmodel:cisco sd-wanscope:eqversion:vbond orchestrator 20.9

Trust: 0.8

vendor:シスコシステムズmodel:cisco sd-wan vbond orchestratorscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco sd-wanscope:eqversion:20.9

Trust: 0.8

vendor:シスコシステムズmodel:cisco sd-wan vsmart controllerscope:eqversion:20.9

Trust: 0.8

vendor:シスコシステムズmodel:cisco sd-wan vmanagescope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco sd-wanscope:eqversion:vmanage 20.9

Trust: 0.8

vendor:シスコシステムズmodel:cisco sd-wanscope:eqversion:vsmart controller 20.9

Trust: 0.8

sources: JVNDB: JVNDB-2022-018180 // NVD: CVE-2022-20818

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-20818
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2022-20818
value: HIGH

Trust: 1.0

NVD: CVE-2022-20818
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202209-2881
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2022-20818
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 2.0

NVD: CVE-2022-20818
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2022-018180 // CNNVD: CNNVD-202209-2881 // NVD: CVE-2022-20818 // NVD: CVE-2022-20818

PROBLEMTYPE DATA

problemtype:CWE-22

Trust: 1.1

problemtype:CWE-25

Trust: 1.0

problemtype:Path traversal (CWE-22) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-405371 // JVNDB: JVNDB-2022-018180 // NVD: CVE-2022-20818

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202209-2881

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-202209-2881

PATCH

title:cisco-sa-sd-wan-priv-E6e8tEdFurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sd-wan-priv-E6e8tEdF

Trust: 0.8

title:Cisco SD-WAN Repair measures for path traversal vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=209688

Trust: 0.6

title:Cisco: Cisco SD-WAN Software Privilege Escalation Vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-sd-wan-priv-E6e8tEdF

Trust: 0.1

sources: VULMON: CVE-2022-20818 // JVNDB: JVNDB-2022-018180 // CNNVD: CNNVD-202209-2881

EXTERNAL IDS

db:NVDid:CVE-2022-20818

Trust: 3.4

db:JVNDBid:JVNDB-2022-018180

Trust: 0.8

db:CNNVDid:CNNVD-202209-2881

Trust: 0.6

db:VULHUBid:VHN-405371

Trust: 0.1

db:VULMONid:CVE-2022-20818

Trust: 0.1

sources: VULHUB: VHN-405371 // VULMON: CVE-2022-20818 // JVNDB: JVNDB-2022-018180 // CNNVD: CNNVD-202209-2881 // NVD: CVE-2022-20818

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-sd-wan-priv-e6e8tedf

Trust: 2.5

url:https://nvd.nist.gov/vuln/detail/cve-2022-20818

Trust: 0.8

url:https://cxsecurity.com/cveshow/cve-2022-20818/

Trust: 0.6

url:https://vigilance.fr/vulnerability/cisco-sd-wan-software-privilege-escalation-via-cli-39397

Trust: 0.6

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-405371 // VULMON: CVE-2022-20818 // JVNDB: JVNDB-2022-018180 // CNNVD: CNNVD-202209-2881 // NVD: CVE-2022-20818

SOURCES

db:VULHUBid:VHN-405371
db:VULMONid:CVE-2022-20818
db:JVNDBid:JVNDB-2022-018180
db:CNNVDid:CNNVD-202209-2881
db:NVDid:CVE-2022-20818

LAST UPDATE DATE

2024-08-14T15:06:07.397000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-405371date:2022-10-04T00:00:00
db:VULMONid:CVE-2022-20818date:2022-09-30T00:00:00
db:JVNDBid:JVNDB-2022-018180date:2023-10-19T01:57:00
db:CNNVDid:CNNVD-202209-2881date:2022-10-08T00:00:00
db:NVDid:CVE-2022-20818date:2023-11-07T03:43:02.297

SOURCES RELEASE DATE

db:VULHUBid:VHN-405371date:2022-09-30T00:00:00
db:VULMONid:CVE-2022-20818date:2022-09-30T00:00:00
db:JVNDBid:JVNDB-2022-018180date:2023-10-19T00:00:00
db:CNNVDid:CNNVD-202209-2881date:2022-09-28T00:00:00
db:NVDid:CVE-2022-20818date:2022-09-30T19:15:11.867