Vulnerability Description
A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to overwrite and possibly corrupt files on an affected system. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by injecting arbitrary commands that are executed as the root user account. A successful exploit could allow the attacker to overwrite arbitrary system files, which could result in a denial of service (DoS) condition.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Catalyst Sd-Wan Manager | 20.8 |
| Cisco | Sd-Wan Vbond Orchestrator | < 20.6.2 |
| Cisco | Sd-Wan Vmanage | < 20.6.2 |
| Cisco | Sd-Wan Vsmart Controller | < 20.6.2 |
| Cisco | Sd-Wan | < 20.6.2 |
| Cisco | Vedge 100 | - |
| Cisco | Vedge 1000 | - |
| Cisco | Vedge 100B | - |
| Cisco | Vedge 100M | - |
| Cisco | Vedge 100Wm | - |
| Cisco | Vedge 2000 | - |
| Cisco | Vedge 5000 | - |
Related Weaknesses (CWE)
References
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sVendor Advisory
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sVendor Advisory
FAQ
What is CVE-2022-20930?
CVE-2022-20930 is a vulnerability with a CVSS score of 6.7 (MEDIUM). A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to overwrite and possibly corrupt files on an affected system. This vulnerability is due to insufficien...
How severe is CVE-2022-20930?
CVE-2022-20930 has been rated MEDIUM with a CVSS base score of 6.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-20930?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Catalyst Sd-Wan Manager, Cisco Sd-Wan Vbond Orchestrator, Cisco Sd-Wan Vmanage, Cisco Sd-Wan Vsmart Controller, Cisco Sd-Wan.