Vulnerabilities > CVE-2022-20716 - Unspecified vulnerability in Cisco products

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

cisco

NVD

Published: 2022-04-15

Updated: 2023-11-07

Summary

A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain escalated privileges. This vulnerability is due to improper access control on files within the affected system. A local attacker could exploit this vulnerability by modifying certain files on the vulnerable device. If successful, the attacker could gain escalated privileges and take actions on the system with the privileges of the root user.

Vulnerable Configurations

Part	Description	Count
Application	Cisco Cisco SD WAN Vbond Orchestrator - Cisco SD WAN Vedge Router - Cisco SD WAN Solution - Cisco SD WAN Vedge Cloud - Cisco SD WAN Vsmart Controller Software - Cisco Catalyst SD WAN Manager - Cisco SD WAN 20.7 Cisco SD WAN 18.4.0 Cisco SD WAN 18.4.1 Cisco SD WAN 18.4.3 Cisco SD WAN 18.4.4 Cisco SD WAN 18.4.5 Cisco SD WAN 18.4.6 Cisco SD WAN 19.2.0 Cisco SD WAN 19.2.1 Cisco SD WAN 19.2.2 Cisco SD WAN 19.2.99 Cisco SD WAN 19.3.0 Cisco SD WAN 20.1 Cisco SD WAN 20.1.0 Cisco SD WAN 20.1.1 Cisco SD WAN 20.1.2 Cisco SD WAN 20.1.12 Cisco SD WAN 20.3 Cisco SD WAN 20.3.1 Cisco SD WAN 20.3.2 Cisco SD WAN 20.3.3 Cisco SD WAN 20.3.4 Cisco SD WAN 20.4.1 Cisco SD WAN 20.4.2 Cisco SD WAN 20.5.1 Cisco SD WAN 20.6	32

References

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sd-wan-file-access-VW36d28P