7.8

CVE-2022-20775

Exploit

EPSS 0.1%
Published 30.09.2022 19:15:11
Last modified 21.11.2024 06:43:31
Source psirt@cisco.com
Teams watchlist Login
Open Login

Multiple vulnerabilities in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain elevated privileges. These vulnerabilities are due to improper access controls on commands within the application CLI. An attacker could exploit these vulnerabilities by running a malicious command on the application CLI. A successful exploit could allow the attacker to execute arbitrary commands as the root user.

Affected products Warnungen 0 Metrics 3 CWE 2 References 5

Data is provided by the National Vulnerability Database (NVD)

Cisco ≫ Catalyst Sd-wan Manager Version >= 20.6 < 20.6.3

Cisco ≫ Catalyst Sd-wan Manager Version >= 20.7 < 20.7.2

Cisco ≫ Catalyst Sd-wan Manager Version20.8

Cisco ≫ Sd-wan Vbond Orchestrator Version >= 20.6 < 20.6.3

Cisco ≫ Sd-wan Vbond Orchestrator Version >= 20.7 < 20.7.2

Cisco ≫ Sd-wan Vbond Orchestrator Version20.8

Cisco ≫ Sd-wan Vsmart Controller Version >= 20.6 < 20.6.3

Cisco ≫ Sd-wan Vsmart Controller Version >= 20.7 < 20.7.2

Cisco ≫ Sd-wan Vsmart Controller Version20.8

Cisco ≫ Sd-wan Version >= 20.6 < 20.6.3

   Cisco ≫ Catalyst 8000v Edge Version-
   Cisco ≫ Catalyst Cg418-e Version-
   Cisco ≫ Catalyst Cg522-e Version-
   Cisco ≫ 1100-4g Integrated Services Router Version-
   Cisco ≫ 1100-4p Integrated Services Router Version-
   Cisco ≫ 1100-6g Integrated Services Router Version-
   Cisco ≫ 1100-8p Integrated Services Router Version-
   Cisco ≫ 1100 Integrated Services Router Version-
   Cisco ≫ 1101-4p Integrated Services Router Version-
   Cisco ≫ 1101 Integrated Services Router Version-
   Cisco ≫ 1109-2p Integrated Services Router Version-
   Cisco ≫ 1109-4p Integrated Services Router Version-
   Cisco ≫ 1109 Integrated Services Router Version-
   Cisco ≫ 1111x-8p Integrated Services Router Version-
   Cisco ≫ 1111x Integrated Services Router Version-
   Cisco ≫ 111x Integrated Services Router Version-
   Cisco ≫ 1120 Integrated Services Router Version-
   Cisco ≫ 1131 Integrated Services Router Version-
   Cisco ≫ 1160 Integrated Services Router Version-
   Cisco ≫ 4000 Integrated Services Router Version-
   Cisco ≫ 4221 Integrated Services Router Version-
   Cisco ≫ 4321/k9-rf Integrated Services Router Version-
   Cisco ≫ 4321/k9-ws Integrated Services Router Version-
   Cisco ≫ 4321/k9 Integrated Services Router Version-
   Cisco ≫ 4321 Integrated Services Router Version-
   Cisco ≫ 4331/k9-rf Integrated Services Router Version-
   Cisco ≫ 4331/k9-ws Integrated Services Router Version-
   Cisco ≫ 4331/k9 Integrated Services Router Version-
   Cisco ≫ 4331 Integrated Services Router Version-
   Cisco ≫ 4351/k9-rf Integrated Services Router Version-
   Cisco ≫ 4351/k9-ws Integrated Services Router Version-
   Cisco ≫ 4351/k9 Integrated Services Router Version-
   Cisco ≫ 4351 Integrated Services Router Version-
   Cisco ≫ 4431 Integrated Services Router Version-
   Cisco ≫ 4451-x Integrated Services Router Version-
   Cisco ≫ 4451 Integrated Services Router Version-
   Cisco ≫ 4461 Integrated Services Router Version-
   Cisco ≫ 8101-32fh Version-
   Cisco ≫ 8101-32h Version-
   Cisco ≫ 8102-64h Version-
   Cisco ≫ 8201 Version-
   Cisco ≫ 8201-32fh Version-
   Cisco ≫ 8202 Version-
   Cisco ≫ 8804 Version-
   Cisco ≫ 8808 Version-
   Cisco ≫ 8812 Version-
   Cisco ≫ 8818 Version-
   Cisco ≫ 8831 Version-
   Cisco ≫ Asr 1000 Version-
   Cisco ≫ Asr 1000-x Version-
   Cisco ≫ Asr 1001 Version-
   Cisco ≫ Asr 1001-hx Version-
   Cisco ≫ Asr 1001-hx R Version-
   Cisco ≫ Asr 1001-x Version-
   Cisco ≫ Asr 1001-x R Version-
   Cisco ≫ Asr 1002 Version-
   Cisco ≫ Asr 1002-hx Version-
   Cisco ≫ Asr 1002-hx R Version-
   Cisco ≫ Asr 1002-x Version-
   Cisco ≫ Asr 1002-x R Version-
   Cisco ≫ Asr 1004 Version-
   Cisco ≫ Asr 1006 Version-
   Cisco ≫ Asr 1006-x Version-
   Cisco ≫ Asr 1009-x Version-
   Cisco ≫ Asr 1013 Version-
   Cisco ≫ Asr 1023 Version-
   Cisco ≫ Catalyst 8200 Version-
   Cisco ≫ Catalyst 8300 Version-
   Cisco ≫ Catalyst 8300-1n1s-4t2x Version-
   Cisco ≫ Catalyst 8300-1n1s-6t Version-
   Cisco ≫ Catalyst 8300-2n2s-4t2x Version-
   Cisco ≫ Catalyst 8300-2n2s-6t Version-
   Cisco ≫ Catalyst 8500 Version-
   Cisco ≫ Catalyst 8500-4qc Version-
   Cisco ≫ Catalyst 8500l Version-
   Cisco ≫ Catalyst 8510csr Version-
   Cisco ≫ Catalyst 8510msr Version-
   Cisco ≫ Catalyst 8540csr Version-
   Cisco ≫ Catalyst 8540msr Version-

Cisco ≫ Sd-wan Version >= 20.7 < 20.7.2

   Cisco ≫ Catalyst 8000v Edge Version-
   Cisco ≫ Catalyst Cg418-e Version-
   Cisco ≫ Catalyst Cg522-e Version-
   Cisco ≫ 1100-4g Integrated Services Router Version-
   Cisco ≫ 1100-4p Integrated Services Router Version-
   Cisco ≫ 1100-6g Integrated Services Router Version-
   Cisco ≫ 1100-8p Integrated Services Router Version-
   Cisco ≫ 1100 Integrated Services Router Version-
   Cisco ≫ 1101-4p Integrated Services Router Version-
   Cisco ≫ 1101 Integrated Services Router Version-
   Cisco ≫ 1109-2p Integrated Services Router Version-
   Cisco ≫ 1109-4p Integrated Services Router Version-
   Cisco ≫ 1109 Integrated Services Router Version-
   Cisco ≫ 1111x-8p Integrated Services Router Version-
   Cisco ≫ 1111x Integrated Services Router Version-
   Cisco ≫ 111x Integrated Services Router Version-
   Cisco ≫ 1120 Integrated Services Router Version-
   Cisco ≫ 1131 Integrated Services Router Version-
   Cisco ≫ 1160 Integrated Services Router Version-
   Cisco ≫ 4000 Integrated Services Router Version-
   Cisco ≫ 4221 Integrated Services Router Version-
   Cisco ≫ 4321/k9-rf Integrated Services Router Version-
   Cisco ≫ 4321/k9-ws Integrated Services Router Version-
   Cisco ≫ 4321/k9 Integrated Services Router Version-
   Cisco ≫ 4321 Integrated Services Router Version-
   Cisco ≫ 4331/k9-rf Integrated Services Router Version-
   Cisco ≫ 4331/k9-ws Integrated Services Router Version-
   Cisco ≫ 4331/k9 Integrated Services Router Version-
   Cisco ≫ 4331 Integrated Services Router Version-
   Cisco ≫ 4351/k9-rf Integrated Services Router Version-
   Cisco ≫ 4351/k9-ws Integrated Services Router Version-
   Cisco ≫ 4351/k9 Integrated Services Router Version-
   Cisco ≫ 4351 Integrated Services Router Version-
   Cisco ≫ 4431 Integrated Services Router Version-
   Cisco ≫ 4451-x Integrated Services Router Version-
   Cisco ≫ 4451 Integrated Services Router Version-
   Cisco ≫ 4461 Integrated Services Router Version-
   Cisco ≫ 8101-32fh Version-
   Cisco ≫ 8101-32h Version-
   Cisco ≫ 8102-64h Version-
   Cisco ≫ 8201 Version-
   Cisco ≫ 8201-32fh Version-
   Cisco ≫ 8202 Version-
   Cisco ≫ 8804 Version-
   Cisco ≫ 8808 Version-
   Cisco ≫ 8812 Version-
   Cisco ≫ 8818 Version-
   Cisco ≫ 8831 Version-
   Cisco ≫ Asr 1000 Version-
   Cisco ≫ Asr 1000-x Version-
   Cisco ≫ Asr 1001 Version-
   Cisco ≫ Asr 1001-hx Version-
   Cisco ≫ Asr 1001-hx R Version-
   Cisco ≫ Asr 1001-x Version-
   Cisco ≫ Asr 1001-x R Version-
   Cisco ≫ Asr 1002 Version-
   Cisco ≫ Asr 1002-hx Version-
   Cisco ≫ Asr 1002-hx R Version-
   Cisco ≫ Asr 1002-x Version-
   Cisco ≫ Asr 1002-x R Version-
   Cisco ≫ Asr 1004 Version-
   Cisco ≫ Asr 1006 Version-
   Cisco ≫ Asr 1006-x Version-
   Cisco ≫ Asr 1009-x Version-
   Cisco ≫ Asr 1013 Version-
   Cisco ≫ Asr 1023 Version-
   Cisco ≫ Catalyst 8200 Version-
   Cisco ≫ Catalyst 8300 Version-
   Cisco ≫ Catalyst 8300-1n1s-4t2x Version-
   Cisco ≫ Catalyst 8300-1n1s-6t Version-
   Cisco ≫ Catalyst 8300-2n2s-4t2x Version-
   Cisco ≫ Catalyst 8300-2n2s-6t Version-
   Cisco ≫ Catalyst 8500 Version-
   Cisco ≫ Catalyst 8500-4qc Version-
   Cisco ≫ Catalyst 8500l Version-
   Cisco ≫ Catalyst 8510csr Version-
   Cisco ≫ Catalyst 8510msr Version-
   Cisco ≫ Catalyst 8540csr Version-
   Cisco ≫ Catalyst 8540msr Version-

Cisco ≫ Sd-wan Version20.8

   Cisco ≫ Catalyst 8000v Edge Version-
   Cisco ≫ Catalyst Cg418-e Version-
   Cisco ≫ Catalyst Cg522-e Version-
   Cisco ≫ 1100-4g Integrated Services Router Version-
   Cisco ≫ 1100-4p Integrated Services Router Version-
   Cisco ≫ 1100-6g Integrated Services Router Version-
   Cisco ≫ 1100-8p Integrated Services Router Version-
   Cisco ≫ 1100 Integrated Services Router Version-
   Cisco ≫ 1101-4p Integrated Services Router Version-
   Cisco ≫ 1101 Integrated Services Router Version-
   Cisco ≫ 1109-2p Integrated Services Router Version-
   Cisco ≫ 1109-4p Integrated Services Router Version-
   Cisco ≫ 1109 Integrated Services Router Version-
   Cisco ≫ 1111x-8p Integrated Services Router Version-
   Cisco ≫ 1111x Integrated Services Router Version-
   Cisco ≫ 111x Integrated Services Router Version-
   Cisco ≫ 1120 Integrated Services Router Version-
   Cisco ≫ 1131 Integrated Services Router Version-
   Cisco ≫ 1160 Integrated Services Router Version-
   Cisco ≫ 4000 Integrated Services Router Version-
   Cisco ≫ 4221 Integrated Services Router Version-
   Cisco ≫ 4321/k9-rf Integrated Services Router Version-
   Cisco ≫ 4321/k9-ws Integrated Services Router Version-
   Cisco ≫ 4321/k9 Integrated Services Router Version-
   Cisco ≫ 4321 Integrated Services Router Version-
   Cisco ≫ 4331/k9-rf Integrated Services Router Version-
   Cisco ≫ 4331/k9-ws Integrated Services Router Version-
   Cisco ≫ 4331/k9 Integrated Services Router Version-
   Cisco ≫ 4331 Integrated Services Router Version-
   Cisco ≫ 4351/k9-rf Integrated Services Router Version-
   Cisco ≫ 4351/k9-ws Integrated Services Router Version-
   Cisco ≫ 4351/k9 Integrated Services Router Version-
   Cisco ≫ 4351 Integrated Services Router Version-
   Cisco ≫ 4431 Integrated Services Router Version-
   Cisco ≫ 4451-x Integrated Services Router Version-
   Cisco ≫ 4451 Integrated Services Router Version-
   Cisco ≫ 4461 Integrated Services Router Version-
   Cisco ≫ 8101-32fh Version-
   Cisco ≫ 8101-32h Version-
   Cisco ≫ 8102-64h Version-
   Cisco ≫ 8201 Version-
   Cisco ≫ 8201-32fh Version-
   Cisco ≫ 8202 Version-
   Cisco ≫ 8804 Version-
   Cisco ≫ 8808 Version-
   Cisco ≫ 8812 Version-
   Cisco ≫ 8818 Version-
   Cisco ≫ 8831 Version-
   Cisco ≫ Asr 1000 Version-
   Cisco ≫ Asr 1000-x Version-
   Cisco ≫ Asr 1001 Version-
   Cisco ≫ Asr 1001-hx Version-
   Cisco ≫ Asr 1001-hx R Version-
   Cisco ≫ Asr 1001-x Version-
   Cisco ≫ Asr 1001-x R Version-
   Cisco ≫ Asr 1002 Version-
   Cisco ≫ Asr 1002-hx Version-
   Cisco ≫ Asr 1002-hx R Version-
   Cisco ≫ Asr 1002-x Version-
   Cisco ≫ Asr 1002-x R Version-
   Cisco ≫ Asr 1004 Version-
   Cisco ≫ Asr 1006 Version-
   Cisco ≫ Asr 1006-x Version-
   Cisco ≫ Asr 1009-x Version-
   Cisco ≫ Asr 1013 Version-
   Cisco ≫ Asr 1023 Version-
   Cisco ≫ Catalyst 8200 Version-
   Cisco ≫ Catalyst 8300 Version-
   Cisco ≫ Catalyst 8300-1n1s-4t2x Version-
   Cisco ≫ Catalyst 8300-1n1s-6t Version-
   Cisco ≫ Catalyst 8300-2n2s-4t2x Version-
   Cisco ≫ Catalyst 8300-2n2s-6t Version-
   Cisco ≫ Catalyst 8500 Version-
   Cisco ≫ Catalyst 8500-4qc Version-
   Cisco ≫ Catalyst 8500l Version-
   Cisco ≫ Catalyst 8510csr Version-
   Cisco ≫ Catalyst 8510msr Version-
   Cisco ≫ Catalyst 8540csr Version-
   Cisco ≫ Catalyst 8540msr Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.1%	0.278

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
psirt@cisco.com	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

CWE-25 Path Traversal: '/../filedir'

The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize "/../" sequences that can resolve to a location that is outside of that directory.

https://github.com/orangecertcc/security-research/security/advisories/GHSA-wmjv-552v-pxjc

Third Party Advisory

Exploit

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sd-wan-priv-E6e8tEdF

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-20775

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-20775

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-20775

EUVD