CVE-2022-20696Improper Access Control in Cisco Catalyst Sd-wan Manager

CWE-284Improper Access ControlCWE-668Resource Exposure4 documents4 sources
Severity
8.8HIGHNVD
CNA7.5
EPSS
0.3%
top 43.96%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Cisco Catalyst Sd-wan ManagerCisco Sd-wan VmanageCisco Sd-wan Vmanage
Timeline
PublishedSep 8
Latest updateSep 9

Description

A vulnerability in the binding configuration of Cisco SD-WAN vManage Software containers could allow an unauthenticated, adjacent attacker who has access to the VPN0 logical network to also access the messaging service ports on an affected system. This vulnerability exists because the messaging server container ports on an affected system lack sufficient protection mechanisms. An attacker could exploit this vulnerability by connecting to the messaging service ports of the affected system. To exp

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages3 packages

NVDcisco/sd-wan_vmanage< 20.6.4
NVDcisco/catalyst_sd-wan_manager20.720.9.1

🔴Vulnerability Details

2
GHSA
GHSA-5jcq-9vgg-wvh8: A vulnerability in the binding configuration of Cisco SD-WAN vManage Software containers could allow an unauthenticated, adjacent attacker who has acc2022-09-09
CVEList
Cisco SD-WAN vManage Software Unauthenticated Access to Messaging Services Vulnerability2022-09-08

📋Vendor Advisories

1
Cisco
Cisco SD-WAN vManage Software Unauthenticated Access to Messaging Services Vulnerability2022-09-07
CVE-2022-20696 — Improper Access Control in Cisco | cvebase