CVE-2022-20734Exposure of Sensitive System Information to an Unauthorized Control Sphere in Cisco Catalyst Sd-wan Manager

CWE-497Exposure of Sensitive System Information to an Unauthorized Control SphereCWE-200Sensitive Information Exposure4 documents4 sources
Severity
4.4MEDIUMNVD
EPSS
0.1%
top 81.75%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Catalyst Sd-wan ManagerCisco Sd-wan Vmanage
Timeline
PublishedMay 4
Latest updateMay 5

Description

A vulnerability in Cisco SD-WAN vManage Software could allow an authenticated, local attacker to view sensitive information on an affected system. This vulnerability is due to insufficient file system restrictions. An authenticated attacker with netadmin privileges could exploit this vulnerability by accessing the vshell of an affected system. A successful exploit could allow the attacker to read sensitive information on the underlying operating system.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:NExploitability: 0.8 | Impact: 3.6

Affected Packages2 packages

NVDcisco/catalyst_sd-wan_manager20.620.6.3+1

🔴Vulnerability Details

2
GHSA
GHSA-39cx-33xm-c7hj: A vulnerability in Cisco SD-WAN vManage Software could allow an authenticated, local attacker to view sensitive information on an affected system2022-05-05
CVEList
Cisco SD-WAN vManage Software Information Disclosure Vulnerability2022-05-04

📋Vendor Advisories

1
Cisco
Cisco SD-WAN vManage Software Information Disclosure Vulnerability2022-05-04
CVE-2022-20734 — Cisco vulnerability | cvebase