CVE-2022-20850Path Traversal in Cisco IOS XE Sd-wan

CWE-22Path TraversalCWE-20Improper Input Validation4 documents4 sources
Severity
7.1HIGHNVD
CNA5.5
EPSS
0.1%
top 82.62%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Cisco IOS XE Sd-wanCisco Sd-wanCisco Sd-wan Vbond Orchestrator+3 more
Timeline
PublishedSep 30
Latest updateOct 1

Description

A vulnerability in the CLI of stand-alone Cisco IOS XE SD-WAN Software and Cisco SD-WAN Software could allow an authenticated, local attacker to delete arbitrary files from the file system of an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by injecting arbitrary file path information when using commands in the CLI of an affected device. A successful exploit could allow the attacker to delete arbitrary files from the fil

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:HExploitability: 1.8 | Impact: 5.2

Affected Packages6 packages

NVDcisco/sd-wan< 18.4.5
NVDcisco/ios_xe_sd-wan< 16.10.1
NVDcisco/sd-wan_vmanage< 18.4.5

🔴Vulnerability Details

2
GHSA
GHSA-5rf9-q3f5-rc77: A vulnerability in the CLI of stand-alone Cisco IOS XE SD-WAN Software and Cisco SD-WAN Software could allow an authenticated, local attacker to delet2022-10-01
CVEList
Cisco SD-WAN Arbitrary File Deletion Vulnerability2022-09-30

📋Vendor Advisories

1
Cisco
Cisco SD-WAN Arbitrary File Deletion Vulnerability2022-09-28
CVE-2022-20850 — Path Traversal in Cisco IOS XE Sd-wan | cvebase