CVE-2022-20930

A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to overwrite and possibly corrupt files on an affected system. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by injecting arbitrary commands that are executed as the root user account. A successful exploit could allow the attacker to overwrite arbitrary system files, which could result in a denial of service (DoS) condition.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.8:*:*:*:*:*:*:*
cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.9:*:*:*:*:*:*:*
cpe:2.3:a:cisco:sd-wan_vbond_orchestrator:*:*:*:*:*:*:*:*
cpe:2.3:a:cisco:sd-wan_vbond_orchestrator:20.8:*:*:*:*:*:*:*
cpe:2.3:a:cisco:sd-wan_vbond_orchestrator:20.9:*:*:*:*:*:*:*
cpe:2.3:a:cisco:sd-wan_vmanage:*:*:*:*:*:*:*:*
cpe:2.3:a:cisco:sd-wan_vsmart_controller:*:*:*:*:*:*:*:*
cpe:2.3:a:cisco:sd-wan_vsmart_controller:20.8:*:*:*:*:*:*:*
cpe:2.3:a:cisco:sd-wan_vsmart_controller:20.9:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
OR cpe:2.3:a:cisco:sd-wan:*:*:*:*:*:*:*:*
cpe:2.3:a:cisco:sd-wan:20.8:*:*:*:*:*:*:*
cpe:2.3:a:cisco:sd-wan:20.9:*:*:*:*:*:*:*
OR cpe:2.3:h:cisco:vedge_100:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:vedge_1000:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:vedge_100b:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:vedge_100m:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:vedge_100wm:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:vedge_2000:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:vedge_5000:-:*:*:*:*:*:*:*

History

16 Oct 2023, 16:35

Type Values Removed Values Added
First Time Cisco catalyst Sd-wan Manager
CPE cpe:2.3:a:cisco:sd-wan_vmanage:20.8:*:*:*:*:*:*:*
cpe:2.3:a:cisco:sd-wan_vmanage:20.9:*:*:*:*:*:*:*
cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.9:*:*:*:*:*:*:*
cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.8:*:*:*:*:*:*:*

Information

Published : 2022-09-30 19:15

Updated : 2024-02-28 19:29


NVD link : CVE-2022-20930

Mitre link : CVE-2022-20930

CVE.ORG link : CVE-2022-20930


JSON object : View

Products Affected

cisco

  • vedge_1000
  • sd-wan
  • vedge_100wm
  • vedge_100m
  • catalyst_sd-wan_manager
  • sd-wan_vbond_orchestrator
  • vedge_100b
  • vedge_5000
  • sd-wan_vsmart_controller
  • sd-wan_vmanage
  • vedge_100
  • vedge_2000
CWE
CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CWE-88

Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')