First published: Fri Apr 15 2022(Updated: )
A vulnerability in the History API of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to gain access to sensitive information on an affected system. This vulnerability is due to insufficient API authorization checking on the underlying operating system. An attacker could exploit this vulnerability by sending a crafted API request to Cisco vManage as a lower-privileged user and gaining access to sensitive information that they would not normally be authorized to access.
Credit: ykramarz@cisco.com ykramarz@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Cisco Catalyst SD-WAN Manager | =20.7 | |
Cisco SD-WAN vManage | <20.6.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID of this Cisco SD-WAN vManage Software vulnerability is CVE-2022-20747.
The severity rating of CVE-2022-20747 is medium, with a CVSS score of 6.5.
The affected software for this vulnerability includes Cisco Catalyst SD-WAN Manager version 20.7 and Cisco SD-WAN vManage up to version 20.6.1.
This vulnerability is caused by insufficient API authorization checking on the underlying operating system.
Yes, Cisco has released a security advisory with information on how to mitigate this vulnerability.