CVE-2022-20850: Cisco SD-WAN Arbitrary File Deletion Vulnerability
First published: Fri Sep 30 2022(Updated: )
A vulnerability in the CLI of stand-alone Cisco IOS XE SD-WAN Software and Cisco SD-WAN Software could allow an authenticated, local attacker to delete arbitrary files from the file system of an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by injecting arbitrary file path information when using commands in the CLI of an affected device. A successful exploit could allow the attacker to delete arbitrary files from the file system of the affected device.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Sd-wan Vbond Orchestrator | <18.4.5 | |
| Cisco SD-WAN vManage | <18.4.5 | |
| Cisco Sd-wan Vsmart Controller | <18.4.5 | |
| Cisco IOS XE SD-WAN | <16.10.1 | |
| Cisco SD-WAN | <18.4.5 | |
| Cisco 1100-4g Integrated Services Router | ||
| Cisco 1100-6g Integrated Services Router | ||
| Cisco 1100 Integrated Services Router | ||
| Cisco Vedge 100 | ||
| Cisco Vedge 1000 | ||
| Cisco Vedge 100b | ||
| Cisco Vedge 100m | ||
| Cisco Vedge 2000 | ||
| Cisco Vedge 5000 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2022-20850?
CVE-2022-20850 is a vulnerability in the CLI of stand-alone Cisco IOS XE SD-WAN Software and Cisco SD-WAN Software that could allow an authenticated, local attacker to delete arbitrary files from the file system of an affected device.
How can an attacker exploit CVE-2022-20850?
An attacker could exploit CVE-2022-20850 by leveraging insufficient input validation in order to delete arbitrary files from the file system of an affected device.
What is the severity of CVE-2022-20850?
CVE-2022-20850 has a severity rating of 7.1 (High).
Which software and devices are affected by CVE-2022-20850?
CVE-2022-20850 affects Cisco IOS XE SD-WAN Software, Cisco SD-WAN Software, Cisco SD-WAN vManage, Cisco SD-WAN vsmart Controller, and Cisco Sd-wan Vbond Orchestrator with specific versions.
How can I fix CVE-2022-20850?
To fix CVE-2022-20850, it is recommended to update to a version of the affected software that is not vulnerable and follow the guidance provided by Cisco.
- collector/nvd-index
- agent/weakness
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/severity
- agent/title
- agent/author
- agent/references
- agent/tags
- agent/first-publish-date
- agent/event
- agent/description
- vendor/cisco
- canonical/cisco sd-wan vbond orchestrator
- canonical/cisco sd-wan vmanage
- canonical/cisco sd-wan vsmart controller
- canonical/cisco ios xe sd-wan
- canonical/cisco sd-wan
- canonical/cisco 1100-4g integrated services router
- canonical/cisco 1100-6g integrated services router
- canonical/cisco 1100 integrated services router
- canonical/cisco vedge 100
- canonical/cisco vedge 1000
- canonical/cisco vedge 100b
- canonical/cisco vedge 100m
- canonical/cisco vedge 2000
- canonical/cisco vedge 5000