CVE-2022-20930: Cisco SD-WAN Software Arbitrary File Corruption Vulnerability
First published: Fri Sep 30 2022(Updated: )
A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to overwrite and possibly corrupt files on an affected system. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by injecting arbitrary commands that are executed as the root user account. A successful exploit could allow the attacker to overwrite arbitrary system files, which could result in a denial of service (DoS) condition.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Catalyst SD-WAN Manager | =20.8 | |
| Cisco Catalyst SD-WAN Manager | =20.9 | |
| Cisco vBond Orchestrator | <20.6.2 | |
| Cisco vBond Orchestrator | =20.8 | |
| Cisco vBond Orchestrator | =20.9 | |
| Cisco SD-WAN Solution Software | <20.6.2 | |
| Cisco vSmart Controller Firmware | <20.6.2 | |
| Cisco vSmart Controller Firmware | =20.8 | |
| Cisco vSmart Controller Firmware | =20.9 | |
| Cisco SD-WAN Solution | <20.6.2 | |
| Cisco SD-WAN Solution | =20.8 | |
| Cisco SD-WAN Solution | =20.9 | |
| Cisco vEdge 100 Router | ||
| Cisco vEdge 1000 Router | ||
| Cisco vEdge 100b Router | ||
| Cisco vEdge 100m router | ||
| Cisco vEdge 100wm router | ||
| Cisco vEdge 2000 router | ||
| Cisco vEdge-5000 firmware |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID?
The vulnerability ID is CVE-2022-20930.
What is the severity of CVE-2022-20930?
The severity of CVE-2022-20930 is medium with a CVSS score of 6.7.
How does CVE-2022-20930 occur?
CVE-2022-20930 occurs due to insufficient input validation in the CLI of Cisco SD-WAN Software.
Who can exploit CVE-2022-20930?
An authenticated local attacker can exploit CVE-2022-20930.
How can CVE-2022-20930 be fixed?
Apply the necessary updates provided by Cisco to fix CVE-2022-20930.
- agent/type
- agent/weakness
- agent/severity
- agent/references
- agent/title
- agent/description
- agent/event
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-api
- agent/author
- vendor/cisco
- canonical/cisco catalyst sd-wan manager
- version/cisco catalyst sd-wan manager/20.8
- version/cisco catalyst sd-wan manager/20.9
- canonical/cisco vbond orchestrator
- version/cisco vbond orchestrator/20.8
- version/cisco vbond orchestrator/20.9
- canonical/cisco sd-wan solution software
- canonical/cisco vsmart controller firmware
- version/cisco vsmart controller firmware/20.8
- version/cisco vsmart controller firmware/20.9
- canonical/cisco sd-wan solution
- version/cisco sd-wan solution/20.8
- version/cisco sd-wan solution/20.9
- canonical/cisco vedge 100 router
- canonical/cisco vedge 1000 router
- canonical/cisco vedge 100b router
- canonical/cisco vedge 100m router
- canonical/cisco vedge 100wm router
- canonical/cisco vedge 2000 router
- canonical/cisco vedge-5000 firmware