First published: Tue May 09 2023(Updated: )
A vulnerability in the CLI of Cisco SDWAN vManage Software could allow an authenticated, local attacker to delete arbitrary files. This vulnerability is due to improper filtering of directory traversal character sequences within system commands. An attacker with administrative privileges could exploit this vulnerability by running a system command containing directory traversal character sequences to target an arbitrary file. A successful exploit could allow the attacker to delete arbitrary files from the system, including files owned by root.
Credit: ykramarz@cisco.com ykramarz@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Cisco Catalyst SD-WAN Manager | =20.11 | |
Cisco SD-WAN vManage | <20.9.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this issue is CVE-2023-20098.
The severity of CVE-2023-20098 is medium with a severity score of 6.
The affected software includes Cisco Catalyst SD-WAN Manager version 20.11 and Cisco SD-WAN vManage up to version 20.9.1.
This vulnerability occurs due to improper filtering of directory traversal character sequences within system commands in Cisco SDWAN vManage Software CLI.
The potential impact of this vulnerability is that an authenticated, local attacker with administrative privileges could delete arbitrary files.