← Volver a CVEs
CVE-2022-20818
HIGH7.8
Descripcion
Multiple vulnerabilities in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain elevated privileges. These vulnerabilities are due to improper access controls on commands within the application CLI. An attacker could exploit these vulnerabilities by running a malicious command on the application CLI. A successful exploit could allow the attacker to execute arbitrary commands as the root user.
Detalles CVE
Puntuacion CVSS v3.17.8
SeveridadHIGH
Vector CVSSCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Vector de ataqueLOCAL
ComplejidadLOW
Privilegios requeridosLOW
Interaccion usuarioNONE
Publicado9/30/2022
Ultima modificacion11/21/2024
Fuentenvd
Avistamientos honeypot0
Productos afectados
cisco:1100-4g_integrated_services_routercisco:1100-4p_integrated_services_routercisco:1100-6g_integrated_services_routercisco:1100-8p_integrated_services_routercisco:1100_integrated_services_routercisco:1101-4p_integrated_services_routercisco:1101_integrated_services_routercisco:1109-2p_integrated_services_routercisco:1109-4p_integrated_services_routercisco:1109_integrated_services_routercisco:1111x-8p_integrated_services_routercisco:1111x_integrated_services_routercisco:111x_integrated_services_routercisco:1120_integrated_services_routercisco:1131_integrated_services_routercisco:1160_integrated_services_routercisco:4000_integrated_services_routercisco:4221_integrated_services_routercisco:4321\/k9-rf_integrated_services_routercisco:4321\/k9-ws_integrated_services_routercisco:4321\/k9_integrated_services_routercisco:4321_integrated_services_routercisco:4331\/k9-rf_integrated_services_routercisco:4331\/k9-ws_integrated_services_routercisco:4331\/k9_integrated_services_routercisco:4331_integrated_services_routercisco:4351\/k9-rf_integrated_services_routercisco:4351\/k9-ws_integrated_services_routercisco:4351\/k9_integrated_services_routercisco:4351_integrated_services_routercisco:4431_integrated_services_routercisco:4451-x_integrated_services_routercisco:4451_integrated_services_routercisco:4461_integrated_services_routercisco:8101-32fhcisco:8101-32hcisco:8102-64hcisco:8201cisco:8201-32fhcisco:8202cisco:8804cisco:8808cisco:8812cisco:8818cisco:8831cisco:asr_1000cisco:asr_1000-xcisco:asr_1001cisco:asr_1001-hxcisco:asr_1001-hx_rcisco:asr_1001-xcisco:asr_1001-x_rcisco:asr_1002cisco:asr_1002-hxcisco:asr_1002-hx_rcisco:asr_1002-xcisco:asr_1002-x_rcisco:asr_1004cisco:asr_1006cisco:asr_1006-xcisco:asr_1009-xcisco:asr_1013cisco:asr_1023cisco:catalyst_8000v_edgecisco:catalyst_8200cisco:catalyst_8300cisco:catalyst_8300-1n1s-4t2xcisco:catalyst_8300-1n1s-6tcisco:catalyst_8300-2n2s-4t2xcisco:catalyst_8300-2n2s-6tcisco:catalyst_8500cisco:catalyst_8500-4qccisco:catalyst_8500lcisco:catalyst_8510csrcisco:catalyst_8510msrcisco:catalyst_8540csrcisco:catalyst_8540msrcisco:catalyst_cg418-ecisco:catalyst_cg522-ecisco:sd-wancisco:sd-wan_vbond_orchestratorcisco:sd-wan_vmanagecisco:sd-wan_vsmart_controller
Debilidades (CWE)
CWE-25CWE-22
Referencias
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sd-wan-priv-E6e8tEdF(psirt@cisco.com)
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sd-wan-priv-E6e8tEdF(af854a3a-2127-422b-91ae-364da2661108)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.