← Voltar para CVEs
CVE-2022-20818
HIGH7.8
Descricao
Multiple vulnerabilities in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain elevated privileges. These vulnerabilities are due to improper access controls on commands within the application CLI. An attacker could exploit these vulnerabilities by running a malicious command on the application CLI. A successful exploit could allow the attacker to execute arbitrary commands as the root user.
Detalhes CVE
Pontuacao CVSS v3.17.8
SeveridadeHIGH
Vetor CVSSCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Vetor de ataqueLOCAL
ComplexidadeLOW
Privilegios necessariosLOW
Interacao do usuarioNONE
Publicado9/30/2022
Ultima modificacao11/21/2024
Fontenvd
Avistamentos honeypot0
Produtos afetados
cisco:1100-4g_integrated_services_routercisco:1100-4p_integrated_services_routercisco:1100-6g_integrated_services_routercisco:1100-8p_integrated_services_routercisco:1100_integrated_services_routercisco:1101-4p_integrated_services_routercisco:1101_integrated_services_routercisco:1109-2p_integrated_services_routercisco:1109-4p_integrated_services_routercisco:1109_integrated_services_routercisco:1111x-8p_integrated_services_routercisco:1111x_integrated_services_routercisco:111x_integrated_services_routercisco:1120_integrated_services_routercisco:1131_integrated_services_routercisco:1160_integrated_services_routercisco:4000_integrated_services_routercisco:4221_integrated_services_routercisco:4321\/k9-rf_integrated_services_routercisco:4321\/k9-ws_integrated_services_routercisco:4321\/k9_integrated_services_routercisco:4321_integrated_services_routercisco:4331\/k9-rf_integrated_services_routercisco:4331\/k9-ws_integrated_services_routercisco:4331\/k9_integrated_services_routercisco:4331_integrated_services_routercisco:4351\/k9-rf_integrated_services_routercisco:4351\/k9-ws_integrated_services_routercisco:4351\/k9_integrated_services_routercisco:4351_integrated_services_routercisco:4431_integrated_services_routercisco:4451-x_integrated_services_routercisco:4451_integrated_services_routercisco:4461_integrated_services_routercisco:8101-32fhcisco:8101-32hcisco:8102-64hcisco:8201cisco:8201-32fhcisco:8202cisco:8804cisco:8808cisco:8812cisco:8818cisco:8831cisco:asr_1000cisco:asr_1000-xcisco:asr_1001cisco:asr_1001-hxcisco:asr_1001-hx_rcisco:asr_1001-xcisco:asr_1001-x_rcisco:asr_1002cisco:asr_1002-hxcisco:asr_1002-hx_rcisco:asr_1002-xcisco:asr_1002-x_rcisco:asr_1004cisco:asr_1006cisco:asr_1006-xcisco:asr_1009-xcisco:asr_1013cisco:asr_1023cisco:catalyst_8000v_edgecisco:catalyst_8200cisco:catalyst_8300cisco:catalyst_8300-1n1s-4t2xcisco:catalyst_8300-1n1s-6tcisco:catalyst_8300-2n2s-4t2xcisco:catalyst_8300-2n2s-6tcisco:catalyst_8500cisco:catalyst_8500-4qccisco:catalyst_8500lcisco:catalyst_8510csrcisco:catalyst_8510msrcisco:catalyst_8540csrcisco:catalyst_8540msrcisco:catalyst_cg418-ecisco:catalyst_cg522-ecisco:sd-wancisco:sd-wan_vbond_orchestratorcisco:sd-wan_vmanagecisco:sd-wan_vsmart_controller
Fraquezas (CWE)
CWE-25CWE-22
Referencias
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sd-wan-priv-E6e8tEdF(psirt@cisco.com)
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sd-wan-priv-E6e8tEdF(af854a3a-2127-422b-91ae-364da2661108)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.