CVE-2022-20850

A vulnerability in the CLI of stand-alone Cisco IOS XE SD-WAN Software and Cisco SD-WAN Software could allow an authenticated, local attacker to delete arbitrary files from the file system of an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by injecting arbitrary file path information when using commands in the CLI of an affected device. A successful exploit could allow the attacker to delete arbitrary files from the file system of the affected device.

CVSS v3 7.1 HIGH

7.1^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.2

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-arb-file-delete-VB2rVcQv	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:cisco:sd-wan_vbond_orchestrator::::::::
	cpe:2.3:a:cisco:sd-wan_vmanage::::::::
	cpe:2.3:a:cisco:sd-wan_vsmart_controller::::::::
	cpe:2.3:o:cisco:ios_xe_sd-wan::::::::

Configuration 2 (hide)

AND

cpe:2.3:a:cisco:sd-wan:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:cisco:1100-4g_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:1100-6g_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:1100_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:vedge_100:-:::::::*
	cpe:2.3:h:cisco:vedge_1000:-:::::::*
	cpe:2.3:h:cisco:vedge_100b:-:::::::*
	cpe:2.3:h:cisco:vedge_100m:-:::::::*
	cpe:2.3:h:cisco:vedge_2000:-:::::::*
	cpe:2.3:h:cisco:vedge_5000:-:::::::*

History

22 May 2023, 18:57

Type	Values Removed	Values Added
New CVE

Information

Published : 2022-09-30 19:15

Updated : 2024-02-04 22:51

NVD link : CVE-2022-20850

Mitre link : CVE-2022-20850

CVE.ORG link : CVE-2022-20850

JSON object : View

Products Affected

cisco

vedge_1000
vedge_2000
vedge_100b
vedge_100m
sd-wan_vmanage
1100_integrated_services_router
vedge_5000
1100-6g_integrated_services_router
sd-wan_vsmart_controller
vedge_100
ios_xe_sd-wan
sd-wan_vbond_orchestrator
sd-wan
1100-4g_integrated_services_router

CWE

CWE-20

Improper Input Validation

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

{"id": "CVE-2022-20850", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.1, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 5.2, "exploitabilityScore": 1.8}, {"type": "Secondary", "source": "ykramarz@cisco.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2022-09-30T19:15:12.543", "references": [{"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-arb-file-delete-VB2rVcQv", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}, {"type": "Secondary", "source": "ykramarz@cisco.com", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the CLI of stand-alone Cisco IOS XE SD-WAN Software and Cisco SD-WAN Software could allow an authenticated, local attacker to delete arbitrary files from the file system of an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by injecting arbitrary file path information when using commands in the CLI of an affected device. A successful exploit could allow the attacker to delete arbitrary files from the file system of the affected device."}, {"lang": "es", "value": "Una vulnerabilidad en la CLI del software Cisco IOS XE SD-WAN independiente y del software Cisco SD-WAN podr\u00eda permitir a un atacante local autenticado eliminar archivos arbitrarios del sistema de archivos de un dispositivo afectado. Esta vulnerabilidad es debido a una insuficiente comprobaci\u00f3n de entradas. Un atacante podr\u00eda explotar esta vulnerabilidad al inyectar informaci\u00f3n de ruta de archivos arbitraria cuando son usados comandos en la CLI de un dispositivo afectado. Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir al atacante eliminar archivos arbitrarios del sistema de archivos del dispositivo afectado"}], "lastModified": "2023-11-07T03:43:07.130", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cisco:sd-wan_vbond_orchestrator:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D3970BA7-2CD6-4DC1-BEBC-03662C88DA94", "versionEndExcluding": "18.4.5"}, {"criteria": "cpe:2.3:a:cisco:sd-wan_vmanage:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9A3197B1-2306-4B0B-96A2-52BB369EE79C", "versionEndExcluding": "18.4.5"}, {"criteria": "cpe:2.3:a:cisco:sd-wan_vsmart_controller:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "12016C30-65D9-4508-B138-0F612736CBF2", "versionEndExcluding": "18.4.5"}, {"criteria": "cpe:2.3:o:cisco:ios_xe_sd-wan:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "052AA171-9B26-4D76-ADA5-1984759AEFB6", "versionEndExcluding": "16.10.1"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cisco:sd-wan:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6A94AB84-87A9-47FB-B3CB-55282536B006", "versionEndExcluding": "18.4.5"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:1100-4g_integrated_services_router:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "0F77CD6A-83DA-4F31-A128-AD6DAECD623B"}, {"criteria": "cpe:2.3:h:cisco:1100-6g_integrated_services_router:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2B68B363-3C57-4E95-8B13-0F9B59D551F7"}, {"criteria": "cpe:2.3:h:cisco:1100_integrated_services_router:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "1952B64C-4AE0-4CCB-86C5-8D1FF6A12822"}, {"criteria": "cpe:2.3:h:cisco:vedge_100:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "00AAB4DD-1C45-412F-84AA-C056A0BBFB9A"}, {"criteria": "cpe:2.3:h:cisco:vedge_1000:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F019975D-3A45-4522-9CB9-F4258C371DF6"}, {"criteria": "cpe:2.3:h:cisco:vedge_100b:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "0811E0B5-889E-451E-B754-A8FEE32BDFA2"}, {"criteria": "cpe:2.3:h:cisco:vedge_100m:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "36973815-F46D-4ADA-B9DF-BCB70AC60BD3"}, {"criteria": "cpe:2.3:h:cisco:vedge_2000:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "140AF13E-4463-478B-AA94-97406A80CB86"}, {"criteria": "cpe:2.3:h:cisco:vedge_5000:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "1356861D-E6CA-4973-9597-629507E8C07E"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "ykramarz@cisco.com"}