VDB
CVE-2022-20716
CVE-2022-20716
PUBLISHED
CVSS 7.800000190734863 HIGH
A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain escalated privileges. This vulnerability is due to improper access control on files within the affected system. A local attacker could exploit this vulnerability by modifying certain files on the vulnerable device. If successful, the attacker could gain escalated privileges and take actions on the system with the privileges of the root user.
EPSS 0.13% · 31.8th percentile
Risk Scores
CVSS 3.1
7.800000190734863
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
0.13%
31.8th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| cisco | sd-wan_vedge_cloud | |
| cisco | sd-wan_solution | |
| cisco | catalyst_sd-wan_manager | |
| Cisco | Cisco SD-WAN Solution | n/a |
| cisco | sd-wan_vsmart_controller_software | |
| cisco | sd-wan_vedge_router | |
| cisco | sd-wan | 20.7, 18.4 |
| cisco | sd-wan_vbond_orchestrator |
Exploit Intelligence
Timeline
- Apr 13, 2022 CVE Published
- Apr 16, 2022 EPSS Score
- Jun 5, 2022 EPSS Score
- Jul 26, 2022 EPSS Score
- Sep 14, 2022 EPSS Score
- Nov 4, 2022 EPSS Score
- Dec 24, 2022 EPSS Score
- Feb 12, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 3, 2023 EPSS Score
- May 23, 2023 EPSS Score
- Jul 12, 2023 EPSS Score
References
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-c9800-snmp-trap-dos-mjent3Ey advisory
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ewlc-priv-esc-ybvHKO5 advisory
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ncossh-dos-ZAkfOdq8 advisory
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-c9800-fnf-dos-bOL5vLge advisory
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cdb-cmicr-vulns-KJjFtNb advisory
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-privesc-vman-tEJFpBSL advisory
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-lsplus-Z6AQEOjk advisory
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-c9800-capwap-mdns-6PSn7gKU advisory
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sd-wan-file-access-VW36d28P advisory
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ap-ip-flood-dos-6hxxENVQ advisory
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wlc-auth-bypass-JRNhV4fF advisory
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-appnav-xe-dos-j5MXTR4 advisory
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-http-dos-svOdkdBS advisory
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cgr1k-ap-dos-mSZR4QVh advisory
- https://nvd.nist.gov/vuln/detail/CVE-2022-20716 advisory