VDB

CVE-2022-20844

CVE-2022-20844 PUBLISHED CVSS 5.300000190734863 MEDIUM

A vulnerability in authentication mechanism of Cisco Software-Defined Application Visibility and Control (SD-AVC) on Cisco vManage could allow an unauthenticated, remote attacker to access the GUI of Cisco SD-AVC using a default static username and password combination. This vulnerability exists because the GUI is accessible on self-managed cloud installations or local server installations of Cisco vManage. An attacker could exploit this vulnerability by accessing the exposed GUI of Cisco SD-AVC. A successful exploit could allow the attacker to view managed device names, SD-AVC logs, and SD-AVC DNS server IP addresses.

EPSS 0.53% · 67.8th percentile

Risk Scores

CVSS 3.1
5.300000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
EPSS Score
0.53%
67.8th percentile

Affected Products

VendorProductVersions
ciscosd-wan20.4.1, 20.3.4.1, 20.3.4.2
CiscoCisco SD-WAN vManagen/a

Exploit Intelligence

Timeline

  • Sep 30, 2022 CVE Published
  • Oct 1, 2022 EPSS Score
  • Nov 14, 2022 EPSS Score
  • Dec 29, 2022 EPSS Score
  • Feb 11, 2023 EPSS Score
  • Mar 7, 2023 EPSS Score
  • Mar 28, 2023 EPSS Score
  • May 11, 2023 EPSS Score
  • Jun 24, 2023 EPSS Score
  • Aug 8, 2023 EPSS Score
  • Sep 21, 2023 EPSS Score
  • Nov 4, 2023 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›