VDB
CVE-2022-20930
CVE-2022-20930
PUBLISHED
CVSS 6.699999809265137 MEDIUM
A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to overwrite and possibly corrupt files on an affected system. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by injecting arbitrary commands that are executed as the root user account. A successful exploit could allow the attacker to overwrite arbitrary system files, which could result in a denial of service (DoS) condition.
EPSS 0.33% · 56.1th percentile
Risk Scores
CVSS 3.1
6.699999809265137
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS Score
0.33%
56.1th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| cisco | sd-wan | 0, 20.8, 20.9 |
| cisco | catalyst_sd-wan_manager | 20.9, 20.8 |
| cisco | sd-wan_vsmart_controller | 20.8, 0, 20.9 |
| Cisco | Cisco SD-WAN vManage | n/a |
| cisco | sd-wan_vbond_orchestrator | 20.9, 0, 20.8 |
| cisco | sd-wan_vmanage | 0 |
Exploit Intelligence
Timeline
- Sep 28, 2022 CVE Published
- Oct 1, 2022 EPSS Score
- Nov 14, 2022 EPSS Score
- Dec 29, 2022 EPSS Score
- Feb 11, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Mar 28, 2023 EPSS Score
- May 11, 2023 EPSS Score
- Jun 24, 2023 EPSS Score
- Aug 8, 2023 EPSS Score
- Sep 21, 2023 EPSS Score
- Nov 4, 2023 EPSS Score