Cisco SD-WAN Solution Improper Access Control Vulnerability
CVE-2022-20716

7.8HIGH

Key Information:

Vendor: Cisco
Status: Cisco Sd-wan Solution
Vendor: CVE Published:; 15 April 2022

Badges

👾 Exploit Exists

Summary

A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain escalated privileges. This vulnerability is due to improper access control on files within the affected system. A local attacker could exploit this vulnerability by modifying certain files on the vulnerable device. If successful, the attacker could gain escalated privileges and take actions on the system with the privileges of the root user.

Affected Version(s)

Cisco SD-WAN Solution

References

https://tools.cisco.com/security/center/content/CiscoSecu...

vendor-advisoryx_refsource_CISCO

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

👾
Exploit known to exist
Aug 3, 2024
Vulnerability published
Apr 15, 2022
Vulnerability Reserved
Nov 2, 2021