Directory Traversal Vulnerability in Cisco SDWAN vManage Software
CVE-2023-20098

6MEDIUM

Key Information:

Vendor: Cisco
Status: Cisco SD-WAN vManage
Vendor: CVE Published:; 9 May 2023

Summary

A flaw in the CLI of Cisco SDWAN vManage Software permits an authenticated, local attacker to execute system commands with directory traversal sequences. This misconfiguration allows the attacker, who possesses administrative privileges, to delete arbitrary files, including those owned by the root user. The risk arises from insufficient filtering, which could lead to significant disruptions and data loss within the affected system.

Affected Version(s)

Cisco SD-WAN vManage 20.9.1

Cisco SD-WAN vManage 20.9.2

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 9, 2023
Vulnerability Reserved
Oct 27, 2022