Sign-up

ID

VAR-202209-1914


CVE

CVE-2022-20775


TITLE

Path traversal vulnerability in multiple Cisco Systems products

Trust: 0.8

sources: JVNDB: JVNDB-2022-018187

DESCRIPTION

A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain elevated privileges. This vulnerability is due to improper access controls on commands within the application CLI. An attacker could exploit this vulnerability by running a maliciously crafted command on the application CLI. A successful exploit could allow the attacker to execute arbitrary commands as the root user. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sd-wan-priv-E6e8tEdF. Catalyst SD-WAN Manager , Cisco SD-WAN vBond Orchestrator , Cisco SD-WAN vSmart Controller Path traversal vulnerabilities exist in multiple Cisco Systems products.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.8

sources: NVD: CVE-2022-20775 // JVNDB: JVNDB-2022-018187 // VULHUB: VHN-405328 // VULMON: CVE-2022-20775

AFFECTED PRODUCTS

vendor:ciscomodel:catalyst sd-wan managerscope:ltversion:20.6.3

Trust: 1.0

vendor:ciscomodel:sd-wan vbond orchestratorscope:ltversion:20.7.2

Trust: 1.0

vendor:ciscomodel:catalyst sd-wan managerscope:eqversion:20.8

Trust: 1.0

vendor:ciscomodel:sd-wan vedge cloudscope:gteversion:20.7

Trust: 1.0

vendor:ciscomodel:sd-wan vedge cloudscope:eqversion:20.8

Trust: 1.0

vendor:ciscomodel:catalyst sd-wan managerscope:ltversion:20.7.2

Trust: 1.0

vendor:ciscomodel:sd-wan vedge cloudscope:ltversion:20.6.3

Trust: 1.0

vendor:ciscomodel:sd-wan vedge cloudscope:ltversion:20.7.2

Trust: 1.0

vendor:ciscomodel:sd-wanscope:eqversion:20.8

Trust: 1.0

vendor:ciscomodel:sd-wanscope:gteversion:20.7

Trust: 1.0

vendor:ciscomodel:sd-wan vsmart controllerscope:eqversion:20.8

Trust: 1.0

vendor:ciscomodel:sd-wan vsmart controllerscope:gteversion:20.7

Trust: 1.0

vendor:ciscomodel:sd-wan vbond orchestratorscope:gteversion:20.7

Trust: 1.0

vendor:ciscomodel:sd-wanscope:ltversion:20.6.3

Trust: 1.0

vendor:ciscomodel:catalyst sd-wan managerscope:gteversion:20.7

Trust: 1.0

vendor:ciscomodel:sd-wan vbond orchestratorscope:ltversion:20.6.3

Trust: 1.0

vendor:ciscomodel:sd-wan vsmart controllerscope:ltversion:20.6.3

Trust: 1.0

vendor:ciscomodel:sd-wanscope:ltversion:20.7.2

Trust: 1.0

vendor:ciscomodel:sd-wan vsmart controllerscope:ltversion:20.7.2

Trust: 1.0

vendor:ciscomodel:sd-wan vbond orchestratorscope:eqversion:20.8

Trust: 1.0

vendor:シスコシステムズmodel:cisco sd-wanscope:eqversion:20.6 that's all 20.6.3

Trust: 0.8

vendor:シスコシステムズmodel:cisco sd-wanscope:eqversion:vsmart controller 20.8

Trust: 0.8

vendor:シスコシステムズmodel:cisco sd-wan vsmart controllerscope:eqversion:20.6 that's all 20.6.3

Trust: 0.8

vendor:シスコシステムズmodel:cisco sd-wanscope:eqversion:vbond orchestrator 20.8

Trust: 0.8

vendor:シスコシステムズmodel:catalyst sd-wan managerscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco sd-wanscope:eqversion:20.7 that's all 20.7.2

Trust: 0.8

vendor:シスコシステムズmodel:cisco sd-wanscope:eqversion:vbond orchestrator 20.6 that's all 20.6.3

Trust: 0.8

vendor:シスコシステムズmodel:cisco sd-wan vsmart controllerscope:eqversion:20.7 that's all 20.7.2

Trust: 0.8

vendor:シスコシステムズmodel:cisco sd-wanscope:eqversion:vsmart controller 20.6 that's all 20.6.3

Trust: 0.8

vendor:シスコシステムズmodel:cisco sd-wanscope:eqversion:vbond orchestrator 20.7 that's all 20.7.2

Trust: 0.8

vendor:シスコシステムズmodel:cisco sd-wanscope:eqversion:20.8

Trust: 0.8

vendor:シスコシステムズmodel:cisco sd-wan vsmart controllerscope:eqversion:20.8

Trust: 0.8

vendor:シスコシステムズmodel:cisco sd-wanscope:eqversion:vsmart controller 20.7 that's all 20.7.2

Trust: 0.8

vendor:シスコシステムズmodel:cisco sd-wan vbond orchestratorscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2022-018187 // NVD: CVE-2022-20775

CVSS

SEVERITY

CVSSV2

CVSSV3

psirt@cisco.com: CVE-2022-20775
value: HIGH

Trust: 1.0

nvd@nist.gov: CVE-2022-20775
value: HIGH

Trust: 1.0

NVD: CVE-2022-20775
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202209-2884
value: HIGH

Trust: 0.6

psirt@cisco.com: CVE-2022-20775
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 2.0

NVD: CVE-2022-20775
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNNVD: CNNVD-202209-2884 // JVNDB: JVNDB-2022-018187 // NVD: CVE-2022-20775 // NVD: CVE-2022-20775

PROBLEMTYPE DATA

problemtype:CWE-22

Trust: 1.1

problemtype:CWE-25

Trust: 1.0

problemtype:Path traversal (CWE-22) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-405328 // JVNDB: JVNDB-2022-018187 // NVD: CVE-2022-20775

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202209-2884

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-202209-2884

PATCH

title:cisco-sa-sd-wan-priv-E6e8tEdFurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sd-wan-priv-E6e8tEdF

Trust: 0.8

title:Cisco SD-WAN Repair measures for path traversal vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=209690

Trust: 0.6

title:Cisco: Cisco SD-WAN Software Privilege Escalation Vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-sd-wan-priv-E6e8tEdF

Trust: 0.1

sources: VULMON: CVE-2022-20775 // CNNVD: CNNVD-202209-2884 // JVNDB: JVNDB-2022-018187

EXTERNAL IDS

db:NVDid:CVE-2022-20775

Trust: 3.4

db:JVNDBid:JVNDB-2022-018187

Trust: 0.8

db:CNNVDid:CNNVD-202209-2884

Trust: 0.6

db:VULHUBid:VHN-405328

Trust: 0.1

db:VULMONid:CVE-2022-20775

Trust: 0.1

sources: VULHUB: VHN-405328 // VULMON: CVE-2022-20775 // CNNVD: CNNVD-202209-2884 // JVNDB: JVNDB-2022-018187 // NVD: CVE-2022-20775

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-sd-wan-priv-e6e8tedf

Trust: 2.5

url:https://github.com/orangecertcc/security-research/security/advisories/ghsa-wmjv-552v-pxjc

Trust: 2.5

url:https://sec.cloudapps.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-sd-wan-priv-e6e8tedf

Trust: 1.0

url:https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=cve-2022-20775

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2022-20775

Trust: 0.8

url:https://vigilance.fr/vulnerability/cisco-sd-wan-software-privilege-escalation-via-cli-39397

Trust: 0.6

url:https://cxsecurity.com/cveshow/cve-2022-20775/

Trust: 0.6

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-405328 // VULMON: CVE-2022-20775 // CNNVD: CNNVD-202209-2884 // JVNDB: JVNDB-2022-018187 // NVD: CVE-2022-20775

SOURCES

db:VULHUBid:VHN-405328
db:VULMONid:CVE-2022-20775
db:CNNVDid:CNNVD-202209-2884
db:JVNDBid:JVNDB-2022-018187
db:NVDid:CVE-2022-20775

LAST UPDATE DATE

2026-02-26T23:32:03.655000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-405328date:2022-11-10T00:00:00
db:VULMONid:CVE-2022-20775date:2022-09-30T00:00:00
db:CNNVDid:CNNVD-202209-2884date:2022-10-12T00:00:00
db:JVNDBid:JVNDB-2022-018187date:2023-10-19T02:10:00
db:NVDid:CVE-2022-20775date:2026-02-26T16:20:09.420

SOURCES RELEASE DATE

db:VULHUBid:VHN-405328date:2022-09-30T00:00:00
db:VULMONid:CVE-2022-20775date:2022-09-30T00:00:00
db:CNNVDid:CNNVD-202209-2884date:2022-09-28T00:00:00
db:JVNDBid:JVNDB-2022-018187date:2023-10-19T00:00:00
db:NVDid:CVE-2022-20775date:2022-09-30T19:15:11.467