Vulnslist

Cisco vulnerabilities by product, model, software, and advisory.

Cisco SD-WAN Arbitrary File Deletion Vulnerability

cisco-sa-arb-file-delete-VB2rVcQv · Medium · Published · Updated

A vulnerability in the CLI of stand-alone Cisco IOS XE SD-WAN Software and Cisco SD-WAN Software could allow an authenticated, local attacker to delete arbitrary files from the file system of an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by injecting arbitrary file path information when using commands in the CLI of an affected device. A successful exploit could allow the attacker to delete arbitrary files from the file system of the affected device. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-arb-file-delete-VB2rVcQv

Cisco advisory · CSAF JSON

Workarounds

There are no workarounds that address this vulnerability.

CVEsCVE-2022-20850
Cisco Bug IDsCSCvm25943
CVSS ScoreBase 5.5
Base 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:X/RL:X/RC:X
Product Names From Source
Cisco SD-WAN Solution, Cisco SD-WAN vManage, Cisco IOS XE SD-WAN Software, Cisco IOS XE SD-WAN Software 16.9.1, Cisco IOS XE SD-WAN Software 16.9.2, Cisco IOS XE SD-WAN Software 16.9.3, Cisco IOS XE SD-WAN Software 16.9.4, Cisco Catalyst SD-WAN, Cisco Catalyst SD-WAN Manager, Cisco IOS XE Catalyst SD-WAN

Related Products

Product CVE Evidence
Cisco IOS CVE-2022-20850 Cisco OpenVuln
Cisco Integrated Services Virtual Router CVE-2022-20850 Cisco OpenVuln
Cisco 4000 Series Integrated Services Routers CVE-2022-20850 Cisco OpenVuln
Cisco 1000 Series Integrated Services Routers CVE-2022-20850 Cisco OpenVuln
Cisco IOS XE Catalyst SD-WAN CVE-2022-20850 Cisco OpenVuln
Cisco Catalyst SD-WAN Manager CVE-2022-20850 Cisco OpenVuln
Cisco Catalyst SD-WAN CVE-2022-20850 Cisco OpenVuln
Cisco ASR 1000 Series Aggregation Services Routers CVE-2022-20850 Cisco OpenVuln
Cisco Catalyst 9600 Series Switches CVE-2022-20850 Cisco OpenVuln · software-dependent
Cisco Catalyst 9500 Series Switches CVE-2022-20850 Cisco OpenVuln · software-dependent
Cisco Catalyst 9400 Series Switches CVE-2022-20850 Cisco OpenVuln · software-dependent
Cisco Catalyst 9200 Series Switches CVE-2022-20850 Cisco OpenVuln · software-dependent
Cisco Catalyst 9300 Series Switches CVE-2022-20850 Cisco OpenVuln · software-dependent