Vulnslist

find the latest Cisco vulnerabilities

Cisco Software-Defined Application Visibility and Control on Cisco vManage Static Username and Password Vulnerability

cisco-sa-sdavc-ZA5fpXX2 · Medium · Published · Updated

A vulnerability in authentication mechanism of Cisco Software-Defined Application Visibility and Control (SD-AVC) on Cisco vManage could allow an unauthenticated, remote attacker to access the GUI of Cisco SD-AVC using a default static username and password combination. This vulnerability exists because the GUI is accessible on self-managed cloud installations or local server installations of Cisco vManage. An attacker could exploit this vulnerability by accessing the exposed GUI of Cisco SD-AVC. A successful exploit could allow the attacker to view managed device names, SD-AVC logs, and SD-AVC DNS server IP addresses. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdavc-ZA5fpXX2

Cisco advisory ·CSAF JSON

Workarounds

There are no workarounds that address this vulnerability.

However, as a mitigation for this vulnerability, customers who have enabled the SD-AVC component can ensure that access from northbound networks to TCP port 10502 is restricted.

While this mitigation has been deployed and was proven successful in a test environment, customers should determine the applicability and effectiveness in their own environment and under their own use conditions. Customers should be aware that any workaround or mitigation that is implemented may negatively impact the functionality or performance of their network based on intrinsic customer deployment scenarios and limitations. Customers should not deploy any workarounds or mitigations before first evaluating the applicability to their own environment and any impact to such environment.

CVEsCVE-2022-20844
Cisco Bug IDsCSCvz97362
CVSS ScoreBase 5.3
Base 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:X
Product Names From Source
Cisco SD-WAN vManage, Cisco Catalyst SD-WAN Manager

Related Products

Product CVE Evidence
Cisco SD-WAN vManage CVE-2022-20844 Cisco OpenVuln
Cisco Catalyst SD-WAN Manager CVE-2022-20844 Cisco OpenVuln
Cisco Catalyst SD-WAN CVE-2022-20844 Cisco OpenVuln