CVE-2022-20716 HIGH

CVE-2022-20716: Cisco SD-WAN Solution Improper Access Control Vulnerability

Vendor Cisco

Product Cisco SD-WAN Solution

Weakness CWE-284

Published April 15, 2022

Last update November 6, 2024

View on NVD All CVEs

CVSS base score

7.8/10

Attack vector Local

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain escalated privileges. This vulnerability is due to improper access control on files within the affected system. A local attacker could exploit this vulnerability by modifying certain files on the vulnerable device. If successful, the attacker could gain escalated privileges and take actions on the system with the privileges of the root user.

Key dates

02Disclosure timeline

April 15, 2022 CVE published

November 6, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-20716 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/284.html

Related vulnerabilities

CVE-2022-20716: Cisco SD-WAN Solution Improper Access Control Vulnerability

01Description

02Disclosure timeline

03References

04Related CVE