What is CVE-2022-20930?

CVE-2022-20930 is a medium-severity vulnerability in Cisco Catalyst_sd-wan_manager, classified under Argument Injection. CVSS score: 6.7/10. Published 2022-09-30.

How severe is CVE-2022-20930?

Medium severity. CVSS v3 base score is 6.7 out of 10.

RCE in Cisco Catalyst_sd-wan_manager

CVE-2022-20930

A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to overwrite and possibly corrupt files on an affected system. This vulnerability is due to insufficient input validation. An attacker could e…

EPSS: 0.002 (13.7th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.7 (Medium). Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H.

Affected products

Cisco Catalyst_sd-wan_manager — versions 20.8, 20.9
Cisco Sd-wan Vmanage — versions n/a
Cisco Sd-wan — versions 20.8, 20.9
Cisco Sd-wan_vbond_orchestrator — versions 20.8, 20.9
Cisco Sd-wan_vmanage
Cisco Sd-wan_vsmart_controller — versions 20.8, 20.9
Cisco Vedge_100
Cisco Vedge_1000
Cisco Vedge_100b
Cisco Vedge_100m

Weakness classification (CWE)

References

psirt@cisco.com (x_refsource_CISCO, vendor-advisory, Vendor Advisory)

Frequently asked questions

What is CVE-2022-20930?: CVE-2022-20930 is a medium-severity vulnerability in Cisco Catalyst_sd-wan_manager, classified under Argument Injection. CVSS score: 6.7/10. Published 2022-09-30.
How severe is CVE-2022-20930?: Medium severity. CVSS v3 base score is 6.7 out of 10.