CVE-2022-20850 - OpenCVE

A vulnerability in the CLI of stand-alone Cisco IOS XE SD-WAN Software and Cisco SD-WAN Software could allow an authenticated, local attacker to delete arbitrary files from the file system of an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by injecting arbitrary file path information when using commands in the CLI of an affected device. A successful exploit could allow the attacker to delete arbitrary files from the file system of the affected device.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Cisco	Vedge 2000 1100-4g Integrated Services Router 1100-6g Integrated Services Router Vedge 1000 Vedge 100b 1100 Integrated Services Router Ios Xe Sd-wan Sd-wan Vsmart Controller Sd-wan Vedge 100m Sd-wan Vbond Orchestrator Sd-wan Vmanage Vedge 5000 Vedge 100

Configuration 1 [-]

OR	cpe:2.3:a:cisco:sd-wan_vbond_orchestrator::::::::
	cpe:2.3:a:cisco:sd-wan_vmanage::::::::
	cpe:2.3:a:cisco:sd-wan_vsmart_controller::::::::
	cpe:2.3:o:cisco:ios_xe_sd-wan::::::::

Configuration 2 [-]

AND

cpe:2.3:a:cisco:sd-wan:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:cisco:1100-4g_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:1100-6g_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:1100_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:vedge_100:-:::::::*
	cpe:2.3:h:cisco:vedge_1000:-:::::::*
	cpe:2.3:h:cisco:vedge_100b:-:::::::*
	cpe:2.3:h:cisco:vedge_100m:-:::::::*
	cpe:2.3:h:cisco:vedge_2000:-:::::::*
	cpe:2.3:h:cisco:vedge_5000:-:::::::*

References

Link	Resource
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-arb-file-delete-VB2rVcQv	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: cisco

Published: 2022-09-28T00:00:00

Updated: 2022-09-30T18:46:05

Reserved: 2021-11-02T00:00:00

Link: CVE-2022-20850

JSON object: View

NVD Information

Status : Modified

Published: 2022-09-30T19:15:12.543

Modified: 2023-11-07T03:43:07.130

Link: CVE-2022-20850

JSON object: View

Redhat Information

No data.

CWE

{"containers": {"cna": {"affected": [{"product": "Cisco SD-WAN Solution ", "vendor": "Cisco", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2022-09-28T00:00:00", "descriptions": [{"lang": "en", "value": "A vulnerability in the CLI of stand-alone Cisco IOS XE SD-WAN Software and Cisco SD-WAN Software could allow an authenticated, local attacker to delete arbitrary files from the file system of an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by injecting arbitrary file path information when using commands in the CLI of an affected device. A successful exploit could allow the attacker to delete arbitrary files from the file system of the affected device."}], "exploits": [{"lang": "en", "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. "}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-22", "description": "CWE-22", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-09-30T18:46:05", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco"}, "references": [{"name": "20220928 Cisco SD-WAN Arbitrary File Deletion Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-arb-file-delete-VB2rVcQv"}], "source": {"advisory": "cisco-sa-arb-file-delete-VB2rVcQv", "defect": [["CSCvm25943"]], "discovery": "INTERNAL"}, "title": "Cisco SD-WAN Arbitrary File Deletion Vulnerability", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@cisco.com", "DATE_PUBLIC": "2022-09-28T16:00:00", "ID": "CVE-2022-20850", "STATE": "PUBLIC", "TITLE": "Cisco SD-WAN Arbitrary File Deletion Vulnerability"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Cisco SD-WAN Solution ", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "Cisco"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability in the CLI of stand-alone Cisco IOS XE SD-WAN Software and Cisco SD-WAN Software could allow an authenticated, local attacker to delete arbitrary files from the file system of an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by injecting arbitrary file path information when using commands in the CLI of an affected device. A successful exploit could allow the attacker to delete arbitrary files from the file system of the affected device."}]}, "exploit": [{"lang": "en", "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. "}], "impact": {"cvss": {"baseScore": "5.5", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N ", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-22"}]}]}, "references": {"reference_data": [{"name": "20220928 Cisco SD-WAN Arbitrary File Deletion Vulnerability", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-arb-file-delete-VB2rVcQv"}]}, "source": {"advisory": "cisco-sa-arb-file-delete-VB2rVcQv", "defect": [["CSCvm25943"]], "discovery": "INTERNAL"}}}}, "cveMetadata": {"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2022-20850", "datePublished": "2022-09-28T00:00:00", "dateReserved": "2021-11-02T00:00:00", "dateUpdated": "2022-09-30T18:46:05", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cisco:sd-wan_vbond_orchestrator:*:*:*:*:*:*:*:*", "matchCriteriaId": "D3970BA7-2CD6-4DC1-BEBC-03662C88DA94", "versionEndExcluding": "18.4.5", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:sd-wan_vmanage:*:*:*:*:*:*:*:*", "matchCriteriaId": "9A3197B1-2306-4B0B-96A2-52BB369EE79C", "versionEndExcluding": "18.4.5", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:sd-wan_vsmart_controller:*:*:*:*:*:*:*:*", "matchCriteriaId": "12016C30-65D9-4508-B138-0F612736CBF2", "versionEndExcluding": "18.4.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios_xe_sd-wan:*:*:*:*:*:*:*:*", "matchCriteriaId": "052AA171-9B26-4D76-ADA5-1984759AEFB6", "versionEndExcluding": "16.10.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cisco:sd-wan:*:*:*:*:*:*:*:*", "matchCriteriaId": "6A94AB84-87A9-47FB-B3CB-55282536B006", "versionEndExcluding": "18.4.5", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:1100-4g_integrated_services_router:-:*:*:*:*:*:*:*", "matchCriteriaId": "0F77CD6A-83DA-4F31-A128-AD6DAECD623B", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:1100-6g_integrated_services_router:-:*:*:*:*:*:*:*", "matchCriteriaId": "2B68B363-3C57-4E95-8B13-0F9B59D551F7", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:1100_integrated_services_router:-:*:*:*:*:*:*:*", "matchCriteriaId": "1952B64C-4AE0-4CCB-86C5-8D1FF6A12822", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:vedge_100:-:*:*:*:*:*:*:*", "matchCriteriaId": "00AAB4DD-1C45-412F-84AA-C056A0BBFB9A", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:vedge_1000:-:*:*:*:*:*:*:*", "matchCriteriaId": "F019975D-3A45-4522-9CB9-F4258C371DF6", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:vedge_100b:-:*:*:*:*:*:*:*", "matchCriteriaId": "0811E0B5-889E-451E-B754-A8FEE32BDFA2", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:vedge_100m:-:*:*:*:*:*:*:*", "matchCriteriaId": "36973815-F46D-4ADA-B9DF-BCB70AC60BD3", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:vedge_2000:-:*:*:*:*:*:*:*", "matchCriteriaId": "140AF13E-4463-478B-AA94-97406A80CB86", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:vedge_5000:-:*:*:*:*:*:*:*", "matchCriteriaId": "1356861D-E6CA-4973-9597-629507E8C07E", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "A vulnerability in the CLI of stand-alone Cisco IOS XE SD-WAN Software and Cisco SD-WAN Software could allow an authenticated, local attacker to delete arbitrary files from the file system of an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by injecting arbitrary file path information when using commands in the CLI of an affected device. A successful exploit could allow the attacker to delete arbitrary files from the file system of the affected device."}, {"lang": "es", "value": "Una vulnerabilidad en la CLI del software Cisco IOS XE SD-WAN independiente y del software Cisco SD-WAN podr\u00eda permitir a un atacante local autenticado eliminar archivos arbitrarios del sistema de archivos de un dispositivo afectado. Esta vulnerabilidad es debido a una insuficiente comprobaci\u00f3n de entradas. Un atacante podr\u00eda explotar esta vulnerabilidad al inyectar informaci\u00f3n de ruta de archivos arbitraria cuando son usados comandos en la CLI de un dispositivo afectado. Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir al atacante eliminar archivos arbitrarios del sistema de archivos del dispositivo afectado"}], "id": "CVE-2022-20850", "lastModified": "2023-11-07T03:43:07.130", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "ykramarz@cisco.com", "type": "Secondary"}]}, "published": "2022-09-30T19:15:12.543", "references": [{"source": "ykramarz@cisco.com", "tags": ["Vendor Advisory"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-arb-file-delete-VB2rVcQv"}], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-22"}], "source": "ykramarz@cisco.com", "type": "Secondary"}]}