Exploit
CVE-2022-20775

Path Traversal: '/../filedir' (CWE-25)

Published: Sep 28, 2022 / Updated: 26mo ago

010
CVSS 7.8EPSS 0.04%High
CVE info copied to clipboard

Multiple vulnerabilities in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain elevated privileges. These vulnerabilities are due to improper access controls on commands within the application CLI. An attacker could exploit these vulnerabilities by running a malicious command on the application CLI. A successful exploit could allow the attacker to execute arbitrary commands as the root user.

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Timeline

First Article

Feedly found the first article mentioning CVE-2022-20775. See article

Sep 28, 2022 at 4:13 PM / sec.cloudapps.cisco.com
EPSS

EPSS Score was set to: 0.04% (Percentile: 5.7%)

Sep 26, 2023 at 1:03 AM
Static CVE Timeline Graph

Affected Systems

Cisco/sd-wan_vbond_orchestrator
+null more

Exploits

https://github.com/orangecertcc/security-research/security/advisories/GHSA-wmjv-552v-pxjc
+null more

Patches

cisco-sa-sd-wan-priv-E6e8tEdF
+null more

Links to Mitre Att&cks

T1574.010: Services File Permissions Weakness
+null more

Attack Patterns

CAPEC-17: Using Malicious Files
+null more

Vendor Advisory

Cisco SD-WAN Software Privilege Escalation Vulnerabilities
These vulnerabilities affect the following Cisco products if they are running a vulnerable release of Cisco SD-WAN Software: Multiple vulnerabilities in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain elevated privileges.

References

Cisco SD-WAN Software Privilege Escalation Vulnerabilities
These vulnerabilities affect the following Cisco products if they are running a vulnerable release of Cisco SD-WAN Software: Multiple vulnerabilities in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain elevated privileges.
Cisco SD-WAN Software Privilege Escalation Vulnerabilities
Multiple vulnerabilities in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain elevated privileges. These vulnerabilities are due to improper access controls on commands within the application CLI. An attacker could exploit these vulnerabilities by running a malicious command on the application CLI. A successful exploit could allow the attacker to execute arbitrary commands as the root user. Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities. This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sd-wan-priv-E6e8tEdF Security Impact Rating: High CVE: CVE-2022-20775,CVE-2022-20818
Vulnerability Summary for the Week of October 3, 2022
Original release date: October 11, 2022 High Vulnerabilities Primary Vendor -- Product Description Published CVSS Score Source & Patch Info actian -- psql If folder security is misconfigured for Actian Zen PSQL BEFORE Patch Update 1 for Zen 15 SP1 (v15.11.005), Patch Update 4 for Zen 15 (v15.01.017), or Patch Update 5 for Zen 14 SP2 (v14.21.022), it can allow an attacker (with file read/write access) to remove specific security files in order to reset the master password and gain access to the database. 2022-09-30 8.8 CVE-2022-40756 MISC MISC apache -- airflow In Apache Airflow, prior to version 2.4.1, deactivating a user wouldn't prevent an already authenticated user from being able to continue using the UI or API. 2022-10-07 8.1 CVE-2022-41672 CONFIRM CONFIRM apache -- commons_jxpath Those using JXPath to interpret untrusted XPath expressions may be vulnerable to a remote code execution attack. All JXPathContext class functions processing a XPath string are vulnerable except compile() and compilePath() function. The XPath expression can be used by an attacker to load any Java class from the classpath resulting in code execution. 2022-10-06 9.8 CVE-2022-41852 MISC arubanetworks -- instant There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of these vulnerabilities results in the ability to execute arbitrary code as a privileged user on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x:

News

Critical Flaws Uncovered in Cisco SD-WAN Manager
CVE-2023-20252 : This critical 9.8 CVSS-rated vulnerability allows unauthenticated remote code execution via improper authentication on Cisco SD-WAN Manager SAML APIs. Successful exploitation gives an attacker full system access. Cisco recently disclosed 5 critical vulnerabilities in their SD-WAN Manager product that could allow remote attackers to gain unauthorized access, rollback configurations, disclose sensitive information, and cause denial of service conditions if left unpatched.
Breaking Down the March 2023 Monthly PSIRT Advisory Report From Fortinet
The products affected by this list of 15 vulnerabilities may include FortiOS, FortiProxy, FortiAnalyzer, FortiWeb, FortiNAC, FortiRecorder, FortiManager, FortiMail, FortiPortal, FortiAuthenticator, FortiSwitch, FortiSOAR, FortiDeceptor, and FortiOS-6K7K. Fortinet Product Number of Occurrence FortiOS 5 FortiProy 4 FortiAnalyzer 3 FortiWeb 2 FortiNAC 2 FortiRecorder 2 FortiManager 1 FortiMail 1 FortiPortal 1 FortiAuthenticator 1 FortiSwitch 1 FortiSOAR 1 FortiDeceptor 1 FortiOS-6K7K 1
Breaking Down the Latest February 2023 Monthly PSIRT Advisory Report From Fortinet
The products affected by this list of 40 vulnerabilities may include FortiWeb, FortiOS, FortiNAC, FortiProxy, FortiAnalyzer, FortiADC, FortiSandbox, fortiPortal, fortiWAN, ForitAuthenticator, FortiSwitch, FortiExtender, and FortiSwitchManager. The two Critical vulnerabilities identified are CVE-2022-39952 and CVE-2021-42756, the first flaw is an External Control of File Name or Path in the keyUpload scriptlet in FortiNAC, and the second flaw is a Stack-based buffer overflow in Proxyd services in FortiWeb products.
Update Sat Dec 17 13:50:07 UTC 2022
Update Sat Dec 17 13:50:07 UTC 2022
Vigil@nce - Cisco SD-WAN Software: privilege escalation via CLI, analyzed on 28/09/2022
The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them. This vulnerability note impacts software or systems such as Cisco SD-WAN Software for vEdge .
See 82 more articles and social media posts

CVSS V3.1

Attack Vector:Local
Attack Complexity:Low
Privileges Required:Low
User Interaction:None
Scope:Unchanged
Confidentiality:High
Integrity:High
Availability Impact:High

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI