Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2022-20716— Cisco SD-WAN Solution Improper Access Control Vulnerability

CVSS 7.8 · High EPSS 0.13% · P32
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2022-20716

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Cisco SD-WAN Solution Improper Access Control Vulnerability
Source: NVD (National Vulnerability Database)
Vulnerability Description
A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain escalated privileges. This vulnerability is due to improper access control on files within the affected system. A local attacker could exploit this vulnerability by modifying certain files on the vulnerable device. If successful, the attacker could gain escalated privileges and take actions on the system with the privileges of the root user.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
访问控制不恰当
Source: NVD (National Vulnerability Database)
Vulnerability Title
Cisco SD-WAN 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Cisco SD-WAN是美国思科(Cisco)公司的一种高度安全的云规模架构,具有开放性、可编程性和可扩展性。 Cisco SD-WAN存在安全漏洞,该漏洞源于攻击者可以通过 CLI 绕过 Cisco SD-WAN 解决方案的限制,以提升其权限。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
CiscoCisco SD-WAN Solution n/a -

II. Public POCs for CVE-2022-20716

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2022-20716

登录查看更多情报信息。

Same Patch Batch · Cisco · 2022-04-15 · 34 CVEs total

CVE-2022-2069510.0 CRITICALCisco Wireless LAN Controller Management Interface Authentication Bypass Vulnerability
CVE-2022-206228.6 HIGHCisco Embedded Wireless Controller with Catalyst Access Points IP Flood Denial of Service
CVE-2022-207148.6 HIGHCisco IOS XR Software for ASR 9000 Series Routers Lightspeed-Plus Line Cards Denial of Ser
CVE-2022-206978.6 HIGHCisco IOS and IOS XE Software Web Services Denial of Service Vulnerability
CVE-2022-206788.6 HIGHCisco IOS XE Software AppNav-XE Denial of Service Vulnerability
CVE-2022-206828.6 HIGHCisco IOS XE Wireless Controller Software for the Catalyst 9000 Family CAPWAP Denial of Se
CVE-2022-206838.6 HIGHCisco IOS XE Software for Catalyst 9800 Series Wireless Controllers Application Visibility
CVE-2022-206817.8 HIGHCisco IOS XE Software for Cisco Catalyst 9000 Family Switches and Catalyst 9000 Family Wir
CVE-2022-206927.7 HIGHCisco IOS XE Software NETCONF Over SSH Denial of Service Vulnerability
CVE-2022-206847.4 HIGHCisco IOS XE Wireless Controller Software for the Catalyst 9000 Family SNMP Trap Denial of
CVE-2022-207617.4 HIGHCisco 1000 Series Connected Grid Router Integrated Wireless Access Point Denial of Service
CVE-2022-207397.3 HIGHCisco SD-WAN vManage Software Privilege Escalation Vulnerability
CVE-2022-206796.8 MEDIUMCisco IOS XE Software IPSec Denial of Service Vulnerability
CVE-2022-206946.8 MEDIUMCisco IOS XE Software Border Gateway Protocol Resource Public Key Infrastructure Denial of
CVE-2022-207586.8 MEDIUMCisco IOS XR Software Border Gateway Protocol Ethernet VPN Denial of Service Vulnerability
CVE-2022-207476.5 MEDIUMCisco SD-WAN vManage Software Information Disclosure Vulnerability
CVE-2022-207356.5 MEDIUMCisco SD-WAN vManage Software Cross-Site Request Forgery Vulnerability
CVE-2022-207265.5 MEDIUMCisco IOx Application Hosting Environment Vulnerabilities
CVE-2022-207185.5 MEDIUMCisco IOx Application Hosting Environment Vulnerabilities
CVE-2022-207255.5 MEDIUMCisco IOx Application Hosting Environment Vulnerabilities

Showing top 20 of 34 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: Cisco SD-WAN Solution
Same vendor: Cisco
Same weakness: CWE-284

V. Comments for CVE-2022-20716

No comments yet

Leave a comment