目標達成 すべての支援者に感謝 — 100%達成しました!

目標: 1000 CNY · 調達済み: 1000 CNY

100.0%
コーヒーを一杯おごる

CVE-2022-20739— Cisco SD-WAN vManage Software 安全漏洞

CVSS 7.3 · High EPSS 0.12% · P30
新しい脆弱性情報の通知を購読するログインして購読

I. CVE-2022-20739の基本情報

脆弱性情報
脆弱性についてご質問がありますか?Shenlongの分析が参考になるかご確認ください!
Shenlongの10の質問を表示 ↗

高度な大規模言語モデル技術を使用していますが、出力には不正確または古い情報が含まれる可能性があります。Shenlongはデータの正確性を確保するよう努めていますが、実際の状況に基づいて検証・判断してください。

脆弱性タイトル
Cisco SD-WAN vManage Software Privilege Escalation Vulnerability
ソース: NVD (National Vulnerability Database)
脆弱性説明
A vulnerability in the CLI of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system as the root user. The attacker must be authenticated on the affected system as a low-privileged user to exploit this vulnerability. This vulnerability exists because a file leveraged by a root user is executed when a low-privileged user runs specific commands on an affected system. An attacker could exploit this vulnerability by injecting arbitrary commands to a specific file as a lower-privileged user and then waiting until an admin user executes specific commands. The commands would then be executed on the device by the root user. A successful exploit could allow the attacker to escalate their privileges on the affected system from a low-privileged user to the root user.
ソース: NVD (National Vulnerability Database)
CVSS情報
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
ソース: NVD (National Vulnerability Database)
脆弱性タイプ
特权管理不恰当
ソース: NVD (National Vulnerability Database)
脆弱性タイトル
Cisco SD-WAN vManage Software 安全漏洞
ソース: CNNVD (China National Vulnerability Database)
脆弱性説明
Cisco SD-WAN vManage Software是美国思科(Cisco)公司的一款用于SD-WAN(软件定义广域网络)解决方案的管理软件。 Cisco SD-WAN vManage Software 存在安全漏洞,该漏洞源于当低权限用户在受影响的系统上运行特定命令时会执行由 root 用户利用的文件。攻击者利用此漏洞可以通过将任意命令作为低权限用户注入特定文件,然后等待管理员用户执行特定命令。以下产品和版本受到影响:18.3 及之前版本、18.4、19.2、20.1、20.3、20.4、20.5
ソース: CNNVD (China National Vulnerability Database)
CVSS情報
N/A
ソース: CNNVD (China National Vulnerability Database)
脆弱性タイプ
N/A
ソース: CNNVD (China National Vulnerability Database)

影響を受ける製品

ベンダープロダクト影響を受けるバージョンCPE購読
CiscoCisco SD-WAN vManage n/a -

II. CVE-2022-20739の公開POC

#POC説明ソースリンクShenlongリンク
AI生成POCプレミアム

公開POCは見つかりませんでした。

ログインしてAI POCを生成

III. CVE-2022-20739のインテリジェンス情報

登录查看更多情报信息。

Same Patch Batch · Cisco · 2022-04-15 · 34 CVEs total

CVE-2022-2069510.0 CRITICALCisco Wireless LAN Controller Management Interface Authentication Bypass Vulnerability
CVE-2022-206228.6 HIGHCisco Embedded Wireless Controller with Catalyst Access Points IP Flood Denial of Service
CVE-2022-206788.6 HIGHCisco IOS XE Software AppNav-XE Denial of Service Vulnerability
CVE-2022-207148.6 HIGHCisco IOS XR Software for ASR 9000 Series Routers Lightspeed-Plus Line Cards Denial of Ser
CVE-2022-206978.6 HIGHCisco IOS and IOS XE Software Web Services Denial of Service Vulnerability
CVE-2022-206828.6 HIGHCisco IOS XE Wireless Controller Software for the Catalyst 9000 Family CAPWAP Denial of Se
CVE-2022-206838.6 HIGHCisco IOS XE Software for Catalyst 9800 Series Wireless Controllers Application Visibility
CVE-2022-207167.8 HIGHCisco SD-WAN Solution Improper Access Control Vulnerability
CVE-2022-206817.8 HIGHCisco IOS XE Software for Cisco Catalyst 9000 Family Switches and Catalyst 9000 Family Wir
CVE-2022-206927.7 HIGHCisco IOS XE Software NETCONF Over SSH Denial of Service Vulnerability
CVE-2022-206847.4 HIGHCisco IOS XE Wireless Controller Software for the Catalyst 9000 Family SNMP Trap Denial of
CVE-2022-207617.4 HIGHCisco 1000 Series Connected Grid Router Integrated Wireless Access Point Denial of Service
CVE-2022-206946.8 MEDIUMCisco IOS XE Software Border Gateway Protocol Resource Public Key Infrastructure Denial of
CVE-2022-206796.8 MEDIUMCisco IOS XE Software IPSec Denial of Service Vulnerability
CVE-2022-207586.8 MEDIUMCisco IOS XR Software Border Gateway Protocol Ethernet VPN Denial of Service Vulnerability
CVE-2022-207476.5 MEDIUMCisco SD-WAN vManage Software Information Disclosure Vulnerability
CVE-2022-207356.5 MEDIUMCisco SD-WAN vManage Software Cross-Site Request Forgery Vulnerability
CVE-2022-207265.5 MEDIUMCisco IOx Application Hosting Environment Vulnerabilities
CVE-2022-206775.5 MEDIUMCisco IOx Application Hosting Environment Vulnerabilities
CVE-2022-207255.5 MEDIUMCisco IOx Application Hosting Environment Vulnerabilities

Showing 20 of 34 CVEs. View all on vendor page →

IV. 関連脆弱性

同じ製品: Cisco SD-WAN vManage
同じベンダー: Cisco
同じ弱点: CWE-269

V. CVE-2022-20739へのコメント

まだコメントはありません

コメントを残す