Risk | Low |
Patch available | YES |
Number of vulnerabilities | 1 |
CVE-ID | CVE-2022-20739 |
CWE-ID | CWE-269 |
Exploitation vector | Local |
Public exploit | N/A |
Vulnerable software Subscribe |
Cisco SD-WAN vManage Other software / Other software solutions |
Vendor | Cisco Systems, Inc |
Security Bulletin
This security bulletin contains one low risk vulnerability.
EUVDB-ID: #VU62344
Risk: Low
CVSSv3.1: 6.4 [CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-20739
CWE-ID:
CWE-269 - Improper Privilege Management
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges.
The vulnerability exists due to a file leveraged by a root user is executed when a low-privileged user runs specific commands. A local user can inject arbitrary commands to a specific file, then wait until an admin user executes specific commands and gain elevated privileges on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsCisco SD-WAN vManage: 18.3 - 20.7
External linksQ & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.