Rewterz Threat Advisory – CVE-2022-40604 – Apache Airflow Vulnerability
September 29, 2022Rewterz Threat Advisory – CVE-2022-20945 – Cisco Catalyst 9100 Series Access Points Vulnerability
September 29, 2022Rewterz Threat Advisory – CVE-2022-40604 – Apache Airflow Vulnerability
September 29, 2022Rewterz Threat Advisory – CVE-2022-20945 – Cisco Catalyst 9100 Series Access Points Vulnerability
September 29, 2022Severity
High
Analysis Summary
CVE-2022-20775 CVSS:7.8
Cisco SD-WAN Software could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper access controls on commands within the application CLI. By running a specially crafted command on the application CLI, an attacker could exploit this vulnerability to execute arbitrary commands as the root user.
CVE-2022-20818 CVSS:7.8
Cisco SD-WAN Software could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper access controls on commands within the application CLI. By running a specially crafted command on the application CLI, an attacker could exploit this vulnerability to execute arbitrary commands as the root user.
CVE-2022-20850 CVSS:5.5
Cisco SD-WAN Software could allow a local authenticated attacker to delete arbitrary files, caused by insufficient input validation in the CLI. By injecting arbitrary file path information when using commands in the CLI of an affected device, an attacker could exploit this vulnerability to delete arbitrary files from the file system of the affected device.
Impact
- Privilege Escalation
- File Manupulation
Indicators Of Compromise
CVE
- CVE-2022-20775
- CVE-2022-20818
- CVE-2022-20850
Affected Vendors
Cisco
Affected Products
- Cisco SD-WAN vManage software
- Cisco SD-WAN vEdge Cloud Routers
- Cisco SD-WAN vBond Orchestrator Software
- Cisco SD-WAN vEdge Routers
- Cisco SD-WAN vSmart Controller Software
- Cisco SD-WAN Software
Remediation
Refer to Cisco Security Advisory for patch, upgrade or suggested workaround information.
Cisco Security Advisory