CVE-2023-20098

A vulnerability in the CLI of Cisco SDWAN vManage Software could allow an authenticated, local attacker to delete arbitrary files. This vulnerability is due to improper filtering of directory traversal character sequences within system commands. An attacker with administrative privileges could exploit this vulnerability by running a system command containing directory traversal character sequences to target an arbitrary file. A successful exploit could allow the attacker to delete arbitrary files from the system, including files owned by root.

CVSS v3 6.0 MEDIUM

6.0^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 0.8 / Impact : 5.2

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-vmanage-wfnqmYhN	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.11:::::::*
	cpe:2.3:a:cisco:sd-wan_vmanage::::::::

History

No history.

Information

Published : 2023-05-09 18:15

Updated : 2024-01-25 17:15

NVD link : CVE-2023-20098

Mitre link : CVE-2023-20098

CVE.ORG link : CVE-2023-20098

JSON object : View

Products Affected

cisco

catalyst_sd-wan_manager
sd-wan_vmanage

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CWE-24

Path Traversal: '../filedir'

{"id": "CVE-2023-20098", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.0, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}, "impactScore": 5.2, "exploitabilityScore": 0.8}, {"type": "Secondary", "source": "ykramarz@cisco.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.4, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 0.8}]}, "published": "2023-05-09T18:15:11.760", "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-vmanage-wfnqmYhN", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-22"}]}, {"type": "Secondary", "source": "ykramarz@cisco.com", "description": [{"lang": "en", "value": "CWE-24"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the CLI of Cisco SDWAN vManage Software could allow an authenticated, local attacker to delete arbitrary files.\r\n\r This vulnerability is due to improper filtering of directory traversal character sequences within system commands. An attacker with administrative privileges could exploit this vulnerability by running a system command containing directory traversal character sequences to target an arbitrary file. A successful exploit could allow the attacker to delete arbitrary files from the system, including files owned by root."}], "lastModified": "2024-01-25T17:15:29.463", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.11:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F6F54BE3-6E7A-4142-B3EB-16036F7E2B5E"}, {"criteria": "cpe:2.3:a:cisco:sd-wan_vmanage:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7B412E61-DA38-4890-ABF8-0875F5D0797D", "versionEndExcluding": "20.9.1"}], "operator": "OR"}]}], "sourceIdentifier": "ykramarz@cisco.com"}