Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-20098


A vulnerability in the CLI of Cisco SDWAN vManage Software could allow an authenticated, local attacker to delete arbitrary files. This vulnerability is due to improper filtering of directory traversal character sequences within system commands. An attacker with administrative privileges could exploit this vulnerability by running a system command containing directory traversal character sequences to target an arbitrary file. A successful exploit could allow the attacker to delete arbitrary files from the system, including files owned by root.


Published

2023-05-09T18:15:11.760

Last Modified

2024-11-21T07:40:32.920

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 4.4 (MEDIUM)

Weaknesses
  • Type: Secondary
    CWE-24
  • Type: Primary
    CWE-22

Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application cisco catalyst_sd-wan_manager 20.11 Yes
Application cisco sd-wan_vmanage < 20.9.1 Yes

References