Vulnerability Details : CVE-2022-20747
A vulnerability in the History API of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to gain access to sensitive information on an affected system. This vulnerability is due to insufficient API authorization checking on the underlying operating system. An attacker could exploit this vulnerability by sending a crafted API request to Cisco vManage as a lower-privileged user and gaining access to sensitive information that they would not normally be authorized to access.
Products affected by CVE-2022-20747
- cpe:2.3:a:cisco:sd-wan_vmanage:*:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.7:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2022-20747
0.41%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 60 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2022-20747
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
4.0
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:N/A:N |
8.0
|
2.9
|
NIST | |
|
6.5
|
MEDIUM | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
2.8
|
3.6
|
Cisco Systems, Inc. | |
|
6.5
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
2.8
|
3.6
|
NIST |
CWE ids for CVE-2022-20747
-
When trying to keep information confidential, an attacker can often infer some of the information by using statistics.Assigned by: ykramarz@cisco.com (Secondary)
References for CVE-2022-20747
-
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-vman-infodis-73sHJNEq
Cisco SD-WAN vManage Software Information Disclosure VulnerabilityVendor Advisory
Jump to