Cisco Security Advisory - Cisco SD-WAN vManage Software Arbitrary File Deletion Vulnerability

[Netwörkheäd]

Cisco SD-WAN vManage Software Arbitrary File Deletion Vulnerability

A vulnerability in the CLI of Cisco SDWAN vManage Software could allow an authenticated, local attacker to delete arbitrary files.

This vulnerability is due to improper filtering of directory traversal character sequences within system commands. An attacker with administrative privileges could exploit this vulnerability by running a system command containing directory traversal character sequences to target an arbitrary file. A successful exploit could allow the attacker to delete arbitrary files from the system, including files owned by root.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-vmanage-wfnqmYhN

     
         
Security Impact Rating:  Medium
   
   
       
CVE: CVE-2023-20098
Source: Cisco SD-WAN vManage Software Arbitrary File Deletion Vulnerability