CVE-2022-20844

Published: Sep 30, 2022

Modified: Nov 1, 2024

PUBLISHED

CVSS v3.1

5.3

MEDIUM

Description

A vulnerability in authentication mechanism of Cisco Software-Defined Application Visibility and Control (SD-AVC) on Cisco vManage could allow an unauthenticated, remote attacker to access the GUI of Cisco SD-AVC using a default static username and password combination. This vulnerability exists because the GUI is accessible on self-managed cloud installations or local server installations of Cisco vManage. An attacker could exploit this vulnerability by accessing the exposed GUI of Cisco SD-AVC. A successful exploit could allow the attacker to view managed device names, SD-AVC logs, and SD-AVC DNS server IP addresses.

Vendor	Product	Versions
Cisco	Cisco SD-WAN vManage	affected `n/a`

Weaknesses (CWE)

CWE-798

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

None

References

20220928 Cisco Software-Defined Application Visibility and Control on Cisco vManage Static Username and Password Vulnerability

vendor-advisory

x_refsource_CISCO

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2022-20844

Description

Affected Products

Weaknesses (CWE)

CVSS v3.1 Details

References