CVE-2022-20850

Name of the Vulnerable Software and Affected Versions Cisco IOS XE SD-WAN Software (affected versions not specified) Cisco SD-WAN Software (affected versions not specified)

Description A vulnerability in the CLI of stand-alone Cisco IOS XE SD-WAN Software and Cisco SD-WAN Software could allow an authenticated, local attacker to delete arbitrary files from the file system of an affected device. This issue is due to insufficient input validation, which could be exploited by injecting arbitrary file path information when using commands in the CLI. A successful exploit could allow the attacker to delete arbitrary files from the file system of the affected device.

Recommendations For Cisco IOS XE SD-WAN Software, ensure proper input validation for CLI commands to prevent arbitrary file deletion. For Cisco SD-WAN Software, restrict access to the CLI to minimize the risk of exploitation until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.