CVE-2023-20098 (CNNVD-202305-762)
中文标题:
Cisco SD-WAN vManage 路径遍历漏洞
英文标题:
A vulnerability in the CLI of Cisco SDWAN vManage Software could allow an authenticated, local attac...
漏洞描述
中文描述:
Cisco SD-WAN vManage是美国思科(Cisco)公司的一个高度可定制的仪表板。可简化和自动化 Cisco SD-WAN 的部署、配置、管理和操作。 Cisco SD-WAN vManage 存在安全漏洞,该漏洞源于系统命令中的目录遍历字符序列过滤不当,攻击者利用该漏洞可能从系统中删除任意文件,包括root拥有的文件。
英文描述:
A vulnerability in the CLI of Cisco SDWAN vManage Software could allow an authenticated, local attacker to delete arbitrary files. This vulnerability is due to improper filtering of directory traversal character sequences within system commands. An attacker with administrative privileges could exploit this vulnerability by running a system command containing directory traversal character sequences to target an arbitrary file. A successful exploit could allow the attacker to delete arbitrary files from the system, including files owned by root.
CWE类型:
标签:
受影响产品
| 厂商 | 产品 | 版本 | 版本范围 | 平台 | CPE |
|---|---|---|---|---|---|
| Cisco | Cisco SD-WAN vManage | 20.9.1 | - | - |
cpe:2.3:a:cisco:cisco_sd-wan_vmanage:20.9.1:*:*:*:*:*:*:*
|
| Cisco | Cisco SD-WAN vManage | 20.9.2 | - | - |
cpe:2.3:a:cisco:cisco_sd-wan_vmanage:20.9.2:*:*:*:*:*:*:*
|
| cisco | catalyst_sd-wan_manager | 20.11 | - | - |
cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.11:*:*:*:*:*:*:*
|
| cisco | sd-wan_vmanage | * | - | - |
cpe:2.3:a:cisco:sd-wan_vmanage:*:*:*:*:*:*:*:*
|
解决方案
中文解决方案:
英文解决方案:
临时解决方案:
参考链接
cve.org
CVSS评分详情
3.1 (cna)
MEDIUMCVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
时间信息
利用信息
数据源详情
| 数据源 | 记录ID | 版本 | 提取时间 |
|---|---|---|---|
| CVE | cve_CVE-2023-20098 |
2025-11-11 15:21:47 | 2025-11-11 07:38:02 |
| NVD | nvd_CVE-2023-20098 |
2025-11-11 14:59:01 | 2025-11-11 07:46:12 |
| CNNVD | cnnvd_CNNVD-202305-762 |
2025-11-11 15:11:12 | 2025-11-11 07:57:59 |
版本与语言
安全公告
变更历史
查看详细变更
- vulnerability_type: 未提取 -> 路径遍历
- cnnvd_id: 未提取 -> CNNVD-202305-762
- data_sources: ['cve', 'nvd'] -> ['cnnvd', 'cve', 'nvd']
查看详细变更
- affected_products_count: 2 -> 4
- data_sources: ['cve'] -> ['cve', 'nvd']