A vulnerability in the CLI of Cisco SDWAN vManage Software could allow an authenticated, local attacker to delete arbitrary files.
This vulnerability is due to improper filtering of directory traversal character sequences within system commands. An attacker with administrative privileges could exploit this vulnerability by running a system command containing directory traversal character sequences to target an arbitrary file. A successful exploit could allow the attacker to delete arbitrary files from the system, including files owned by root.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: cisco
Published: 2023-05-09T13:12:22.765Z
Updated: 2024-08-02T08:57:35.560Z
Reserved: 2022-10-27T18:47:50.338Z
Link: CVE-2023-20098
Vulnrichment
No data.
NVD
Status : Modified
Published: 2023-05-09T18:15:11.760
Modified: 2024-11-21T07:40:32.920
Link: CVE-2023-20098
Redhat
No data.