Cisco has assigned a Common Vulnerability Scoring System (CVSS) base score of 5.4 to this issue.
Cisco has assigned a severity rating of High to these issues.
Cisco has assigned a version number to this advisory of CVSS-3.0: CRITICAL. These issues could allow an attacker to gain elevated privileges on the affected device. Cisco recommends upgrading to the most current versions of Cisco SD-WAN Software immediately. All of the vulnerabilities described in this advisory have been assigned the following CVSS v3 metrics: Access Vector Access Complexity Authentication Confidentiality Impact Complete Confidentiality Impact. These issues could allow an attacker to gain elevated privileges on the affected device. Cisco recommends upgrading to the most current versions of Cisco SD-WAN Software immediately. All of the vulnerabilities described in this advisory have been assigned the following CVSS v3 metrics: Access Vector Access Complexity Authentication Confidentiality Impact Complete Confidentiality Impact. Cisco has released software updates. Cisco recommends that users discontinue use of Cisco SD-WAN Software and Cisco ASA Software versions prior to 12.0.4.0.
Summary
Cisco has released software updates to address a number of vulnerabilities. The vulnerabilities could allow an attacker to gain elevated privileges on the affected device.
Vulnerable Software and versions
Cisco has released software updates. Cisco recommends that users discontinue use of Cisco SD-WAN Software and Cisco ASA Software versions prior to 12.0.4.0.
Affected Products and Releases
Cisco SD-WAN Software versions prior to 12.0.4.0 are affected by this vulnerability. Cisco ASA Software versions prior to 12.0 are affected by this vulnerability.
Timeline
Published on: 09/30/2022 19:15:00 UTC
Last modified on: 10/04/2022 19:24:00 UTC