CVE-2022-20850 An attacker can delete files on an affected device if they are logged in locally.

Cisco does not currently know of attacks that use this vulnerability. The Cisco PSIRT is currently investigating this issue. Cisco has assigned this vulnerability the ID CVE-2018-0197. Cisco has released software updates that address this vulnerability. The following table contains information about this vulnerability when discovered, as well as information about the release in which this software update was released. For more information about releases, see Cisco Software Releases. For information about upgrading to these releases, see Cisco upgrading Cisco IOS XE Software. VENDOR SUMMARY Cisco IOS XE Software

VENDOR SUMMARY Cisco SD-WAN Software

CVE ID Cisco SD-WAN Software, Cisco IOS XE Software

CVE ID CVE-2018-0197

Affected Software AFFECTED SOFTWARE Cisco SD-WAN Software Cisco SD-WAN Software is affected by this vulnerability if the following conditions are true: End-user devices running Cisco SD-WAN Software. Cisco IOS XE Software Cisco IOS XE Software is affected by this vulnerability if the following conditions are true: End-user devices running Cisco IOS XE Software.

Software versions

Cisco SD-WAN Software

Cisco SD-WAN Software is affected by this vulnerability if the following conditions are true: End-user devices running Cisco SD-WAN Software.
Software versions

Timeline

Published on: 09/30/2022 19:15:00 UTC
Last modified on: 10/05/2022 16:16:00 UTC

References

• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-arb-file-delete-VB2rVcQv
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-20850