CVE-2022-20775

Name of the Vulnerable Software and Affected Versions Cisco SD-WAN Software (affected versions not specified) Cisco SD-WAN vBond Orchestrator Cisco SD-WAN vEdge Cloud Routers Cisco SD-WAN vEdge Routers Cisco SD-WAN vSmart Controller Cisco SD-WAN vManage

Description A flaw exists in the Command Line Interface (CLI) of Cisco SD-WAN Software that could allow an authenticated, local attacker to obtain elevated privileges. This is a result of insufficient access controls on commands within the application's CLI. An attacker could exploit this by executing a malicious command through the CLI, potentially enabling them to execute arbitrary commands as the root user. The vulnerability involves incorrect restriction of the path name to an access-limited directory, which could allow an attacker to create or overwrite critical files as the root user.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.