CVE-2020-3266

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Cisco SD-WAN Solution software (affected versions not specified)

Description The issue is related to insufficient input validation in the CLI of Cisco SD-WAN Solution software, allowing an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. To exploit this, an attacker must first authenticate to the device and then submit crafted input to the CLI utility. A successful exploit could allow the attacker to execute commands with root privileges.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Command Injection

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-77CWE-78

Related Identifiers

BDU:2020-01206

CVE-2020-3266

Affected Products

Cisco Sd-Wan Solution

CVE-2020-3266

Weakness Enumeration

Related Identifiers

Affected Products

References · 4