PT-2022-6015 · Cisco · Cisco Sd-Wan Vedge Routers+5
Cyrille Chatras
·
Published
2022-09-28
·
Updated
2026-04-03
·
CVE-2022-20775
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Cisco SD-WAN Software (affected versions not specified)
Cisco SD-WAN vBond Orchestrator
Cisco SD-WAN vEdge Cloud Routers
Cisco SD-WAN vEdge Routers
Cisco SD-WAN vSmart Controller
Cisco SD-WAN vManage
Description
A flaw exists in the Command Line Interface (CLI) of Cisco SD-WAN Software that could allow an authenticated, local attacker to gain elevated privileges. This is due to insufficient access controls on commands within the application CLI. An attacker could exploit this by executing a malicious command on the CLI, potentially allowing them to execute arbitrary commands as the root user. The vulnerability involves incorrect restriction of the path name to an access-restricted directory.
Recommendations
Update to a newer version of Cisco SD-WAN Software that addresses this vulnerability.
Exploit
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Cisco Sd-Wan
Cisco Sd-Wan Vbond Orchestrator
Cisco Sd-Wan Vedge Cloud Routers
Cisco Sd-Wan Vedge Routers
Cisco Sd-Wan Vmanage
Cisco Sd-Wan Vsmart Controller