VDB

CISCO-SA-SDWAN-PRIVIESC-WCK7BMMT

CISCO-SA-SDWAN-PRIVIESC-WCK7BMMT PUBLISHED CVSS 7.800000190734863 HIGH

A vulnerability in the CLI of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an authenticated, local attacker to gain privileges of the root user on the underlying operating system. This vulnerability is due to insufficient input validation. An authenticated attacker with read-only privileges on the SD-WAN Manager system could exploit this vulnerability by sending a crafted request to the CLI of the SD-WAN Manager. A successful exploit could allow the attacker to gain root privileges on the underlying operating system. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

Risk Scores

CVSS 3.1
7.800000190734863
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products

VendorProductVersions
Cisco Catalyst SD-WAN Manager

Timeline

  • May 7, 2025 CVE Published

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›