VDB
GSD-2022-20775
GSD-2022-20775
PUBLISHED
CVSS 7.800000190734863 HIGH
A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain elevated privileges. This vulnerability is due to improper access controls on commands within the application CLI. An attacker could exploit this vulnerability by running a maliciously crafted command on the application CLI. A successful exploit could allow the attacker to execute arbitrary commands as the root user. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sd-wan-priv-E6e8tEdF
Risk Scores
CVSS v3.1
7.800000190734863
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Cisco Catalyst SD-WAN | 20.4.1.1, 17.3.2ESM2, 20.4.1 |
| Cisco | Cisco Catalyst SD-WAN Manager | 20.6.2.2, 20.3.4.2.1, 20.7.1.1 |
| Cisco | Cisco SD-WAN vContainer | 19.3.0, 20.1.12, 19.2.097 |
| Cisco | Cisco SD-WAN vEdge Router | 20.5.1, 17.2.6, 17.2.4 |
| Cisco | Cisco SD-WAN vEdge Cloud | 20.6.7, 20.6.8, 20.3.4 |
Timeline
- Sep 28, 2022 CVE Published
- Feb 25, 2026 PoC Published
- Feb 25, 2026 PoC Published
- Feb 25, 2026 PoC Published
- Feb 25, 2026 PoC Published
- Feb 25, 2026 PoC Published
- Feb 26, 2026 PoC Published
- Feb 26, 2026 PoC Published
- Feb 26, 2026 PoC Published
- Feb 26, 2026 PoC Published
- Feb 26, 2026 PoC Published
- Feb 26, 2026 PoC Published