Cisco SD-WAN Software Privilege Escalation Vulnerabilities
CVE-2022-20775

7.8HIGH

Key Information:

Vendor
Cisco
Status
Cisco Sd-wan Solution
Vendor
CVE Published:
30 September 2022

Badges

👾 Exploit Exists

Summary

Multiple vulnerabilities in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain elevated privileges. These vulnerabilities are due to improper access controls on commands within the application CLI. An attacker could exploit these vulnerabilities by running a malicious command on the application CLI. A successful exploit could allow the attacker to execute arbitrary commands as the root user.

Affected Version(s)

Cisco SD-WAN Solution

References

https://tools.cisco.com/security/center/content/CiscoSecu...
vendor-advisory
https://tools.cisco.com/security/center/content/CiscoSecu...
https://github.com/orangecertcc/security-research/securit...

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.