Description
A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to overwrite arbitrary files in the underlying file system of an affected system. This vulnerability is due to insufficient validation of the user-supplied input parameters of a specific CLI command. An attacker could exploit this vulnerability by issuing that command with specific parameters. A successful exploit could allow the attacker to overwrite the content in any arbitrary files that reside on the underlying host file system.
References (1)
Core 1
Core References
Vendor Advisory vendor-advisory
x_refsource_cisco
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-arbfile-7Qhd9mCn
Scores
CVSS v3
6.0
EPSS
0.0006
EPSS Percentile
18.0%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-552
Status
published
Products (13)
cisco/catalyst_sd-wan_manager
19.2 - 19.2.3
cisco/sd-wan_vbond_orchestrator
cisco/sd-wan_vmanage
< 18.4.6
cisco/vedge-100b_firmware
cisco/vedge_1000_firmware
cisco/vedge_100_firmware
cisco/vedge_100b_firmware
cisco/vedge_100m_firmware
cisco/vedge_100wm_firmware
cisco/vedge_2000_firmware
... and 3 more
Published
May 06, 2021
Tracked Since
Feb 18, 2026