Description
A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain escalated privileges. This vulnerability is due to improper access control on files within the affected system. A local attacker could exploit this vulnerability by modifying certain files on the vulnerable device. If successful, the attacker could gain escalated privileges and take actions on the system with the privileges of the root user.
References (1)
Core 1
Core References
Vendor Advisory vendor-advisory
x_refsource_cisco
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sd-wan-file-access-VW36d28P
Scores
CVSS v3
7.8
EPSS
0.0013
EPSS Percentile
31.7%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-284
Status
published
Products (7)
cisco/catalyst_sd-wan_manager
cisco/sd-wan
18.4 - 20.6.1
cisco/sd-wan_solution
cisco/sd-wan_vbond_orchestrator
cisco/sd-wan_vedge_cloud
cisco/sd-wan_vedge_router
cisco/sd-wan_vsmart_controller_software
Published
Apr 15, 2022
Tracked Since
Feb 18, 2026