CVE-2022-20818

HIGH

Cisco SD-WAN < 20.9 - Authenticated Privilege Escalation via CLI Command Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2022-20818. PoCs published by mbadanoiu.

AI-analyzed exploit summary This repository provides a detailed writeup and references for CVE-2022-20818, a local privilege escalation vulnerability in Cisco SD-WAN. The exploit involves abusing the 'config -> load' feature via symlink manipulation and FTP to read sensitive files, leading to root shell access.

Description

Multiple vulnerabilities in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain elevated privileges. These vulnerabilities are due to improper access controls on commands within the application CLI. An attacker could exploit these vulnerabilities by running a malicious command on the application CLI. A successful exploit could allow the attacker to execute arbitrary commands as the root user.

Exploits (1)

nomisec WRITEUP

by mbadanoiu · poc

https://github.com/mbadanoiu/CVE-2022-20818

View Code ZIP pw:eip

This repository provides a detailed writeup and references for CVE-2022-20818, a local privilege escalation vulnerability in Cisco SD-WAN. The exploit involves abusing the 'config -> load' feature via symlink manipulation and FTP to read sensitive files, leading to root shell access.

Classification

Writeup 90%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: Cisco SD-WAN (Viptela)

Auth required

Prerequisites: Access to Viptela shell via SSH or local system access · Ability to host a malicious FTP server

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1222 - File and Directory Permissions Modification

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Vendor Advisory vendor-advisory x_refsource_cisco

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sd-wan-priv-E6e8tEdF

Scores

CVSS v3 7.8

EPSS 0.0059

EPSS Percentile 43.6%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-22 CWE-25

Status published

Products (4)

cisco/sd-wan < 20.9

cisco/sd-wan_vbond_orchestrator < 20.9

cisco/sd-wan_vmanage < 20.9

cisco/sd-wan_vsmart_controller < 20.9

Published Sep 30, 2022

Tracked Since Feb 18, 2026