CVE-2022-20818

HIGH

Cisco Sd-wan Vbond Orchestrator < 20.9 - Path Traversal

Title source: rule

Description

Multiple vulnerabilities in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain elevated privileges. These vulnerabilities are due to improper access controls on commands within the application CLI. An attacker could exploit these vulnerabilities by running a malicious command on the application CLI. A successful exploit could allow the attacker to execute arbitrary commands as the root user.

Exploits (1)

nomisec WRITEUP

by mbadanoiu · poc

https://github.com/mbadanoiu/CVE-2022-20818

View Code ZIP pw:eip

References (1)

Core 1

Core References

Vendor Advisory vendor-advisory x_refsource_cisco

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sd-wan-priv-E6e8tEdF

Scores

CVSS v3 7.8

EPSS 0.0052

EPSS Percentile 66.8%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-22 CWE-25

Status published

Products (4)

cisco/sd-wan < 20.9

cisco/sd-wan_vbond_orchestrator < 20.9

cisco/sd-wan_vmanage < 20.9

cisco/sd-wan_vsmart_controller < 20.9

Published Sep 30, 2022

Tracked Since Feb 18, 2026