Published: 30/09/2022 Updated: 07/11/2023

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 0

Multiple vulnerabilities in the CLI of Cisco SD-WAN Software could allow an authenticated, local malicious user to gain elevated privileges. These vulnerabilities are due to improper access controls on commands within the application CLI. An attacker could exploit these vulnerabilities by running a malicious command on the application CLI. A successful exploit could allow the malicious user to execute arbitrary commands as the root user.

Vulnerable Product	Search on Vulmon	Subscribe to Product
cisco sd-wan vbond orchestrator
cisco sd-wan vmanage
cisco sd-wan vsmart controller
cisco sd-wan

Multiple vulnerabilities in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain elevated privileges These vulnerabilities are due to improper access controls on commands within the application CLI An attacker could exploit these vulnerabilities by running a malicious command on the application CLI A successful e ...

CVE-2022-20818: Local Privilege Escalation via Partial File Read in Cisco SD-WAN

CVE-2022-20818: Local Privilege Escalation via Partial File Read in Cisco SD-WAN The “config -> load” feature from Viptela SSH shell uses “wget” to fetch remote “command” files over FTP By hosting a malicious FTP server and replacing the local files created by wget with symlinks, an attacker can abuse the “root” privileges

CWE-22 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sd-wan-priv-E6e8tEdF https://nvd.nist.gov https://github.com/mbadanoiu/CVE-2022-20818 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sd-wan-priv-E6e8tEdF

CVE-2022-20818

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect