7.8

CVE-2022-20775

Warnung
Medienbericht
Exploit
A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain elevated privileges.

This vulnerability is due to improper access controls on commands within the application CLI. An attacker could exploit this vulnerability by running a maliciously crafted command on the application CLI. A successful exploit could allow the attacker to execute arbitrary commands as the root user.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sd-wan-priv-E6e8tEdF
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
CiscoCatalyst Sd-wan Manager Version < 20.6.3
CiscoCatalyst Sd-wan Manager Version >= 20.7 < 20.7.2
CiscoCatalyst Sd-wan Manager Version20.8
CiscoSd-wan Vbond Orchestrator Version < 20.6.3
CiscoSd-wan Vbond Orchestrator Version >= 20.7 < 20.7.2
CiscoSd-wan Vedge Cloud Version < 20.6.3
CiscoSd-wan Vedge Cloud Version >= 20.7 < 20.7.2
CiscoSd-wan Vedge Cloud Version20.8
CiscoSd-wan Vsmart Controller Version < 20.6.3
CiscoSd-wan Vsmart Controller Version >= 20.7 < 20.7.2
CiscoSd-wan Version < 20.6.3
   CiscoCatalyst 8000v Edge Version-
   CiscoCatalyst Cg418-e Version-
   CiscoCatalyst Cg522-e Version-
   Cisco1100-4g Integrated Services Router Version-
   Cisco1100-4p Integrated Services Router Version-
   Cisco1100-6g Integrated Services Router Version-
   Cisco1100-8p Integrated Services Router Version-
   Cisco1100 Integrated Services Router Version-
   Cisco1101-4p Integrated Services Router Version-
   Cisco1101 Integrated Services Router Version-
   Cisco1109-2p Integrated Services Router Version-
   Cisco1109-4p Integrated Services Router Version-
   Cisco1109 Integrated Services Router Version-
   Cisco1111x-8p Integrated Services Router Version-
   Cisco1111x Integrated Services Router Version-
   Cisco111x Integrated Services Router Version-
   Cisco1120 Integrated Services Router Version-
   Cisco1131 Integrated Services Router Version-
   Cisco1160 Integrated Services Router Version-
   Cisco4000 Integrated Services Router Version-
   Cisco4221 Integrated Services Router Version-
   Cisco4321 Integrated Services Router Version-
   Cisco4331 Integrated Services Router Version-
   Cisco4351 Integrated Services Router Version-
   Cisco4431 Integrated Services Router Version-
   Cisco4451-x Integrated Services Router Version-
   Cisco4451 Integrated Services Router Version-
   Cisco4461 Integrated Services Router Version-
   Cisco8101-32fh Version-
   Cisco8101-32h Version-
   Cisco8102-64h Version-
   Cisco8201 Version-
   Cisco8201-32fh Version-
   Cisco8202 Version-
   Cisco8804 Version-
   Cisco8808 Version-
   Cisco8812 Version-
   Cisco8818 Version-
   Cisco8831 Version-
   CiscoAsr 1000 Version-
   CiscoAsr 1000-x Version-
   CiscoAsr 1001 Version-
   CiscoAsr 1001-hx Version-
   CiscoAsr 1001-hx R Version-
   CiscoAsr 1001-x Version-
   CiscoAsr 1001-x R Version-
   CiscoAsr 1002 Version-
   CiscoAsr 1002-hx Version-
   CiscoAsr 1002-hx R Version-
   CiscoAsr 1002-x Version-
   CiscoAsr 1002-x R Version-
   CiscoAsr 1004 Version-
   CiscoAsr 1006 Version-
   CiscoAsr 1006-x Version-
   CiscoAsr 1009-x Version-
   CiscoAsr 1013 Version-
   CiscoAsr 1023 Version-
   CiscoCatalyst 8200 Version-
   CiscoCatalyst 8300 Version-
   CiscoCatalyst 8300-1n1s-4t2x Version-
   CiscoCatalyst 8300-1n1s-6t Version-
   CiscoCatalyst 8300-2n2s-4t2x Version-
   CiscoCatalyst 8300-2n2s-6t Version-
   CiscoCatalyst 8500 Version-
   CiscoCatalyst 8500-4qc Version-
   CiscoCatalyst 8500l Version-
   CiscoCatalyst 8510csr Version-
   CiscoCatalyst 8510msr Version-
   CiscoCatalyst 8540csr Version-
   CiscoCatalyst 8540msr Version-
CiscoSd-wan Version >= 20.7 < 20.7.2
   CiscoCatalyst 8000v Edge Version-
   CiscoCatalyst Cg418-e Version-
   CiscoCatalyst Cg522-e Version-
   Cisco1100-4g Integrated Services Router Version-
   Cisco1100-4p Integrated Services Router Version-
   Cisco1100-6g Integrated Services Router Version-
   Cisco1100-8p Integrated Services Router Version-
   Cisco1100 Integrated Services Router Version-
   Cisco1101-4p Integrated Services Router Version-
   Cisco1101 Integrated Services Router Version-
   Cisco1109-2p Integrated Services Router Version-
   Cisco1109-4p Integrated Services Router Version-
   Cisco1109 Integrated Services Router Version-
   Cisco1111x-8p Integrated Services Router Version-
   Cisco1111x Integrated Services Router Version-
   Cisco111x Integrated Services Router Version-
   Cisco1120 Integrated Services Router Version-
   Cisco1131 Integrated Services Router Version-
   Cisco1160 Integrated Services Router Version-
   Cisco4000 Integrated Services Router Version-
   Cisco4221 Integrated Services Router Version-
   Cisco4321 Integrated Services Router Version-
   Cisco4331 Integrated Services Router Version-
   Cisco4351 Integrated Services Router Version-
   Cisco4431 Integrated Services Router Version-
   Cisco4451-x Integrated Services Router Version-
   Cisco4451 Integrated Services Router Version-
   Cisco4461 Integrated Services Router Version-
   Cisco8101-32fh Version-
   Cisco8101-32h Version-
   Cisco8102-64h Version-
   Cisco8201 Version-
   Cisco8201-32fh Version-
   Cisco8202 Version-
   Cisco8804 Version-
   Cisco8808 Version-
   Cisco8812 Version-
   Cisco8818 Version-
   Cisco8831 Version-
   CiscoAsr 1000 Version-
   CiscoAsr 1000-x Version-
   CiscoAsr 1001 Version-
   CiscoAsr 1001-hx Version-
   CiscoAsr 1001-hx R Version-
   CiscoAsr 1001-x Version-
   CiscoAsr 1001-x R Version-
   CiscoAsr 1002 Version-
   CiscoAsr 1002-hx Version-
   CiscoAsr 1002-hx R Version-
   CiscoAsr 1002-x Version-
   CiscoAsr 1002-x R Version-
   CiscoAsr 1004 Version-
   CiscoAsr 1006 Version-
   CiscoAsr 1006-x Version-
   CiscoAsr 1009-x Version-
   CiscoAsr 1013 Version-
   CiscoAsr 1023 Version-
   CiscoCatalyst 8200 Version-
   CiscoCatalyst 8300 Version-
   CiscoCatalyst 8300-1n1s-4t2x Version-
   CiscoCatalyst 8300-1n1s-6t Version-
   CiscoCatalyst 8300-2n2s-4t2x Version-
   CiscoCatalyst 8300-2n2s-6t Version-
   CiscoCatalyst 8500 Version-
   CiscoCatalyst 8500-4qc Version-
   CiscoCatalyst 8500l Version-
   CiscoCatalyst 8510csr Version-
   CiscoCatalyst 8510msr Version-
   CiscoCatalyst 8540csr Version-
   CiscoCatalyst 8540msr Version-
CiscoSd-wan Version20.8
   CiscoCatalyst 8000v Edge Version-
   CiscoCatalyst Cg418-e Version-
   CiscoCatalyst Cg522-e Version-
   Cisco1100-4g Integrated Services Router Version-
   Cisco1100-4p Integrated Services Router Version-
   Cisco1100-6g Integrated Services Router Version-
   Cisco1100-8p Integrated Services Router Version-
   Cisco1100 Integrated Services Router Version-
   Cisco1101-4p Integrated Services Router Version-
   Cisco1101 Integrated Services Router Version-
   Cisco1109-2p Integrated Services Router Version-
   Cisco1109-4p Integrated Services Router Version-
   Cisco1109 Integrated Services Router Version-
   Cisco1111x-8p Integrated Services Router Version-
   Cisco1111x Integrated Services Router Version-
   Cisco111x Integrated Services Router Version-
   Cisco1120 Integrated Services Router Version-
   Cisco1131 Integrated Services Router Version-
   Cisco1160 Integrated Services Router Version-
   Cisco4000 Integrated Services Router Version-
   Cisco4221 Integrated Services Router Version-
   Cisco4321 Integrated Services Router Version-
   Cisco4331 Integrated Services Router Version-
   Cisco4351 Integrated Services Router Version-
   Cisco4431 Integrated Services Router Version-
   Cisco4451-x Integrated Services Router Version-
   Cisco4451 Integrated Services Router Version-
   Cisco4461 Integrated Services Router Version-
   Cisco8101-32fh Version-
   Cisco8101-32h Version-
   Cisco8102-64h Version-
   Cisco8201 Version-
   Cisco8201-32fh Version-
   Cisco8202 Version-
   Cisco8804 Version-
   Cisco8808 Version-
   Cisco8812 Version-
   Cisco8818 Version-
   Cisco8831 Version-
   CiscoAsr 1000 Version-
   CiscoAsr 1000-x Version-
   CiscoAsr 1001 Version-
   CiscoAsr 1001-hx Version-
   CiscoAsr 1001-hx R Version-
   CiscoAsr 1001-x Version-
   CiscoAsr 1001-x R Version-
   CiscoAsr 1002 Version-
   CiscoAsr 1002-hx Version-
   CiscoAsr 1002-hx R Version-
   CiscoAsr 1002-x Version-
   CiscoAsr 1002-x R Version-
   CiscoAsr 1004 Version-
   CiscoAsr 1006 Version-
   CiscoAsr 1006-x Version-
   CiscoAsr 1009-x Version-
   CiscoAsr 1013 Version-
   CiscoAsr 1023 Version-
   CiscoCatalyst 8200 Version-
   CiscoCatalyst 8300 Version-
   CiscoCatalyst 8300-1n1s-4t2x Version-
   CiscoCatalyst 8300-1n1s-6t Version-
   CiscoCatalyst 8300-2n2s-4t2x Version-
   CiscoCatalyst 8300-2n2s-6t Version-
   CiscoCatalyst 8500 Version-
   CiscoCatalyst 8500-4qc Version-
   CiscoCatalyst 8500l Version-
   CiscoCatalyst 8510csr Version-
   CiscoCatalyst 8510msr Version-
   CiscoCatalyst 8540csr Version-
   CiscoCatalyst 8540msr Version-

25.02.2026: CISA Known Exploited Vulnerabilities (KEV) Catalog

Cisco SD-WAN Path Traversal Vulnerability

Schwachstelle

Cisco SD-WAN CLI contains a path traversal vulnerability that could allow an authenticated local attacker to gain elevated privileges via improper access controls on commands within the application CLI. A successful exploit could allow the attacker to execute arbitrary commands as the root user.

Beschreibung

Please adhere to CISA’s guidelines to assess exposure and mitigate risks associated with Cisco SD-WAN devices as outlines in CISA’s Emergency Directive 26-03 (URL listed below in Notes) and CISA’s “Hunt & Hardening Guidance for Cisco SD-WAN Devices (URL listed below in Notes). Adhere to the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available.

Erforderliche Maßnahmen
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.31% 0.543
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
psirt@cisco.com 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

CWE-25 Path Traversal: '/../filedir'

The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize "/../" sequences that can resolve to a location that is outside of that directory.

https://cert.europa.eu/publications/security-advisories/2026-002/
CERT-EU
Security Advisory
12.03.2026 19:46