CVE-2022-20818 HIGH

CVE-2022-20818: Cisco SD-WAN Software Privilege Escalation Vulnerabilities

Vendor Cisco
Product Cisco SD-WAN Solution
Weakness CWE-25
Published September 30, 2022
Last update February 26, 2026

CVSS base score

7.8/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

Multiple vulnerabilities in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain elevated privileges. These vulnerabilities are due to improper access controls on commands within the application CLI. An attacker could exploit these vulnerabilities by running a malicious command on the application CLI. A successful exploit could allow the attacker to execute arbitrary commands as the root user.

Key dates

02Disclosure timeline

September 30, 2022 CVE published
February 26, 2026 Record updated