First published: Sun Jan 26 2020(Updated: )
A vulnerability in the CLI of the Cisco SD-WAN Solution vManage software could allow an authenticated, local attacker to elevate privileges to root-level privileges on the underlying operating system. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted file to the affected system. An exploit could allow the attacker to elevate privileges to root-level privileges.
Credit: ykramarz@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Cisco Sd-wan Firmware | =18.4.1 | |
Cisco Sd-wan Firmware | =19.1.0 | |
Cisco Vedge-100 | ||
Cisco Vedge-1000 | ||
Cisco Vedge-100b | ||
Cisco Vedge-2000 | ||
Cisco Vedge-5000 | ||
Cisco Vedge 100m | ||
Cisco Vedge 100wm |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-3115 is a vulnerability in the CLI of the Cisco SD-WAN Solution vManage software that allows an authenticated, local attacker to elevate privileges to root-level on the underlying operating system.
CVE-2020-3115 allows an attacker to gain root-level privileges on the operating system of the affected Cisco SD-WAN Solution vManage software.
CVE-2020-3115 has a severity score of 8.8 (high severity).
Versions 18.4.1 and 19.1.0 of Cisco SD-WAN Firmware are affected by CVE-2020-3115.
Cisco has released software updates to address CVE-2020-3115. It is recommended to update to the latest available version of the affected software.