CVE-2022-20775: Cisco SD-WAN Software Privilege Escalation Vulnerabilities
First published: Fri Sep 30 2022(Updated: )
Multiple vulnerabilities in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain elevated privileges. These vulnerabilities are due to improper access controls on commands within the application CLI. An attacker could exploit these vulnerabilities by running a malicious command on the application CLI. A successful exploit could allow the attacker to execute arbitrary commands as the root user.
Credit: ykramarz@cisco.com ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Catalyst SD-WAN Manager | >=20.6<20.6.3 | |
| Cisco Catalyst SD-WAN Manager | >=20.7<20.7.2 | |
| Cisco Catalyst SD-WAN Manager | =20.8 | |
| Cisco vBond Orchestrator | >=20.6<20.6.3 | |
| Cisco vBond Orchestrator | >=20.7<20.7.2 | |
| Cisco vBond Orchestrator | =20.8 | |
| Cisco vSmart Controller | >=20.6<20.6.3 | |
| Cisco vSmart Controller | >=20.7<20.7.2 | |
| Cisco vSmart Controller | =20.8 | |
| Cisco SD-WAN Solution | >=20.6<20.6.3 | |
| Cisco SD-WAN Solution | >=20.7<20.7.2 | |
| Cisco SD-WAN Solution | =20.8 | |
| Cisco Catalyst 8000V Edge | ||
| Cisco CG418-E | ||
| Cisco catalyst cg522-e | ||
| Cisco 1100-4g Integrated Services Router | ||
| Cisco 1100-4p Integrated Services Router | ||
| Cisco 1100-6g Integrated Services Router | ||
| Cisco 1100-8p Integrated Services Router | ||
| Cisco 1100 Series Integrated Services Router | ||
| Cisco 1101-4p Integrated Services Router | ||
| Cisco 1101 Integrated Services Router | ||
| Cisco 1109-2p | ||
| Cisco 1109-4p Integrated Services Router | ||
| Cisco 1109 Integrated Services Router | ||
| Cisco 1111x-8p Integrated Services Router | ||
| Cisco 1111x Integrated Services Router | ||
| Cisco 111x Integrated Services Router | ||
| Cisco 1120 Integrated Services Router | ||
| Cisco 1131 Integrated Services Router | ||
| Cisco 1160 Integrated Services Router | ||
| Cisco 4000 Series Integrated Services Routers | ||
| Cisco 4221 Integrated Services Router | ||
| Cisco 4321\/k9-rf Integrated Services Router | ||
| Cisco 4321\/k9-ws Integrated Services Router | ||
| Cisco 4321\/k9 Integrated Services Router | ||
| Cisco 4321 Integrated Services Router | ||
| Cisco 4331\/k9-rf Integrated Services Router | ||
| Cisco 4331\/k9-ws Integrated Services Router | ||
| Cisco 4331 Integrated Services Router | ||
| Cisco 4331 Integrated Services Router | ||
| Cisco 4351\/k9-rf Integrated Services Router | ||
| Cisco 4351\/k9-ws Integrated Services Router | ||
| Cisco 4351\/k9 Integrated Services Router | ||
| Cisco 4351 Integrated Services Router | ||
| Cisco 4431 Integrated Services Router | ||
| Cisco 4451-X Integrated Services Router | ||
| Cisco 4451-X Integrated Services Router | ||
| Cisco 4441 Integrated Services Router | ||
| Cisco 8101-32fh | ||
| Cisco 8101-32h | ||
| Cisco 8102-64h | ||
| Cisco 8201 | ||
| Cisco 8201-32fh | ||
| Cisco 8202 | ||
| Cisco 8804 | ||
| Cisco 8808 | ||
| Cisco 8812 | ||
| Cisco 8818 | ||
| Cisco 8831 Firmware | ||
| Cisco ASR 1000 Series | ||
| Cisco ASR 1000 series software | ||
| Cisco ASR 1001 | ||
| Cisco ASR 1001-HX | ||
| Cisco ASR 1001-HX-RF | ||
| Cisco ASR 1001-X | ||
| Cisco ASR 1001-X | ||
| Cisco ASR 1002 Fixed Router | ||
| Cisco ASR 1002-HX-RF | ||
| Cisco ASR 1002-HX | ||
| Cisco ASR 1002-X | ||
| Cisco ASR 1002-X | ||
| Cisco ASR 1004 | ||
| Cisco ASR 1006 | ||
| Cisco ASR 1006-X | ||
| Cisco ASR 1009-X | ||
| Cisco ASR 1013 | ||
| Cisco ASR 1023 Router | ||
| Cisco Catalyst 8200 | ||
| Cisco Catalyst 8300 | ||
| Cisco Catalyst 8300-1N1S-4T2X | ||
| Cisco Catalyst 8300 | ||
| Cisco Catalyst 8300-2N2S-4T2X | ||
| Cisco Catalyst 8300 | ||
| Cisco Catalyst 8500L Series Router | ||
| Cisco Catalyst 8500 | ||
| Cisco Catalyst 8500 | ||
| Cisco Catalyst 8510CSR | ||
| Cisco Catalyst 8510msr | ||
| Cisco Catalyst 8540CSR | ||
| Cisco Catalyst 8540MSR |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2022-20775?
CVE-2022-20775 has been rated as high severity due to its potential to allow authenticated local attackers to gain elevated privileges.
How do I fix CVE-2022-20775?
To fix CVE-2022-20775, apply the latest software updates provided by Cisco for the affected SD-WAN software versions.
Which Cisco products are affected by CVE-2022-20775?
CVE-2022-20775 affects Cisco Catalyst SD-WAN Manager, Cisco vBond Orchestrator, and Cisco vSmart Controller versions between 20.6 and 20.8.
What type of vulnerability is CVE-2022-20775?
CVE-2022-20775 is an access control vulnerability that allows local attackers to exploit the CLI of Cisco SD-WAN software.
What are the potential consequences of exploiting CVE-2022-20775?
Exploiting CVE-2022-20775 can lead to unauthorized command execution and privileged access for attackers within the system.
- agent/references
- agent/author
- agent/type
- agent/severity
- agent/weakness
- agent/title
- agent/description
- agent/event
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/tags
- collector/nvd-api
- agent/software-canonical-lookup-request
- collector/nvd-index
- agent/softwarecombine
- vendor/cisco
- canonical/cisco catalyst sd-wan manager
- version/cisco catalyst sd-wan manager/20.6
- version/cisco catalyst sd-wan manager/20.7
- version/cisco catalyst sd-wan manager/20.8
- canonical/cisco vbond orchestrator
- version/cisco vbond orchestrator/20.6
- version/cisco vbond orchestrator/20.7
- version/cisco vbond orchestrator/20.8
- canonical/cisco vsmart controller
- version/cisco vsmart controller/20.6
- version/cisco vsmart controller/20.7
- version/cisco vsmart controller/20.8
- canonical/cisco sd-wan solution
- version/cisco sd-wan solution/20.6
- version/cisco sd-wan solution/20.7
- version/cisco sd-wan solution/20.8
- canonical/cisco catalyst 8000v edge
- canonical/cisco cg418-e
- canonical/cisco catalyst cg522-e
- canonical/cisco 1100-4g integrated services router
- canonical/cisco 1100-4p integrated services router
- canonical/cisco 1100-6g integrated services router
- canonical/cisco 1100-8p integrated services router
- canonical/cisco 1100 series integrated services router
- canonical/cisco 1101-4p integrated services router
- canonical/cisco 1101 integrated services router
- canonical/cisco 1109-2p
- canonical/cisco 1109-4p integrated services router
- canonical/cisco 1109 integrated services router
- canonical/cisco 1111x-8p integrated services router
- canonical/cisco 1111x integrated services router
- canonical/cisco 111x integrated services router
- canonical/cisco 1120 integrated services router
- canonical/cisco 1131 integrated services router
- canonical/cisco 1160 integrated services router
- canonical/cisco 4000 series integrated services routers
- canonical/cisco 4221 integrated services router
- canonical/cisco 4321\/k9-rf integrated services router
- canonical/cisco 4321\/k9-ws integrated services router
- canonical/cisco 4321\/k9 integrated services router
- canonical/cisco 4321 integrated services router
- canonical/cisco 4331\/k9-rf integrated services router
- canonical/cisco 4331\/k9-ws integrated services router
- canonical/cisco 4331 integrated services router
- canonical/cisco 4351\/k9-rf integrated services router
- canonical/cisco 4351\/k9-ws integrated services router
- canonical/cisco 4351\/k9 integrated services router
- canonical/cisco 4351 integrated services router
- canonical/cisco 4431 integrated services router
- canonical/cisco 4451-x integrated services router
- canonical/cisco 4441 integrated services router
- canonical/cisco 8101-32fh
- canonical/cisco 8101-32h
- canonical/cisco 8102-64h
- canonical/cisco 8201
- canonical/cisco 8201-32fh
- canonical/cisco 8202
- canonical/cisco 8804
- canonical/cisco 8808
- canonical/cisco 8812
- canonical/cisco 8818
- canonical/cisco 8831 firmware
- canonical/cisco asr 1000 series
- canonical/cisco asr 1000 series software
- canonical/cisco asr 1001
- canonical/cisco asr 1001-hx
- canonical/cisco asr 1001-hx-rf
- canonical/cisco asr 1001-x
- canonical/cisco asr 1002 fixed router
- canonical/cisco asr 1002-hx-rf
- canonical/cisco asr 1002-hx
- canonical/cisco asr 1002-x
- canonical/cisco asr 1004
- canonical/cisco asr 1006
- canonical/cisco asr 1006-x
- canonical/cisco asr 1009-x
- canonical/cisco asr 1013
- canonical/cisco asr 1023 router
- canonical/cisco catalyst 8200
- canonical/cisco catalyst 8300
- canonical/cisco catalyst 8300-1n1s-4t2x
- canonical/cisco catalyst 8300-2n2s-4t2x
- canonical/cisco catalyst 8500l series router
- canonical/cisco catalyst 8500
- canonical/cisco catalyst 8510csr
- canonical/cisco catalyst 8510msr
- canonical/cisco catalyst 8540csr
- canonical/cisco catalyst 8540msr