Unrated severityNVD Advisory· Published Oct 5, 2018· Updated Nov 26, 2024

Cisco SD-WAN Solution Command Injection Vulnerability

CVE-2018-0433

Description

A vulnerability in the command-line interface (CLI) in the Cisco SD-WAN Solution could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating to the device and submitting crafted input to the CLI utility. The attacker must be authenticated to access the CLI utility. A successful exploit could allow the attacker to execute commands with root privileges.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

An authenticated, local attacker can inject arbitrary commands with root privileges on Cisco SD-WAN devices due to insufficient input validation in the CLI.

Vulnerability

The vulnerability exists in the CLI of Cisco SD-WAN Solution devices. Insufficient input validation allows an authenticated, local attacker to inject arbitrary commands. The affected versions are not explicitly enumerated in the available references, but the advisory [1] provides fixed release information.

Exploitation

An attacker must have local access and be authenticated to the device's CLI utility. They can then submit crafted input to the CLI, which is not properly validated, leading to command injection with root privileges.

Impact

Successful exploitation allows the attacker to execute arbitrary commands with root privileges on the affected device, resulting in full compromise of the device's confidentiality, integrity, and availability.

Mitigation

Cisco has released free software updates to address this vulnerability as noted in the Cisco Security Advisory [1]. Customers should upgrade to the fixed versions specified in the advisory. No workarounds are provided in the available references.

References

Cisco Security Advisory: Cisco SD-WAN Solution Command Injection Vulnerability

AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Cisco Systems, Inc./SD-WAN Solutionllm-fuzzy
Cisco/Cisco SD-WAN Solutionv5
Range: n/a

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-sd-wan-injectionmitrevendor-advisoryx_refsource_CISCO
www.securityfocus.com/bid/105295mitrevdb-entryx_refsource_BID

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000