CVE-2019-16103

Vulnerability

CVE-2019-16103 affects Silver Peak EdgeConnect SD-WAN versions prior to 8.1.7.x. The vulnerability resides in the spsshell feature, which is accessible from the management menu. It allows authenticated administrators to escape the restricted menu environment and gain access to a full root Bash shell on the underlying operating system [1].

Exploitation

An attacker must first possess administrative credentials for the EdgeConnect SD-WAN appliance. With those privileges, the attacker can navigate to the spsshell option from the management menu. By selecting this feature, the administrator is presented with a root shell prompt, effectively bypassing the intended command restrictions [1]. No additional network position, user interaction, or race condition is required beyond administrative login.

Impact

Successful exploitation grants the attacker a root shell on the EdgeConnect device. This provides complete control over the operating system, including the ability to read or modify any file, install persistent malware, alter network configuration, and disrupt SD-WAN operations. The compromise is at the highest privilege level (root) and affects the entire appliance [1].

Mitigation

Silver Peak released a fix in version 8.1.7.x. Administrators should upgrade all affected EdgeConnect SD-WAN appliances to version 8.1.7.x or later immediately. No workaround is available for unpatched versions. The issue is not known to be listed in CISA's Known Exploited Vulnerabilities (KEV) catalog. [1]