Cisco SD-WAN vEdge Arbitrary File Creation Vulnerability

Vulnerability

The vulnerability, identified as CVE-2020-26071, exists in the command-line interface (CLI) of Cisco SD-WAN Software. Improper input validation for specific commands allows an authenticated, local attacker to create or overwrite arbitrary files on an affected device. This flaw affects all Cisco SD-WAN Software versions prior to the fixed releases listed in the vendor advisory [1]. Specific conditions require the attacker to have local access and valid credentials with the ability to execute CLI commands.

Exploitation

An attacker with local authentication can craft arguments to specific CLI commands that are not properly validated. By supplying specially crafted input, the attacker triggers the vulnerable code path to create or overwrite arbitrary files on the device filesystem. No user interaction is required beyond executing the malicious command. The attack does not require any write access beyond standard CLI command execution privileges [1].

Impact

Successful exploitation allows the attacker to create or overwrite arbitrary files, which can severely disrupt device operations. This can lead to a denial-of-service (DoS) condition, potentially making the device unstable or unusable. The impact is localized to the affected device, but could affect network operations if the device is critical to the SD-WAN infrastructure [1].

Mitigation

Cisco has released software updates to address this vulnerability. Customers should upgrade to a fixed software version as specified in the Cisco Security Advisory [1]. There are no workarounds that address this vulnerability. No known exploitation in the wild (KEV listing) has been reported at this time. Users should apply the patch as soon as possible to mitigate the risk [1].