Cisco SD-WAN Solution Local Privilege Escalation Vulnerability

Vulnerability

A command-line interface (CLI) vulnerability in Cisco SD-WAN Solution vManage software, prior to the fixed releases noted in the advisory, allows authenticated local attackers to elevate privileges to root. The issue is due to insufficient input validation when processing a crafted file. Affected versions include vManage releases before 19.2.2, 19.3.1, and 19.4.1 [1].

Exploitation

An attacker must have local CLI access to the vManage system with a valid, authenticated account. The exploit involves sending a specially crafted file to the affected system. The crafted file is processed by the CLI, bypassing proper validation and leading to privilege escalation [1].

Impact

A successful exploit allows the attacker to elevate privileges from the authenticated user level to root-level privileges on the underlying operating system. This gives the attacker full control over the vManage system, including the ability to modify configuration, access sensitive data, and potentially disrupt network operations [1].

Mitigation

Cisco has released software updates to address this vulnerability. Fixed versions are 19.2.2, 19.3.1, 19.4.1, and later. Customers should upgrade to these or subsequent releases. No workarounds are available. The advisory also includes instructions for customers without service contracts to obtain the updates [1].