Cisco SD-WAN Solution Command Injection Vulnerability
Description
A vulnerability in the CLI of Cisco SD-WAN Solution software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating to the device and submitting crafted input to the CLI utility. The attacker must be authenticated to access the CLI utility. A successful exploit could allow the attacker to execute commands with root privileges.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Authenticated local attackers can inject arbitrary root commands via insufficiently validated CLI input in Cisco SD-WAN Solution software.
Vulnerability
The vulnerability exists in the CLI of Cisco SD-WAN Solution software. It arises from insufficient input validation, allowing an authenticated, local attacker to submit crafted input to the CLI utility. The affected versions include those prior to the fixed releases mentioned in Cisco's advisory [1].
Exploitation
An attacker must first authenticate to the device and have access to the CLI utility. By submitting specially crafted input, the attacker can inject arbitrary commands that will be executed [1].
Impact
Successful exploitation allows the attacker to execute arbitrary commands with root privileges, resulting in full compromise of the device's confidentiality, integrity, and availability [1].
Mitigation
Cisco has released free software updates to address this vulnerability. Customers should upgrade to the fixed versions as specified in Cisco Security Advisory cisco-sa-sdwclici-cvrQpH9v [1]. No workarounds are available.
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2(expand)+ 1 more
- (no CPE)
- (no CPE)range: n/a
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwclici-cvrQpH9vmitrevendor-advisoryx_refsource_CISCO
News mentions
0No linked articles in our index yet.