Cisco IOS XE SD-WAN Software Arbitrary File Overwrite Vulnerability
Description
A vulnerability in a specific CLI command that is run on Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to overwrite arbitrary files in the configuration database of an affected device. This vulnerability is due to insufficient validation of specific CLI command parameters. An attacker could exploit this vulnerability by issuing that command with specific parameters. A successful exploit could allow the attacker to overwrite the content of the configuration database and gain root-level access to an affected device.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A local authenticated attacker can overwrite arbitrary files in the configuration database of Cisco IOS XE SD-WAN Software via a crafted CLI command, leading to root-level access.
Vulnerability
A vulnerability in a specific CLI command of Cisco IOS XE SD-WAN Software allows an authenticated, local attacker to overwrite arbitrary files in the configuration database [1]. The issue stems from insufficient validation of CLI command parameters [1]. Affected versions are those running IOS XE SD-WAN Software; the advisory provides a Cisco Software Checker to determine exposure [1].
Exploitation
An attacker must have local, authenticated access to an affected device and issue the specific CLI command with crafted parameters [1]. No other user interaction or network position beyond local console or SSH access is required [1].
Impact
Successful exploitation allows the attacker to overwrite the content of the configuration database, which can lead to gaining root-level privileges on the device [1]. This results in a complete compromise of confidentiality, integrity, and availability.
Mitigation
Cisco has released software updates addressing this vulnerability; customers should consult the Cisco Software Checker to identify the first fixed release for their version [1]. No workarounds are available in the advisory [1]. The vulnerability is not listed on CISA's Known Exploited Vulnerabilities (KEV) catalog as of this writing.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: n/a
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxesdwan-arbfileov-MVOF3ZZnmitrevendor-advisoryx_refsource_CISCO
News mentions
0No linked articles in our index yet.