Unrated severityCISA KEVNVD Advisory· Published Sep 30, 2022· Updated Mar 2, 2026
Cisco SD-WAN Software Privilege Escalation Vulnerability
CVE-2022-20775
Description
A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain elevated privileges.
This vulnerability is due to improper access controls on commands within the application CLI. An attacker could exploit this vulnerability by running a maliciously crafted command on the application CLI. A successful exploit could allow the attacker to execute arbitrary commands as the root user. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sd-wan-priv-E6e8tEdF
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
618.3.1+ 1 more
- (no CPE)range: 18.3.1
- (no CPE)range: 20.1.12
- Cisco/Cisco SD-WAN vContainerv5Range: 18.4.5
- Cisco/Cisco SD-WAN vEdge Cloudv5Range: 19.2.1
- Range: 18.4.303
Patches
Vulnerability mechanics
References
1News mentions
10- Cisco adds another SD-WAN box to max-severity bug advisoryThe Register Security · Jun 17, 2026
- Cisco Patches Another SD-WAN Zero-Day Exploited in AttacksSecurityWeek · Jun 16, 2026
- Cisco Releases Security Updates for Actively Exploited SD-WAN Manager FlawThe Hacker News · Jun 16, 2026
- Cisco Catalyst SD-WAN Manager CVE-2026-20245 Flaw Actively Exploited – No Patch AvailableThe Hacker News · Jun 6, 2026
- Yet another Cisco SD-WAN 0-day under attack, and no patch in sightThe Register Security · Jun 5, 2026
- Cisco Warns of 7th SD-WAN Zero-Day Exploited in 2026SecurityWeek · Jun 5, 2026
- Cisco patches another actively exploited SD-WAN zero-day (CVE-2026-20182)Help Net Security · May 15, 2026
- Cisco Patches Another SD-WAN Zero-Day, the Sixth Exploited in 2026SecurityWeek · May 15, 2026
- Frequently asked questions about the continued exploitation of Cisco Catalyst SD-WAN vulnerabilities (CVE-2026-20182)Tenable Blog · May 15, 2026
- Maximum Severity Cisco SD-WAN Bug Exploited in the WildDark Reading · May 14, 2026