Unrated severityNVD Advisory· Published Sep 30, 2022· Updated Feb 26, 2026

Cisco SD-WAN Software Privilege Escalation Vulnerabilities

CVE-2022-20818

Description

Multiple vulnerabilities in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain elevated privileges. These vulnerabilities are due to improper access controls on commands within the application CLI. An attacker could exploit these vulnerabilities by running a malicious command on the application CLI. A successful exploit could allow the attacker to execute arbitrary commands as the root user.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Cisco SD-WAN Software CLI contains multiple privilege escalation vulnerabilities allowing authenticated local attackers to execute arbitrary commands as root.

Vulnerability

Multiple vulnerabilities in the CLI of Cisco SD-WAN Software are due to improper access controls on commands within the application CLI. An authenticated local attacker can exploit these vulnerabilities by running a malicious command on the CLI. These vulnerabilities affect Cisco SD-WAN Software releases prior to the fixed versions provided in the advisory [1].

Exploitation

An attacker must have local access to the affected device and valid authentication credentials. The attacker then runs a crafted command on the application CLI. The improper access controls allow the command to execute with elevated privileges, resulting in arbitrary command execution as root. No additional user interaction is required [1].

Impact

Successful exploitation allows the attacker to execute arbitrary commands as the root user, leading to a full compromise of the affected device's confidentiality, integrity, and availability. The CVSS v3.1 base score is 7.8 (High) [1].

Mitigation

Cisco has released software updates to address these vulnerabilities. There are no workarounds available. Users are advised to upgrade to the fixed versions indicated in the Cisco Security Advisory [1].

References

Cisco Security Advisory: Cisco SD-WAN Software Privilege Escalation Vulnerabilities

AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Cisco Systems, Inc./SD-WAN Softwarellm-fuzzy
Cisco/Cisco SD-WAN Solutionv5
Range: n/a

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sd-wan-priv-E6e8tEdFmitrevendor-advisoryx_refsource_CISCO

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000