vulnerability

Cisco Catalyst SD-WAN: CVE-2022-20716: Cisco SD-WAN Solution Improper Access Control Vulnerability

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
7	(AV:L/AC:L/Au:N/C:C/I:C/A:C)	Apr 13, 2022	Jun 25, 2024	Aug 6, 2025

Severity

CVSS

(AV:L/AC:L/Au:N/C:C/I:C/A:C)

Published

Apr 13, 2022

Added

Jun 25, 2024

Modified

Aug 6, 2025

Description

A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain escalated privileges. This vulnerability is due to improper access control on files within the affected system. A local attacker could exploit this vulnerability by modifying certain files on the vulnerable device. If successful, the attacker could gain escalated privileges and take actions on the system with the privileges of the root user.

Solution

cisco-catalyst-sdwan-update-latest

References

CVE-2022-20716
https://attackerkb.com/topics/CVE-2022-20716
URL-https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sd-wan-file-access-VW36d28P
CISCO-cisco-sa-sd-wan-file-access-VW36d28P
CWE-284

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today