CVE-2022-20775 - Vulnerability Details

A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain elevated privileges.

This vulnerability is due to improper access controls on commands within the application CLI. An attacker could exploit this vulnerability by running a maliciously crafted command on the application CLI. A successful exploit could allow the attacker to execute arbitrary commands as the root user.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sd-wan-priv-E6e8tEdF

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is in the KEV database since yesterday.

The EPSS score is 0.00233.

Exploitation active

Automatable no

Technical Impact total

Vendors	Products
Cisco Subscribe	1100-4g Integrated Services Router Subscribe 1100-4p Integrated Services Router Subscribe 1100-6g Integrated Services Router Subscribe 1100-8p Integrated Services Router Subscribe 1100 Integrated Services Router Subscribe 1101-4p Integrated Services Router Subscribe 1101 Integrated Services Router Subscribe 1109-2p Integrated Services Router Subscribe 1109-4p Integrated Services Router Subscribe 1109 Integrated Services Router Subscribe 1111x-8p Integrated Services Router Subscribe 1111x Integrated Services Router Subscribe 111x Integrated Services Router Subscribe 1120 Integrated Services Router Subscribe 1131 Integrated Services Router Subscribe 1160 Integrated Services Router Subscribe 4000 Integrated Services Router Subscribe 4221 Integrated Services Router Subscribe 4321\/k9-rf Integrated Services Router Subscribe 4321\/k9-ws Integrated Services Router Subscribe 4321\/k9 Integrated Services Router Subscribe 4321 Integrated Services Router Subscribe 4331\/k9-rf Integrated Services Router Subscribe 4331\/k9-ws Integrated Services Router Subscribe 4331\/k9 Integrated Services Router Subscribe 4331 Integrated Services Router Subscribe 4351\/k9-rf Integrated Services Router Subscribe 4351\/k9-ws Integrated Services Router Subscribe 4351\/k9 Integrated Services Router Subscribe 4351 Integrated Services Router Subscribe 4431 Integrated Services Router Subscribe 4451-x Integrated Services Router Subscribe 4451 Integrated Services Router Subscribe 4461 Integrated Services Router Subscribe 8101-32fh Subscribe 8101-32h Subscribe 8102-64h Subscribe 8201 Subscribe 8201-32fh Subscribe 8202 Subscribe 8804 Subscribe 8808 Subscribe 8812 Subscribe 8818 Subscribe 8831 Subscribe Asr 1000 Subscribe Asr 1000-x Subscribe Asr 1001 Subscribe Asr 1001-hx Subscribe Asr 1001-hx R Subscribe Asr 1001-x Subscribe Asr 1001-x R Subscribe Asr 1002 Subscribe Asr 1002-hx Subscribe Asr 1002-hx R Subscribe Asr 1002-x Subscribe Asr 1002-x R Subscribe Asr 1004 Subscribe Asr 1006 Subscribe Asr 1006-x Subscribe Asr 1009-x Subscribe Asr 1013 Subscribe Asr 1023 Subscribe Catalyst 8000v Edge Subscribe Catalyst 8200 Subscribe Catalyst 8300 Subscribe Catalyst 8300-1n1s-4t2x Subscribe Catalyst 8300-1n1s-6t Subscribe Catalyst 8300-2n2s-4t2x Subscribe Catalyst 8300-2n2s-6t Subscribe Catalyst 8500 Subscribe Catalyst 8500-4qc Subscribe Catalyst 8500l Subscribe Catalyst 8510csr Subscribe Catalyst 8510msr Subscribe Catalyst 8540csr Subscribe Catalyst 8540msr Subscribe Catalyst Cg418-e Subscribe Catalyst Cg522-e Subscribe Catalyst Sd-wan Manager Subscribe Sd-wan Subscribe Sd-wan Vbond Orchestrator Subscribe Sd-wan Vsmart Controller Subscribe

Configuration 1 [-]

OR	cpe:2.3:a:cisco:catalyst_sd-wan_manager::::::::
	cpe:2.3:a:cisco:catalyst_sd-wan_manager::::::::
	cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.8:::::::*
	cpe:2.3:a:cisco:sd-wan_vbond_orchestrator::::::::
	cpe:2.3:a:cisco:sd-wan_vbond_orchestrator::::::::
	cpe:2.3:a:cisco:sd-wan_vbond_orchestrator:20.8:::::::*
	cpe:2.3:a:cisco:sd-wan_vsmart_controller::::::::
	cpe:2.3:a:cisco:sd-wan_vsmart_controller::::::::
	cpe:2.3:a:cisco:sd-wan_vsmart_controller:20.8:::::::*

Configuration 2 [-]

AND

OR	cpe:2.3:a:cisco:sd-wan::::::::
	cpe:2.3:a:cisco:sd-wan::::::::
	cpe:2.3:a:cisco:sd-wan:20.8:::::::*

OR	cpe:2.3:a:cisco:catalyst_8000v_edge:-:::::::*
	cpe:2.3:a:cisco:catalyst_cg418-e:-:::::::*
	cpe:2.3:a:cisco:catalyst_cg522-e:-:::::::*
	cpe:2.3:h:cisco:1100-4g_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:1100-4p_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:1100-6g_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:1100-8p_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:1100_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:1101-4p_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:1101_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:1109-2p_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:1109-4p_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:1109_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:1111x-8p_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:1111x_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:111x_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:1120_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:1131_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:1160_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:4000_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:4221_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:4321\/k9-rf_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:4321\/k9-ws_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:4321\/k9_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:4321_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:4331\/k9-rf_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:4331\/k9-ws_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:4331\/k9_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:4331_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:4351\/k9-rf_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:4351\/k9-ws_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:4351\/k9_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:4351_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:4431_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:4451-x_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:4451_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:4461_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:8101-32fh:-:::::::*
	cpe:2.3:h:cisco:8101-32h:-:::::::*
	cpe:2.3:h:cisco:8102-64h:-:::::::*
	cpe:2.3:h:cisco:8201:-:::::::*
	cpe:2.3:h:cisco:8201-32fh:-:::::::*
	cpe:2.3:h:cisco:8202:-:::::::*
	cpe:2.3:h:cisco:8804:-:::::::*
	cpe:2.3:h:cisco:8808:-:::::::*
	cpe:2.3:h:cisco:8812:-:::::::*
	cpe:2.3:h:cisco:8818:-:::::::*
	cpe:2.3:h:cisco:8831:-:::::::*
	cpe:2.3:h:cisco:asr_1000:-:::::::*
	cpe:2.3:h:cisco:asr_1000-x:-:::::::*
	cpe:2.3:h:cisco:asr_1001:-:::::::*
	cpe:2.3:h:cisco:asr_1001-hx:-:::::::*
	cpe:2.3:h:cisco:asr_1001-hx_r:-:::::::*
	cpe:2.3:h:cisco:asr_1001-x:-:::::::*
	cpe:2.3:h:cisco:asr_1001-x_r:-:::::::*
	cpe:2.3:h:cisco:asr_1002:-:::::::*
	cpe:2.3:h:cisco:asr_1002-hx:-:::::::*
	cpe:2.3:h:cisco:asr_1002-hx_r:-:::::::*
	cpe:2.3:h:cisco:asr_1002-x:-:::::::*
	cpe:2.3:h:cisco:asr_1002-x_r:-:::::::*
	cpe:2.3:h:cisco:asr_1004:-:::::::*
	cpe:2.3:h:cisco:asr_1006:-:::::::*
	cpe:2.3:h:cisco:asr_1006-x:-:::::::*
	cpe:2.3:h:cisco:asr_1009-x:-:::::::*
cpe:2.3:h:cisco:asr_1013:-:::::::*
cpe:2.3:h:cisco:asr_1023:-:::::::*
cpe:2.3:h:cisco:catalyst_8200:-:::::::*
cpe:2.3:h:cisco:catalyst_8300:-:::::::*
cpe:2.3:h:cisco:catalyst_8300-1n1s-4t2x:-:::::::*
cpe:2.3:h:cisco:catalyst_8300-1n1s-6t:-:::::::*
cpe:2.3:h:cisco:catalyst_8300-2n2s-4t2x:-:::::::*
cpe:2.3:h:cisco:catalyst_8300-2n2s-6t:-:::::::*
cpe:2.3:h:cisco:catalyst_8500:-:::::::*
cpe:2.3:h:cisco:catalyst_8500-4qc:-:::::::*
cpe:2.3:h:cisco:catalyst_8500l:-:::::::*
cpe:2.3:h:cisco:catalyst_8510csr:-:::::::*
cpe:2.3:h:cisco:catalyst_8510msr:-:::::::*
cpe:2.3:h:cisco:catalyst_8540csr:-:::::::*
cpe:2.3:h:cisco:catalyst_8540msr:-:::::::*

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2022-26025	Multiple vulnerabilities in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain elevated privileges. These vulnerabilities are due to improper access controls on commands within the application CLI. An attacker could exploit these vulnerabilities by running a malicious command on the application CLI. A successful exploit could allow the attacker to execute arbitrary commands as the root user.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://github.com/orangecertcc/security-research/security/advisories/GHSA-wmjv-552v-pxjc
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sd-wan-priv-E6e8tEdF
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sd-wan-priv-E6e8tEdF
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-20775

History

Wed, 25 Feb 2026 22:15:00 +0000

Type	Values Removed	Values Added
Metrics	ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`	ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'active', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Wed, 25 Feb 2026 21:00:00 +0000

Type	Values Removed	Values Added
Description	Multiple vulnerabilities in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain elevated privileges. These vulnerabilities are due to improper access controls on commands within the application CLI. An attacker could exploit these vulnerabilities by running a malicious command on the application CLI. A successful exploit could allow the attacker to execute arbitrary commands as the root user.	A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain elevated privileges. This vulnerability is due to improper access controls on commands within the application CLI. An attacker could exploit this vulnerability by running a maliciously crafted command on the application CLI. A successful exploit could allow the attacker to execute arbitrary commands as the root user. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sd-wan-priv-E6e8tEdF
Title	Cisco SD-WAN Software Privilege Escalation Vulnerabilities	Cisco SD-WAN Software Privilege Escalation Vulnerability
References		https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sd-wan-priv-E6e8tEdF

Wed, 25 Feb 2026 18:30:00 +0000

Type	Values Removed	Values Added
References		https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-20775

Wed, 25 Feb 2026 17:15:00 +0000

Type	Values Removed	Values Added
Metrics		kev `{'dateAdded': '2026-02-25T00:00:00+00:00', 'dueDate': '2026-02-27T00:00:00+00:00'}`

Wed, 06 Nov 2024 16:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: cisco

Published: 2022-09-30T18:45:26.687Z

Updated: 2026-02-25T20:36:57.019Z

Reserved: 2021-11-02T00:00:00.000Z

Link: CVE-2022-20775

Vulnrichment

Updated: 2024-08-03T02:24:49.634Z

NVD

Status : Undergoing Analysis

Published: 2022-09-30T19:15:11.467

Modified: 2026-02-25T21:16:22.597

Link: CVE-2022-20775

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation active

Automatable no

Technical Impact total

Affected Vendors & Products

Projects

JSON object

JSON object

JSON object

JSON object

JSON object