Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.8
Cisco SD-WAN Unrestricted Access to Sensitive Commands
Known exploited
CVE-2022-20775
CVE-2022-20775
Summary
An attacker with legitimate access to Cisco SD-WAN can misuse the command line to take control of the system. This could allow them to make changes to the network or access sensitive information. Update your Cisco SD-WAN software to the latest version to fix this issue.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| cisco | sd-wan | All versions | – |
| cisco | catalyst_sd-wan_manager | <= 20.6.3 | – |
| cisco | catalyst_sd-wan_manager | > 20.7 , <= 20.7.2 | – |
| cisco | catalyst_sd-wan_manager | 20.8 | – |
| cisco | sd-wan_vbond_orchestrator | <= 20.6.3 | – |
| cisco | sd-wan_vbond_orchestrator | > 20.7 , <= 20.7.2 | – |
| cisco | sd-wan_vbond_orchestrator | 20.8 | – |
| cisco | sd-wan_vedge_cloud | <= 20.6.3 | – |
| cisco | sd-wan_vedge_cloud | > 20.7 , <= 20.7.2 | – |
| cisco | sd-wan_vedge_cloud | 20.8 | – |
| cisco | sd-wan_vsmart_controller | <= 20.6.3 | – |
| cisco | sd-wan_vsmart_controller | > 20.7 , <= 20.7.2 | – |
| cisco | sd-wan_vsmart_controller | 20.8 | – |
| cisco | sd-wan | <= 20.6.3 | – |
| cisco | sd-wan | > 20.7 , <= 20.7.2 | – |
| cisco | sd-wan | 20.8 | – |
Original title
Cisco SD-WAN Path Traversal Vulnerability
Original description
Cisco SD-WAN CLI contains a path traversal vulnerability that could allow an authenticated local attacker to gain elevated privileges via improper access controls on commands within the application CLI. A successful exploit could allow the attacker to execute arbitrary commands as the root user.
Vulnerability type
CWE-25
CWE-22
Path Traversal
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/ci... Vendor Advisory
- https://github.com/orangecertcc/security-research/security/advisories/GHSA-wmjv-... Exploit Third Party Advisory
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-s... Vendor Advisory
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-... US Government Resource
Published: 25 Feb 2026 · Updated: 14 Mar 2026 · First seen: 6 Mar 2026