CVE-2020-3266Command Injection in Cisco Sd-wan Firmware

CWE-77Command InjectionCWE-78OS Command Injection4 documents4 sources
Severity
7.8HIGHNVD
EPSS
0.2%
top 60.78%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Sd-wan FirmwareCisco Sd-wan Solution
Timeline
PublishedMar 19
Latest updateMay 24

Description

A vulnerability in the CLI of Cisco SD-WAN Solution software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating to the device and submitting crafted input to the CLI utility. The attacker must be authenticated to access the CLI utility. A successful exploit could allow the attacker to execute commands with root pr

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

NVDcisco/sd-wan_firmware< 19.2.2

🔴Vulnerability Details

2
GHSA
GHSA-rm3p-cf5q-3f22: A vulnerability in the CLI of Cisco SD-WAN Solution software could allow an authenticated, local attacker to inject arbitrary commands that are execut2022-05-24
CVEList
Cisco SD-WAN Solution Command Injection Vulnerability2020-03-19

📋Vendor Advisories

1
Cisco
Cisco SD-WAN Solution Command Injection Vulnerability2020-03-18
CVE-2020-3266 — Command Injection in Cisco | cvebase