CVE-2020-3600Improper Privilege Management in Cisco Sd-wan

CWE-269Improper Privilege ManagementCWE-863Incorrect Authorization5 documents5 sources
Severity
7.8HIGHNVD
EPSS
0.1%
top 64.91%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Sd-wanCisco Sd-wan Solution
Timeline
PublishedNov 6
Latest updateMay 24

Description

A vulnerability in Cisco SD-WAN Software could allow an authenticated, local attacker to elevate privileges to root on the underlying operating system. The vulnerability is due to insufficient security controls on the CLI. An attacker could exploit this vulnerability by using an affected CLI utility that is running on an affected system. A successful exploit could allow the attacker to gain root privileges.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

NVDcisco/sd-wan20.320.3.2+1

Patches

Patch: tools.cisco.comPatch: tools.cisco.com

🔴Vulnerability Details

2
GHSA
GHSA-p222-vpcp-xw36: A vulnerability in Cisco SD-WAN Software could allow an authenticated, local attacker to elevate privileges to root on the underlying operating system2022-05-24
CVEList
Cisco SD-WAN Software Privilege Escalation Vulnerability2020-11-06

📋Vendor Advisories

1
Cisco
Cisco SD-WAN Software Privilege Escalation Vulnerability2020-11-04
CVE-2020-3600 — Improper Privilege Management in Cisco | cvebase