Impact
The vulnerability is caused by insufficient validation of user‑supplied input in the command‑line interface of Cisco Catalyst SD‑WAN products, a weakness identified as CWE‑116. An attacker who has local netadmin credentials can upload specially crafted file, allowing arbitrary command execution with root privileges. This privilege escalation can be used to alter the device connected edge devices, jeopardizing confidentiality, integrity, and availability.
Affected Systems
Affected components are Cisco Catalyst SD‑WAN Controller (formerly vSmart) and Cisco Catalyst SD‑WAN Manager (formerly vManage). The advisory cites the 20.12.7 release as vulnerable, as referenced by the CPE identifiers, and no other versions are confirmed. The SD‑WAN Validator (formerly vBond) is not listed in the provided vendor or CPE data, so it is not considered affected based on the supplied information.
Risk and Exploitability
The advisory assigns a CVSS score of 7.8, indicating high severity, and an EPSS score of 25%. The vulnerability is listed in the CISA KEV catalog. Exploitation requires authenticated, local netadmin access; no remote attack vectors or other methods have been reported. Without valid netadmin credentials, the risk to a system is low, but if an attacker gains such access, privilege escalation to root is possible and could compromise the entire SD‑WAN deployment.
OpenCVE Enrichment