Cisco Security Advisory - Cisco SD-WAN Software Privilege Escalation Vulnerability

Netwörkheäd · December 22, 2020, 06:07:18 AM

Cisco SD-WAN Software Privilege Escalation Vulnerability

A vulnerability in Cisco SD-WAN Software could allow an authenticated, local attacker to elevate privileges to root group on the underlying operating system.

The vulnerability is due to incorrect permissions being set when the affected command is executed. An attacker could exploit this vulnerability by executing the affected command on an affected system. A successful exploit could allow the attacker to gain root privileges.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vepegr-4xynYLUj

Security Impact Rating: High

CVE: CVE-2020-3595
Source: Cisco SD-WAN Software Privilege Escalation Vulnerability

deanwebb · December 22, 2020, 08:43:51 AM

Holy crap these just keep coming. Hope you're all set to get the Cisco kit upgraded pretty soon. Looks like we have an announcement for every one of their product lines.

wintermute000 · December 22, 2020, 03:39:43 PM

authenticated local attacker i.e. they need to legitimately get in first, not the worst IMO

At least patching this stuff is easy with vManage

TBH all SD-WAN vendors have these problems all the time

Cisco Security Advisory - Cisco SD-WAN Software Privilege Escalation Vulnerability

Netwörkheäd

deanwebb

wintermute000