CISA has added CVE-2022-20775, the Cisco SD-WAN Path Traversal Vulnerability, to its Known Exploited Vulnerabilities catalogue; the flaw affects Cisco SD‑WAN and allows an authenticated local attacker to bypass CLI access controls to gain elevated privileges and execute arbitrary commands as root.
The vulnerability is a path traversal flaw in the Cisco SD‑WAN command-line interface that stems from improper access controls on CLI commands; the attack requires an authenticated local user and can result in arbitrary command execution with root privileges. The CVSS v3.1 base score is 7.8 (HIGH). Cisco has released a patch and published an advisory.
CISA’s KEV listing indicates active exploitation has been confirmed. Known use in ransomware campaigns is unknown. CISA sets the remediation due date as 27 February 2026.
Please adhere to CISA’s guidelines to assess exposure and mitigate risks associated with Cisco SD‑WAN devices as outlined in CISA’s Emergency Directive 26‑03 (URL listed below in Notes) and CISA’s “Hunt & Hardening Guidance for Cisco SD‑WAN Devices (URL listed below in Notes). Adhere to the applicable BOD 22‑01 guidance for cloud services or discontinue use of the product if mitigations are not available.
These actions are mandatory for Federal Civilian Executive Branch (FCEB) agencies; all organisations should review their exposure, apply Cisco’s patch where available, and implement CISA’s mitigations immediately.
For full technical and procedural details, see the NVD entry at https://nvd.nist.gov/vuln/detail/CVE-2022-20775 and the CISA Known Exploited Vulnerabilities catalogue.