Cisco SD-WAN Software Privilege Escalation VulnerabilityA vulnerability in Cisco SD-WAN Software could allow an authenticated, local attacker to elevate privileges to root group on the underlying operating system.
The vulnerability is due to incorrect permissions being set when the affected command is executed. An attacker could exploit this vulnerability by executing the affected command on an affected system. A successful exploit could allow the attacker to gain root privileges.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vepegr-4xynYLUj
Security Impact Rating: High
CVE: CVE-2020-3595
Source: Cisco SD-WAN Software Privilege Escalation Vulnerability (https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vepegr-4xynYLUj?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20SD-WAN%20Software%20Privilege%20Escalation%20Vulnerability&vs_k=1)
Holy crap these just keep coming. Hope you're all set to get the Cisco kit upgraded pretty soon. Looks like we have an announcement for every one of their product lines.
authenticated local attacker i.e. they need to legitimately get in first, not the worst IMO
At least patching this stuff is easy with vManage
TBH all SD-WAN vendors have these problems all the time