Three vulnerabilities in the SD-WAN software of Cisco is now patched, two of which can cause root privilege escalation. Vulnerabilities are tracked as CVE-2020-3266, CVE-2020-3264, and CVE-2020-3265 with CVSS scores of 7.8, 7.1, and 7. According to Cisco’s statement, it can be exploited locally and attackers must have some form of authentication.
Arbitrary commands injection
The first vulnerability is due to insufficient input validation. CVE-2020-3266 vulnerability can be exploited by authenticating to the device and submitting crafted input to the CLI utility.
CVE-2020-3264 vulnerability is also due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted traffic to an affected device. A successful exploit could allow the attacker to gain access to information that they are not authorized to access and make changes to the system that they are not authorized to make.
CVE-2020-3265 is also due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted request to an affected system. A successful exploit could allow the attacker to gain root-level privileges. All vulnerabilities are patched by the latest software update.