CVE-2022-20775

CISA KEV

Published February 25, 2026 · Updated April 3, 2026

high

What This Means

**CVE-2022-20775: Cisco SD-WAN Privilege Escalation** An authenticated local attacker can exploit improper access controls in Cisco SD-WAN's CLI to traverse the filesystem and execute arbitrary commands with root privileges. This affects all Cisco SD-WAN deployments where local shell access is permitted on edge devices or controllers. Patch immediately using Cisco's advisory; restrict local CLI access to trusted administrators only and monitor for suspicious command execution in SD-WAN device logs.

Official Description+

Cisco SD-WAN CLI contains a path traversal vulnerability that could allow an authenticated local attacker to gain elevated privileges via improper access controls on commands within the application CLI. A successful exploit could allow the attacker to execute arbitrary commands as the root user.

Affected Products

Vendor	Product
Cisco	SD-WAN

Patch Status

Patch by 2026-02-27

Recommended Actions

Check if your systems use any of the affected products listed above.
Apply vendor patches immediately if available.
This vulnerability is in CISA's Known Exploited Vulnerabilities catalog — prioritize remediation.
Monitor vendor advisories for updates and additional mitigations.
Review logs for indicators of compromise related to CVE-2022-20775.

Related Coverage

Vvulnerability

CVE-2022-20775: Cisco SD-WAN CLI Path Traversal Enables Root-Level Privilege Escalation

CVE-2022-20775 is a path traversal vulnerability in Cisco SD-WAN's CLI that allows an authenticated local attacker to bypass access controls and execute arbitrary commands as root. The flaw affects Cisco SD-WAN deployments and carries a CISA KEV remediation deadline of February 27, 2026 for federal agencies. Administrators should apply Cisco's official patches immediately and restrict CLI access to trusted accounts as an interim control.

CISA KEV·37d ago·3 min read