CVE-2022-20775Cisco SD-WAN Path Traversal Vulnerability

PUBLISHEDvulnerability record
2026-02-25 · last modified February 25, 2026

Metadata

CVE ID:
CVE-2022-20775
Project:
Cisco
Product:
SD-WAN
Date Added:
2026-02-25
Due Date:
2026-02-27
Last Updated:
February 25, 2026

Vulnerability Name

Cisco SD-WAN Path Traversal Vulnerability

Description

Cisco SD-WAN CLI contains a path traversal vulnerability that could allow an authenticated local attacker to gain elevated privileges via improper access controls on commands within the application CLI. A successful exploit could allow the attacker to execute arbitrary commands as the root user.

Known To Be Used in Ransomware Campaigns?

Ransomware Status:
Unknown

Action

Please adhere to CISA’s guidelines to assess exposure and mitigate risks associated with Cisco SD-WAN devices as outlines in CISA’s Emergency Directive 26-03 (URL listed below in Notes) and CISA’s “Hunt & Hardening Guidance for Cisco SD-WAN Devices (URL listed below in Notes). Adhere to the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available.

Additional Notes

Related News Articles

Related Weaknesses