Cisco Catalyst SD-WAN Manager is vulnerable to a local privilege escalation flaw that allows authenticated users with minimal permissions to gain full root-level control over the underlying system.

This flaw exists within the underlying operating system management component of the SD-WAN Manager. It allows a local, authenticated attacker with low-level access to bypass security restrictions and elevate their privileges to root (superuser).

A successful exploit grants the attacker total control over the SD-WAN Manager, which is a central orchestration point for network infrastructure. This could lead to the interception of sensitive network traffic, unauthorized configuration changes, and complete compromise of the SD-WAN fabric. The CVSS score of 8.8 reflects the high severity of allowing a low-privileged user to achieve administrative dominance over a critical networking asset.

Immediate Action: Apply the security updates provided by Cisco immediately to all affected Catalyst SD-WAN Manager instances.

Proactive Monitoring: Audit local user accounts for unauthorized privilege changes and review system logs for unusual commands executed with root permissions.

Compensating Controls: Restrict local access to the SD-WAN Manager interface to only essential personnel using the principle of least privilege.

Public Exploit Available: false

This vulnerability represents a significant risk to organizational network integrity. Administrators must prioritize the deployment of vendor-supplied patches to prevent internal actors or compromised accounts from seizing control of the SD-WAN environment. Immediate remediation is the only effective way to mitigate this high-severity risk.