Action not permitted
Modal body text goes here.
Modal Title
Modal Body
NCSC-2026-0071
Vulnerability from csaf_ncscnl - Published: 2026-02-25 17:11 - Updated: 2026-03-06 12:07Summary
Kwetsbaarheden verholpen in Cisco Catalyst SD-WAN Manager
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten
Cisco heeft meerdere kwetsbaarheden verholpen in de Cisco Catalyst SD-WAN Manager.
Interpretaties
De kwetsbaarheden bevinden zich in de peering authenticatiemechanismen van de Cisco Catalyst SD-WAN Controller en Manager producten. Deze kwetsbaarheden stellen een niet-geauthenticeerde externe aanvaller in staat om het authenticatieproces te omzeilen, waardoor administratieve privileges op de getroffen systemen kunnen worden verkregen. Daarnaast kunnen aanvallers root-level privileges verkrijgen, wat kan leiden tot ongeautoriseerde toegang tot gevoelige informatie en de mogelijkheid om willekeurige bestanden te overschrijven, wat kan resulteren in verdere exploitatie of systeeminstabiliteit.
De meest ernstige kwetsbaarheid, met kenmerk CVE-2026-20127, kan door een ongeauthenticeerde kwaadwillende worden misbruikt om op afstand willekeurige code uit te voeren met hoge administratieve rechten. Cisco geeft aan dat actief misbruik van deze kwetsbaarheid bekend is.
Na misbruik van deze kwetsbaarheid zou de kwaadwillende de kwetsbaarheid met kenmerk CVE-2022-20775 gebruiken om de rechten te escaleren tot root. Dit doet de actor door het systeem te downgraden naar een versie waarin CVE-2022-20775 niet verholpen is, de rechten middels deze kwetsbaarheid te verhogen naar root en vervolgens het systeem weer terug te zetten in de oorspronkelijke versie.
Er is publieke Proof-of-Concept-code (PoC) verschenen die de kwetsbaarheid met kenmerk CVE-2026-20127 aantoont en mogelijk misbruikt. De kans op grootschalig misbruik neemt hierdoor toe en het NCSC verwacht een significante toename in scan- en misbruikverkeer. Het NCSC adviseert met klem de update zo spoedig mogelijk te installeren.
Ook van de kwetsbaarheden met kenmerk CVE-2026-20122 en CVE-2026-20128 meldt Cisco berichten te ontvangen dat deze actief worden misbruikt. Voor deze kwetsbaarheden is (nog) geen publieke Proof-of-Concept-code of exploit beschikbaar.
Oplossingen
Cisco heeft updates uitgebracht om de kwetsbaarheden te verhelpen. In een blog geeft Talos informatie over het bekende misbruik en is er een validatie checklist beschikbaar gesteld met uitleg hoe deze kan worden toegepast. Zie bijgevoegde referenties voor meer informatie.
Kans
high
Schade
high
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE-257
Storing Passwords in a Recoverable Format
CWE-287
Improper Authentication
CWE-648
Incorrect Use of Privileged APIs
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE"
}
},
"lang": "nl",
"notes": [
{
"category": "legal_disclaimer",
"text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
},
{
"category": "description",
"text": "Cisco heeft meerdere kwetsbaarheden verholpen in de Cisco Catalyst SD-WAN Manager.",
"title": "Feiten"
},
{
"category": "description",
"text": "De kwetsbaarheden bevinden zich in de peering authenticatiemechanismen van de Cisco Catalyst SD-WAN Controller en Manager producten. Deze kwetsbaarheden stellen een niet-geauthenticeerde externe aanvaller in staat om het authenticatieproces te omzeilen, waardoor administratieve privileges op de getroffen systemen kunnen worden verkregen. Daarnaast kunnen aanvallers root-level privileges verkrijgen, wat kan leiden tot ongeautoriseerde toegang tot gevoelige informatie en de mogelijkheid om willekeurige bestanden te overschrijven, wat kan resulteren in verdere exploitatie of systeeminstabiliteit.\n\nDe meest ernstige kwetsbaarheid, met kenmerk CVE-2026-20127, kan door een ongeauthenticeerde kwaadwillende worden misbruikt om op afstand willekeurige code uit te voeren met hoge administratieve rechten. Cisco geeft aan dat actief misbruik van deze kwetsbaarheid bekend is.\n\nNa misbruik van deze kwetsbaarheid zou de kwaadwillende de kwetsbaarheid met kenmerk CVE-2022-20775 gebruiken om de rechten te escaleren tot root. Dit doet de actor door het systeem te downgraden naar een versie waarin CVE-2022-20775 niet verholpen is, de rechten middels deze kwetsbaarheid te verhogen naar root en vervolgens het systeem weer terug te zetten in de oorspronkelijke versie.\n\nEr is publieke Proof-of-Concept-code (PoC) verschenen die de kwetsbaarheid met kenmerk CVE-2026-20127 aantoont en mogelijk misbruikt. De kans op grootschalig misbruik neemt hierdoor toe en het NCSC verwacht een significante toename in scan- en misbruikverkeer. Het NCSC adviseert met klem de update zo spoedig mogelijk te installeren.\n\nOok van de kwetsbaarheden met kenmerk CVE-2026-20122 en CVE-2026-20128 meldt Cisco berichten te ontvangen dat deze actief worden misbruikt. Voor deze kwetsbaarheden is (nog) geen publieke Proof-of-Concept-code of exploit beschikbaar.",
"title": "Interpretaties"
},
{
"category": "description",
"text": "Cisco heeft updates uitgebracht om de kwetsbaarheden te verhelpen. In een blog geeft Talos informatie over het bekende misbruik en is er een validatie checklist beschikbaar gesteld met uitleg hoe deze kan worden toegepast. Zie bijgevoegde referenties voor meer informatie.",
"title": "Oplossingen"
},
{
"category": "general",
"text": "high",
"title": "Kans"
},
{
"category": "general",
"text": "high",
"title": "Schade"
},
{
"category": "general",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
},
{
"category": "general",
"text": "Storing Passwords in a Recoverable Format",
"title": "CWE-257"
},
{
"category": "general",
"text": "Improper Authentication",
"title": "CWE-287"
},
{
"category": "general",
"text": "Incorrect Use of Privileged APIs",
"title": "CWE-648"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "cert@ncsc.nl",
"name": "Nationaal Cyber Security Centrum",
"namespace": "https://www.ncsc.nl/"
},
"references": [
{
"category": "external",
"summary": "Reference",
"url": "https://blog.talosintelligence.com/uat-8616-sd-wan"
},
{
"category": "external",
"summary": "Reference",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-authbp-qwCX8D4v"
},
{
"category": "external",
"summary": "Reference",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-rpa-EHchtZk"
}
],
"title": "Kwetsbaarheden verholpen in Cisco Catalyst SD-WAN Manager",
"tracking": {
"current_release_date": "2026-03-06T12:07:02.595940Z",
"generator": {
"date": "2025-08-04T16:30:00Z",
"engine": {
"name": "V.A.",
"version": "1.3"
}
},
"id": "NCSC-2026-0071",
"initial_release_date": "2026-02-25T17:11:09.013125Z",
"revision_history": [
{
"date": "2026-02-25T17:11:09.013125Z",
"number": "1.0.0",
"summary": "Initiele versie"
},
{
"date": "2026-03-06T07:24:19.834138Z",
"number": "1.0.1",
"summary": "Inmiddels is Proof-of-Concept-Code (PoC) verschenen die de kwetsbaarheid aantoont. "
},
{
"date": "2026-03-06T12:07:02.595940Z",
"number": "1.0.2",
"summary": "Ook de kwetsbaarheden met kenmerk CVE-2026-20122 en CVE-2026-20128 worden actief misbruikt volgens Cisco."
}
],
"status": "final",
"version": "1.0.2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-1"
}
}
],
"category": "product_name",
"name": "Catalyst SD-WAN Manager"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-2"
}
}
],
"category": "product_name",
"name": "Cisco Catalyst SD-WAN"
}
],
"category": "vendor",
"name": "Cisco"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-20122",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "other",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
},
{
"category": "other",
"text": "Storing Passwords in a Recoverable Format",
"title": "CWE-257"
},
{
"category": "other",
"text": "Improper Authentication",
"title": "CWE-287"
},
{
"category": "other",
"text": "Incorrect Use of Privileged APIs",
"title": "CWE-648"
},
{
"category": "description",
"text": "Multiple vulnerabilities in Cisco Catalyst SD-WAN Manager APIs allow authenticated users with read-only credentials to overwrite arbitrary files and escalate privileges to root, compromising system integrity and sensitive information.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20122 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20122.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2"
]
}
],
"title": "CVE-2026-20122"
},
{
"cve": "CVE-2026-20126",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "other",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
},
{
"category": "other",
"text": "Storing Passwords in a Recoverable Format",
"title": "CWE-257"
},
{
"category": "other",
"text": "Improper Authentication",
"title": "CWE-287"
},
{
"category": "other",
"text": "Incorrect Use of Privileged APIs",
"title": "CWE-648"
},
{
"category": "description",
"text": "Multiple vulnerabilities in Cisco Catalyst SD-WAN Manager\u0027s REST API allow authenticated local attackers with low privileges to escalate to root, access sensitive information, and overwrite arbitrary files on the underlying system.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20126 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20126.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2"
]
}
],
"title": "CVE-2026-20126"
},
{
"cve": "CVE-2026-20127",
"cwe": {
"id": "CWE-287",
"name": "Improper Authentication"
},
"notes": [
{
"category": "other",
"text": "Improper Authentication",
"title": "CWE-287"
},
{
"category": "description",
"text": "Cisco Catalyst SD-WAN Controller and Manager have a peering authentication vulnerability allowing unauthenticated remote attackers to bypass authentication and gain administrative access to manipulate network configurations via NETCONF.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20127 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20127.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2"
]
}
],
"title": "CVE-2026-20127"
},
{
"cve": "CVE-2026-20128",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "other",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
},
{
"category": "other",
"text": "Storing Passwords in a Recoverable Format",
"title": "CWE-257"
},
{
"category": "other",
"text": "Improper Authentication",
"title": "CWE-287"
},
{
"category": "other",
"text": "Incorrect Use of Privileged APIs",
"title": "CWE-648"
},
{
"category": "description",
"text": "Multiple vulnerabilities in Cisco Catalyst SD-WAN Manager, including a local privilege escalation via credential file access in versions prior to 20.18, allow authenticated users to gain elevated privileges and access sensitive data.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20128 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20128.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2"
]
}
],
"title": "CVE-2026-20128"
},
{
"cve": "CVE-2026-20129",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "other",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
},
{
"category": "other",
"text": "Storing Passwords in a Recoverable Format",
"title": "CWE-257"
},
{
"category": "other",
"text": "Improper Authentication",
"title": "CWE-287"
},
{
"category": "other",
"text": "Incorrect Use of Privileged APIs",
"title": "CWE-648"
},
{
"category": "description",
"text": "Multiple vulnerabilities in Cisco Catalyst SD-WAN Manager, including an API user authentication flaw, allow unauthenticated remote attackers to gain netadmin-level access, escalate privileges to root, access sensitive data, and overwrite arbitrary files in versions prior to 20.18.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20129 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20129.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2"
]
}
],
"title": "CVE-2026-20129"
},
{
"cve": "CVE-2026-20133",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "other",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
},
{
"category": "other",
"text": "Storing Passwords in a Recoverable Format",
"title": "CWE-257"
},
{
"category": "other",
"text": "Improper Authentication",
"title": "CWE-287"
},
{
"category": "other",
"text": "Incorrect Use of Privileged APIs",
"title": "CWE-648"
},
{
"category": "description",
"text": "Multiple vulnerabilities in Cisco Catalyst SD-WAN Manager allow unauthenticated remote attackers to access sensitive information, escalate privileges to root, and overwrite arbitrary files via insufficient file system access restrictions in the system\u0027s API.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20133 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20133.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2"
]
}
],
"title": "CVE-2026-20133"
}
]
}
CVE-2026-20133 (GCVE-0-2026-20133)
Vulnerability from cvelistv5 – Published: 2026-02-25 16:13 – Updated: 2026-02-25 19:05
VLAI?
EPSS
Title
Cisco Catalyst SD-WAN Manager Information Disclosure Vulnerability
Summary
A vulnerability in Cisco Catalyst SD-WAN Manager could allow an unauthenticated, remote attacker to view sensitive information on an affected system.
This vulnerability is due to insufficient file system access restrictions. An attacker could exploit this vulnerability by accessing the API of an affected system. A successful exploit could allow the attacker to read sensitive information on the underlying operating system.
Severity ?
6.5 (Medium)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Catalyst SD-WAN Manager |
Affected:
20.1.12
Affected: 19.2.1 Affected: 18.4.4 Affected: 18.4.5 Affected: 20.1.1.1 Affected: 20.1.1 Affected: 19.3.0 Affected: 19.2.2 Affected: 19.2.099 Affected: 18.3.6 Affected: 18.3.7 Affected: 19.2.0 Affected: 18.3.8 Affected: 19.0.0 Affected: 19.1.0 Affected: 18.4.302 Affected: 18.4.303 Affected: 19.2.097 Affected: 19.2.098 Affected: 17.2.10 Affected: 18.3.6.1 Affected: 19.0.1a Affected: 18.2.0 Affected: 18.4.3 Affected: 18.4.1 Affected: 17.2.8 Affected: 18.3.3.1 Affected: 18.4.0 Affected: 18.3.1 Affected: 17.2.6 Affected: 17.2.9 Affected: 18.3.4 Affected: 17.2.5 Affected: 18.3.1.1 Affected: 18.3.5 Affected: 18.4.0.1 Affected: 18.3.3 Affected: 17.2.7 Affected: 17.2.4 Affected: 18.3.0 Affected: 19.2.3 Affected: 18.4.501_ES Affected: 20.3.1 Affected: 20.1.2 Affected: 19.2.929 Affected: 19.2.31 Affected: 20.3.2 Affected: 19.2.32 Affected: 20.3.2_925 Affected: 20.3.2.1 Affected: 20.3.2.1_927 Affected: 18.4.6 Affected: 20.1.2_937 Affected: 20.4.1 Affected: 20.3.2_928 Affected: 20.3.2_929 Affected: 20.4.1.0.1 Affected: 20.3.2.1_930 Affected: 19.2.4 Affected: 20.5.0.1.1 Affected: 20.4.1.1 Affected: 20.3.3 Affected: 19.2.4.0.1 Affected: 20.3.2_937 Affected: 20.3.3.1 Affected: 20.5.1 Affected: 20.1.3 Affected: 20.3.3.0.4 Affected: 20.3.3.1.2 Affected: 20.3.3.1.1 Affected: 20.4.1.2 Affected: 20.3.3.0.2 Affected: 20.4.1.1.5 Affected: 20.4.1.0.01 Affected: 20.4.1.0.02 Affected: 20.3.3.1.7 Affected: 20.3.3.1.5 Affected: 20.5.1.0.1 Affected: 20.3.3.1.10 Affected: 20.3.3.0.8 Affected: 20.4.2 Affected: 20.4.2.0.1 Affected: 20.3.4 Affected: 20.3.3.0.14 Affected: 19.2.4.0.8 Affected: 19.2.4.0.9 Affected: 20.3.4.0.1 Affected: 20.3.2.0.5 Affected: 20.6.1 Affected: 20.5.1.0.2 Affected: 20.3.3.0.17 Affected: 20.6.1.1 Affected: 20.6.0.18.3 Affected: 20.3.2.0.6 Affected: 20.6.0.18.4 Affected: 20.4.2.0.2 Affected: 20.3.3.0.16 Affected: 20.3.4.0.5 Affected: 20.6.1.0.1 Affected: 20.3.4.0.6 Affected: 20.6.2 Affected: 20.7.1EFT2 Affected: 20.3.4.0.9 Affected: 20.3.4.0.11 Affected: 20.4.2.0.4 Affected: 20.3.3.0.18 Affected: 20.7.1 Affected: 20.6.2.1 Affected: 20.3.4.1 Affected: 20.5.1.1 Affected: 20.4.2.1 Affected: 20.4.2.1.1 Affected: 20.3.4.1.1 Affected: 20.3.813 Affected: 20.3.4.0.19 Affected: 20.4.2.2.1 Affected: 20.5.1.2 Affected: 20.3.4.2 Affected: 20.3.814 Affected: 20.4.2.2 Affected: 20.6.2.2 Affected: 20.3.4.2.1 Affected: 20.7.1.1 Affected: 20.3.4.1.2 Affected: 20.6.2.2.2 Affected: 20.3.4.0.20 Affected: 20.6.2.2.3 Affected: 20.4.2.2.2 Affected: 20.3.5 Affected: 20.6.2.0.4 Affected: 20.4.2.2.3 Affected: 20.3.4.0.24 Affected: 20.6.2.2.7 Affected: 20.6.3 Affected: 20.3.4.2.2 Affected: 20.4.2.2.4 Affected: 20.7.1.0.2 Affected: 20.8.1 Affected: 20.3.5.0.8 Affected: 20.3.5.0.9 Affected: 20.4.2.2.8 Affected: 20.3.5.0.7 Affected: 20.6.3.0.7 Affected: 20.6.3.0.5 Affected: 20.6.3.0.10 Affected: 20.6.3.0.2 Affected: 20.7.2 Affected: 20.9.1EFT2 Affected: 20.6.3.0.11 Affected: 20.6.3.1 Affected: 20.6.3.0.14 Affected: 20.6.4 Affected: 20.9.1 Affected: 20.6.3.0.19 Affected: 20.6.3.0.18 Affected: 20.3.6 Affected: 20.9.1.1 Affected: 20.6.3.0.23 Affected: 20.6.4.0.4 Affected: 20.6.3.0.25 Affected: 20.6.5 Affected: 20.6.3.0.27 Affected: 20.9.2 Affected: 20.9.2.1 Affected: 20.6.3.0.29 Affected: 20.6.3.0.31 Affected: 20.6.3.0.32 Affected: 20.10.1 Affected: 20.6.3.0.33 Affected: 20.9.2.0.01 Affected: 20.9.1_LI_Images Affected: 20.10.1_LI_Images Affected: 20.9.2_LI_Images Affected: 20.3.7 Affected: 20.9.3 Affected: 20.6.5.1 Affected: 20.11.1 Affected: 20.11.1_LI_Images Affected: 20.9.3_LI_ Images Affected: 20.6.3.1.1 Affected: 20.9.3.0.2 Affected: 20.6.5.1.2 Affected: 20.9.3.0.3 Affected: 20.4.2.3 Affected: 20.6.3.2 Affected: 20.6.4.1 Affected: 20.6.3.0.38 Affected: 20.6.3.0.39 Affected: 20.3.5.1 Affected: 20.3.4.3 Affected: 20.9.3.1 Affected: 20.3.3.2 Affected: 20.6.5.2 Affected: 20.3.7.1 Affected: 20.10.1.1 Affected: 20.6.5.2.1 Affected: 20.3.4.0.25 Affected: 20.6.2.2.4 Affected: 20.6.1.2 Affected: 20.11.1.1 Affected: 20.9.3.0.5 Affected: 20.3.4.0.26 Affected: 20.6.5.1.3 Affected: 20.6.3.0.40 Affected: 20.1.3.1 Affected: 20.9.2.2 Affected: 20.6.5.2.3 Affected: 20.6.5.1.4 Affected: 20.6.5.3 Affected: 20.6.3.0.41 Affected: 20.9.3.0.7 Affected: 20.6.5.1.5 Affected: 20.9.3.0.4 Affected: 20.6.4.0.19 Affected: 20.6.5.1.6 Affected: 20.9.3.0.8 Affected: 20.6.3.3 Affected: 20.3.7.2 Affected: 20.6.5.4 Affected: 20.6.5.1.7 Affected: 20.9.3.0.12 Affected: 20.6.4.2 Affected: 20.6.5.5 Affected: 20.9.3.2 Affected: 20.11.1.2 Affected: 20.6.3.4 Affected: 20.10.1.2 Affected: 20.6.5.1.9 Affected: 20.9.3.0.16 Affected: 20.6.3.0.45 Affected: 20.6.5.1.10 Affected: 20.9.3.0.17 Affected: 20.6.5.2.4 Affected: 20.6.4.0.21 Affected: 20.9.3.0.18 Affected: 20.6.3.0.46 Affected: 20.6.3.0.47 Affected: 20.9.2.3 Affected: 20.9.3.2_LI_Images Affected: 20.9.3.0.21 Affected: 20.9.3.0.20 Affected: 20.9.4_LI_Images Affected: 20.9.4 Affected: 20.6.5.1.11 Affected: 20.12.1 Affected: 20.12.1_LI_Images Affected: 20.6.5.1.13 Affected: 20.9.3.0.23 Affected: 20.6.5.2.8 Affected: 20.9.4.1 Affected: 20.9.4.1_LI_Images Affected: 20.9.3.0.25 Affected: 20.9.3.0.24 Affected: 20.6.5.1.14 Affected: 20.3.8 Affected: 20.6.6 Affected: 20.9.3.0.26 Affected: 20.6.3.0.51 Affected: 20.9.3.0.29 Affected: 20.12.2 Affected: 20.12.2_LI_Images Affected: 20.6.6.0.1 Affected: 20.13.1_LI_Images Affected: 20.9.4.0.4 Affected: 20.13.1 Affected: 20.9.4.1.1 Affected: 20.9.5 Affected: 20.9.5_LI_Images Affected: 20.12.3_LI_Images Affected: 20.12.3 Affected: 20.9.4.1.3 Affected: 20.6.7 Affected: 20.9.5.1 Affected: 20.9.5.1_LI_Images Affected: 20.9.4.1.6 Affected: 20.14.1 Affected: 20.14.1_LI_Images Affected: 20.9.5.2 Affected: 20.9.5.2.1 Affected: 20.9.5.2_LI_Images Affected: 20.12.3.1 Affected: 20.12.4 Affected: 20.15.1_LI_Images Affected: 20.15.1 Affected: 20.9.5.1.4 Affected: 20.9.5.2.7 Affected: 20.9.5.2.13 Affected: 20.9.6 Affected: 20.9.6_LI_Images Affected: 20.9.5.2.14 Affected: 20.6.8 Affected: 20.12.4.0.03 Affected: 20.16.1 Affected: 20.16.1_LI_Images Affected: 20.12.4_LI_Images Affected: 20.9.5.2.16 Affected: 20.12.4.0.4 Affected: 20.12.401 Affected: 20.9.5.3 Affected: 20.9.5.3_LI_Images Affected: 20.12.4.1_LI_Images Affected: 20.12.4.1 Affected: 20.9.5.2.21 Affected: 20.9.6.0.3 Affected: 20.12.4.0.6 Affected: 20.15.2_LI_Images Affected: 20.15.2 Affected: 20.12.4_Monthly_ES5 Affected: 20.12.5 Affected: 20.12.5_LI_Images Affected: 20.9.7_LI _Images Affected: 20.9.7 Affected: 20.15.3 Affected: 20.15.3_ LI _Images Affected: 20.12.501 Affected: 20.12.5.1_LI_Images Affected: 20.12.5.1 Affected: 20.12.5.2_LI_Images Affected: 20.12.5.2 Affected: 20.15.3.1 Affected: 20.15.4_LI_Images Affected: 20.15.4 Affected: 20.9.7.1_LI _Images Affected: 20.9.7.1 Affected: 20.18.1 Affected: 20.18.1_LI_Images Affected: 20.12.6_LI_Images Affected: 20.12.6 Affected: 20.12.5.1.01 Affected: 20.9.8 Affected: 20.9.8_LI_Images Affected: 20.18.2 Affected: 20.15.4.1_LI_Images Affected: 20.15.4.1 Affected: 20.18.2_LI_Images |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-20133",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-25T18:19:48.904068Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-25T19:05:52.915Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco Catalyst SD-WAN Manager",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "20.1.12"
},
{
"status": "affected",
"version": "19.2.1"
},
{
"status": "affected",
"version": "18.4.4"
},
{
"status": "affected",
"version": "18.4.5"
},
{
"status": "affected",
"version": "20.1.1.1"
},
{
"status": "affected",
"version": "20.1.1"
},
{
"status": "affected",
"version": "19.3.0"
},
{
"status": "affected",
"version": "19.2.2"
},
{
"status": "affected",
"version": "19.2.099"
},
{
"status": "affected",
"version": "18.3.6"
},
{
"status": "affected",
"version": "18.3.7"
},
{
"status": "affected",
"version": "19.2.0"
},
{
"status": "affected",
"version": "18.3.8"
},
{
"status": "affected",
"version": "19.0.0"
},
{
"status": "affected",
"version": "19.1.0"
},
{
"status": "affected",
"version": "18.4.302"
},
{
"status": "affected",
"version": "18.4.303"
},
{
"status": "affected",
"version": "19.2.097"
},
{
"status": "affected",
"version": "19.2.098"
},
{
"status": "affected",
"version": "17.2.10"
},
{
"status": "affected",
"version": "18.3.6.1"
},
{
"status": "affected",
"version": "19.0.1a"
},
{
"status": "affected",
"version": "18.2.0"
},
{
"status": "affected",
"version": "18.4.3"
},
{
"status": "affected",
"version": "18.4.1"
},
{
"status": "affected",
"version": "17.2.8"
},
{
"status": "affected",
"version": "18.3.3.1"
},
{
"status": "affected",
"version": "18.4.0"
},
{
"status": "affected",
"version": "18.3.1"
},
{
"status": "affected",
"version": "17.2.6"
},
{
"status": "affected",
"version": "17.2.9"
},
{
"status": "affected",
"version": "18.3.4"
},
{
"status": "affected",
"version": "17.2.5"
},
{
"status": "affected",
"version": "18.3.1.1"
},
{
"status": "affected",
"version": "18.3.5"
},
{
"status": "affected",
"version": "18.4.0.1"
},
{
"status": "affected",
"version": "18.3.3"
},
{
"status": "affected",
"version": "17.2.7"
},
{
"status": "affected",
"version": "17.2.4"
},
{
"status": "affected",
"version": "18.3.0"
},
{
"status": "affected",
"version": "19.2.3"
},
{
"status": "affected",
"version": "18.4.501_ES"
},
{
"status": "affected",
"version": "20.3.1"
},
{
"status": "affected",
"version": "20.1.2"
},
{
"status": "affected",
"version": "19.2.929"
},
{
"status": "affected",
"version": "19.2.31"
},
{
"status": "affected",
"version": "20.3.2"
},
{
"status": "affected",
"version": "19.2.32"
},
{
"status": "affected",
"version": "20.3.2_925"
},
{
"status": "affected",
"version": "20.3.2.1"
},
{
"status": "affected",
"version": "20.3.2.1_927"
},
{
"status": "affected",
"version": "18.4.6"
},
{
"status": "affected",
"version": "20.1.2_937"
},
{
"status": "affected",
"version": "20.4.1"
},
{
"status": "affected",
"version": "20.3.2_928"
},
{
"status": "affected",
"version": "20.3.2_929"
},
{
"status": "affected",
"version": "20.4.1.0.1"
},
{
"status": "affected",
"version": "20.3.2.1_930"
},
{
"status": "affected",
"version": "19.2.4"
},
{
"status": "affected",
"version": "20.5.0.1.1"
},
{
"status": "affected",
"version": "20.4.1.1"
},
{
"status": "affected",
"version": "20.3.3"
},
{
"status": "affected",
"version": "19.2.4.0.1"
},
{
"status": "affected",
"version": "20.3.2_937"
},
{
"status": "affected",
"version": "20.3.3.1"
},
{
"status": "affected",
"version": "20.5.1"
},
{
"status": "affected",
"version": "20.1.3"
},
{
"status": "affected",
"version": "20.3.3.0.4"
},
{
"status": "affected",
"version": "20.3.3.1.2"
},
{
"status": "affected",
"version": "20.3.3.1.1"
},
{
"status": "affected",
"version": "20.4.1.2"
},
{
"status": "affected",
"version": "20.3.3.0.2"
},
{
"status": "affected",
"version": "20.4.1.1.5"
},
{
"status": "affected",
"version": "20.4.1.0.01"
},
{
"status": "affected",
"version": "20.4.1.0.02"
},
{
"status": "affected",
"version": "20.3.3.1.7"
},
{
"status": "affected",
"version": "20.3.3.1.5"
},
{
"status": "affected",
"version": "20.5.1.0.1"
},
{
"status": "affected",
"version": "20.3.3.1.10"
},
{
"status": "affected",
"version": "20.3.3.0.8"
},
{
"status": "affected",
"version": "20.4.2"
},
{
"status": "affected",
"version": "20.4.2.0.1"
},
{
"status": "affected",
"version": "20.3.4"
},
{
"status": "affected",
"version": "20.3.3.0.14"
},
{
"status": "affected",
"version": "19.2.4.0.8"
},
{
"status": "affected",
"version": "19.2.4.0.9"
},
{
"status": "affected",
"version": "20.3.4.0.1"
},
{
"status": "affected",
"version": "20.3.2.0.5"
},
{
"status": "affected",
"version": "20.6.1"
},
{
"status": "affected",
"version": "20.5.1.0.2"
},
{
"status": "affected",
"version": "20.3.3.0.17"
},
{
"status": "affected",
"version": "20.6.1.1"
},
{
"status": "affected",
"version": "20.6.0.18.3"
},
{
"status": "affected",
"version": "20.3.2.0.6"
},
{
"status": "affected",
"version": "20.6.0.18.4"
},
{
"status": "affected",
"version": "20.4.2.0.2"
},
{
"status": "affected",
"version": "20.3.3.0.16"
},
{
"status": "affected",
"version": "20.3.4.0.5"
},
{
"status": "affected",
"version": "20.6.1.0.1"
},
{
"status": "affected",
"version": "20.3.4.0.6"
},
{
"status": "affected",
"version": "20.6.2"
},
{
"status": "affected",
"version": "20.7.1EFT2"
},
{
"status": "affected",
"version": "20.3.4.0.9"
},
{
"status": "affected",
"version": "20.3.4.0.11"
},
{
"status": "affected",
"version": "20.4.2.0.4"
},
{
"status": "affected",
"version": "20.3.3.0.18"
},
{
"status": "affected",
"version": "20.7.1"
},
{
"status": "affected",
"version": "20.6.2.1"
},
{
"status": "affected",
"version": "20.3.4.1"
},
{
"status": "affected",
"version": "20.5.1.1"
},
{
"status": "affected",
"version": "20.4.2.1"
},
{
"status": "affected",
"version": "20.4.2.1.1"
},
{
"status": "affected",
"version": "20.3.4.1.1"
},
{
"status": "affected",
"version": "20.3.813"
},
{
"status": "affected",
"version": "20.3.4.0.19"
},
{
"status": "affected",
"version": "20.4.2.2.1"
},
{
"status": "affected",
"version": "20.5.1.2"
},
{
"status": "affected",
"version": "20.3.4.2"
},
{
"status": "affected",
"version": "20.3.814"
},
{
"status": "affected",
"version": "20.4.2.2"
},
{
"status": "affected",
"version": "20.6.2.2"
},
{
"status": "affected",
"version": "20.3.4.2.1"
},
{
"status": "affected",
"version": "20.7.1.1"
},
{
"status": "affected",
"version": "20.3.4.1.2"
},
{
"status": "affected",
"version": "20.6.2.2.2"
},
{
"status": "affected",
"version": "20.3.4.0.20"
},
{
"status": "affected",
"version": "20.6.2.2.3"
},
{
"status": "affected",
"version": "20.4.2.2.2"
},
{
"status": "affected",
"version": "20.3.5"
},
{
"status": "affected",
"version": "20.6.2.0.4"
},
{
"status": "affected",
"version": "20.4.2.2.3"
},
{
"status": "affected",
"version": "20.3.4.0.24"
},
{
"status": "affected",
"version": "20.6.2.2.7"
},
{
"status": "affected",
"version": "20.6.3"
},
{
"status": "affected",
"version": "20.3.4.2.2"
},
{
"status": "affected",
"version": "20.4.2.2.4"
},
{
"status": "affected",
"version": "20.7.1.0.2"
},
{
"status": "affected",
"version": "20.8.1"
},
{
"status": "affected",
"version": "20.3.5.0.8"
},
{
"status": "affected",
"version": "20.3.5.0.9"
},
{
"status": "affected",
"version": "20.4.2.2.8"
},
{
"status": "affected",
"version": "20.3.5.0.7"
},
{
"status": "affected",
"version": "20.6.3.0.7"
},
{
"status": "affected",
"version": "20.6.3.0.5"
},
{
"status": "affected",
"version": "20.6.3.0.10"
},
{
"status": "affected",
"version": "20.6.3.0.2"
},
{
"status": "affected",
"version": "20.7.2"
},
{
"status": "affected",
"version": "20.9.1EFT2"
},
{
"status": "affected",
"version": "20.6.3.0.11"
},
{
"status": "affected",
"version": "20.6.3.1"
},
{
"status": "affected",
"version": "20.6.3.0.14"
},
{
"status": "affected",
"version": "20.6.4"
},
{
"status": "affected",
"version": "20.9.1"
},
{
"status": "affected",
"version": "20.6.3.0.19"
},
{
"status": "affected",
"version": "20.6.3.0.18"
},
{
"status": "affected",
"version": "20.3.6"
},
{
"status": "affected",
"version": "20.9.1.1"
},
{
"status": "affected",
"version": "20.6.3.0.23"
},
{
"status": "affected",
"version": "20.6.4.0.4"
},
{
"status": "affected",
"version": "20.6.3.0.25"
},
{
"status": "affected",
"version": "20.6.5"
},
{
"status": "affected",
"version": "20.6.3.0.27"
},
{
"status": "affected",
"version": "20.9.2"
},
{
"status": "affected",
"version": "20.9.2.1"
},
{
"status": "affected",
"version": "20.6.3.0.29"
},
{
"status": "affected",
"version": "20.6.3.0.31"
},
{
"status": "affected",
"version": "20.6.3.0.32"
},
{
"status": "affected",
"version": "20.10.1"
},
{
"status": "affected",
"version": "20.6.3.0.33"
},
{
"status": "affected",
"version": "20.9.2.0.01"
},
{
"status": "affected",
"version": "20.9.1_LI_Images"
},
{
"status": "affected",
"version": "20.10.1_LI_Images"
},
{
"status": "affected",
"version": "20.9.2_LI_Images"
},
{
"status": "affected",
"version": "20.3.7"
},
{
"status": "affected",
"version": "20.9.3"
},
{
"status": "affected",
"version": "20.6.5.1"
},
{
"status": "affected",
"version": "20.11.1"
},
{
"status": "affected",
"version": "20.11.1_LI_Images"
},
{
"status": "affected",
"version": "20.9.3_LI_ Images"
},
{
"status": "affected",
"version": "20.6.3.1.1"
},
{
"status": "affected",
"version": "20.9.3.0.2"
},
{
"status": "affected",
"version": "20.6.5.1.2"
},
{
"status": "affected",
"version": "20.9.3.0.3"
},
{
"status": "affected",
"version": "20.4.2.3"
},
{
"status": "affected",
"version": "20.6.3.2"
},
{
"status": "affected",
"version": "20.6.4.1"
},
{
"status": "affected",
"version": "20.6.3.0.38"
},
{
"status": "affected",
"version": "20.6.3.0.39"
},
{
"status": "affected",
"version": "20.3.5.1"
},
{
"status": "affected",
"version": "20.3.4.3"
},
{
"status": "affected",
"version": "20.9.3.1"
},
{
"status": "affected",
"version": "20.3.3.2"
},
{
"status": "affected",
"version": "20.6.5.2"
},
{
"status": "affected",
"version": "20.3.7.1"
},
{
"status": "affected",
"version": "20.10.1.1"
},
{
"status": "affected",
"version": "20.6.5.2.1"
},
{
"status": "affected",
"version": "20.3.4.0.25"
},
{
"status": "affected",
"version": "20.6.2.2.4"
},
{
"status": "affected",
"version": "20.6.1.2"
},
{
"status": "affected",
"version": "20.11.1.1"
},
{
"status": "affected",
"version": "20.9.3.0.5"
},
{
"status": "affected",
"version": "20.3.4.0.26"
},
{
"status": "affected",
"version": "20.6.5.1.3"
},
{
"status": "affected",
"version": "20.6.3.0.40"
},
{
"status": "affected",
"version": "20.1.3.1"
},
{
"status": "affected",
"version": "20.9.2.2"
},
{
"status": "affected",
"version": "20.6.5.2.3"
},
{
"status": "affected",
"version": "20.6.5.1.4"
},
{
"status": "affected",
"version": "20.6.5.3"
},
{
"status": "affected",
"version": "20.6.3.0.41"
},
{
"status": "affected",
"version": "20.9.3.0.7"
},
{
"status": "affected",
"version": "20.6.5.1.5"
},
{
"status": "affected",
"version": "20.9.3.0.4"
},
{
"status": "affected",
"version": "20.6.4.0.19"
},
{
"status": "affected",
"version": "20.6.5.1.6"
},
{
"status": "affected",
"version": "20.9.3.0.8"
},
{
"status": "affected",
"version": "20.6.3.3"
},
{
"status": "affected",
"version": "20.3.7.2"
},
{
"status": "affected",
"version": "20.6.5.4"
},
{
"status": "affected",
"version": "20.6.5.1.7"
},
{
"status": "affected",
"version": "20.9.3.0.12"
},
{
"status": "affected",
"version": "20.6.4.2"
},
{
"status": "affected",
"version": "20.6.5.5"
},
{
"status": "affected",
"version": "20.9.3.2"
},
{
"status": "affected",
"version": "20.11.1.2"
},
{
"status": "affected",
"version": "20.6.3.4"
},
{
"status": "affected",
"version": "20.10.1.2"
},
{
"status": "affected",
"version": "20.6.5.1.9"
},
{
"status": "affected",
"version": "20.9.3.0.16"
},
{
"status": "affected",
"version": "20.6.3.0.45"
},
{
"status": "affected",
"version": "20.6.5.1.10"
},
{
"status": "affected",
"version": "20.9.3.0.17"
},
{
"status": "affected",
"version": "20.6.5.2.4"
},
{
"status": "affected",
"version": "20.6.4.0.21"
},
{
"status": "affected",
"version": "20.9.3.0.18"
},
{
"status": "affected",
"version": "20.6.3.0.46"
},
{
"status": "affected",
"version": "20.6.3.0.47"
},
{
"status": "affected",
"version": "20.9.2.3"
},
{
"status": "affected",
"version": "20.9.3.2_LI_Images"
},
{
"status": "affected",
"version": "20.9.3.0.21"
},
{
"status": "affected",
"version": "20.9.3.0.20"
},
{
"status": "affected",
"version": "20.9.4_LI_Images"
},
{
"status": "affected",
"version": "20.9.4"
},
{
"status": "affected",
"version": "20.6.5.1.11"
},
{
"status": "affected",
"version": "20.12.1"
},
{
"status": "affected",
"version": "20.12.1_LI_Images"
},
{
"status": "affected",
"version": "20.6.5.1.13"
},
{
"status": "affected",
"version": "20.9.3.0.23"
},
{
"status": "affected",
"version": "20.6.5.2.8"
},
{
"status": "affected",
"version": "20.9.4.1"
},
{
"status": "affected",
"version": "20.9.4.1_LI_Images"
},
{
"status": "affected",
"version": "20.9.3.0.25"
},
{
"status": "affected",
"version": "20.9.3.0.24"
},
{
"status": "affected",
"version": "20.6.5.1.14"
},
{
"status": "affected",
"version": "20.3.8"
},
{
"status": "affected",
"version": "20.6.6"
},
{
"status": "affected",
"version": "20.9.3.0.26"
},
{
"status": "affected",
"version": "20.6.3.0.51"
},
{
"status": "affected",
"version": "20.9.3.0.29"
},
{
"status": "affected",
"version": "20.12.2"
},
{
"status": "affected",
"version": "20.12.2_LI_Images"
},
{
"status": "affected",
"version": "20.6.6.0.1"
},
{
"status": "affected",
"version": "20.13.1_LI_Images"
},
{
"status": "affected",
"version": "20.9.4.0.4"
},
{
"status": "affected",
"version": "20.13.1"
},
{
"status": "affected",
"version": "20.9.4.1.1"
},
{
"status": "affected",
"version": "20.9.5"
},
{
"status": "affected",
"version": "20.9.5_LI_Images"
},
{
"status": "affected",
"version": "20.12.3_LI_Images"
},
{
"status": "affected",
"version": "20.12.3"
},
{
"status": "affected",
"version": "20.9.4.1.3"
},
{
"status": "affected",
"version": "20.6.7"
},
{
"status": "affected",
"version": "20.9.5.1"
},
{
"status": "affected",
"version": "20.9.5.1_LI_Images"
},
{
"status": "affected",
"version": "20.9.4.1.6"
},
{
"status": "affected",
"version": "20.14.1"
},
{
"status": "affected",
"version": "20.14.1_LI_Images"
},
{
"status": "affected",
"version": "20.9.5.2"
},
{
"status": "affected",
"version": "20.9.5.2.1"
},
{
"status": "affected",
"version": "20.9.5.2_LI_Images"
},
{
"status": "affected",
"version": "20.12.3.1"
},
{
"status": "affected",
"version": "20.12.4"
},
{
"status": "affected",
"version": "20.15.1_LI_Images"
},
{
"status": "affected",
"version": "20.15.1"
},
{
"status": "affected",
"version": "20.9.5.1.4"
},
{
"status": "affected",
"version": "20.9.5.2.7"
},
{
"status": "affected",
"version": "20.9.5.2.13"
},
{
"status": "affected",
"version": "20.9.6"
},
{
"status": "affected",
"version": "20.9.6_LI_Images"
},
{
"status": "affected",
"version": "20.9.5.2.14"
},
{
"status": "affected",
"version": "20.6.8"
},
{
"status": "affected",
"version": "20.12.4.0.03"
},
{
"status": "affected",
"version": "20.16.1"
},
{
"status": "affected",
"version": "20.16.1_LI_Images"
},
{
"status": "affected",
"version": "20.12.4_LI_Images"
},
{
"status": "affected",
"version": "20.9.5.2.16"
},
{
"status": "affected",
"version": "20.12.4.0.4"
},
{
"status": "affected",
"version": "20.12.401"
},
{
"status": "affected",
"version": "20.9.5.3"
},
{
"status": "affected",
"version": "20.9.5.3_LI_Images"
},
{
"status": "affected",
"version": "20.12.4.1_LI_Images"
},
{
"status": "affected",
"version": "20.12.4.1"
},
{
"status": "affected",
"version": "20.9.5.2.21"
},
{
"status": "affected",
"version": "20.9.6.0.3"
},
{
"status": "affected",
"version": "20.12.4.0.6"
},
{
"status": "affected",
"version": "20.15.2_LI_Images"
},
{
"status": "affected",
"version": "20.15.2"
},
{
"status": "affected",
"version": "20.12.4_Monthly_ES5"
},
{
"status": "affected",
"version": "20.12.5"
},
{
"status": "affected",
"version": "20.12.5_LI_Images"
},
{
"status": "affected",
"version": "20.9.7_LI _Images"
},
{
"status": "affected",
"version": "20.9.7"
},
{
"status": "affected",
"version": "20.15.3"
},
{
"status": "affected",
"version": "20.15.3_ LI _Images"
},
{
"status": "affected",
"version": "20.12.501"
},
{
"status": "affected",
"version": "20.12.5.1_LI_Images"
},
{
"status": "affected",
"version": "20.12.5.1"
},
{
"status": "affected",
"version": "20.12.5.2_LI_Images"
},
{
"status": "affected",
"version": "20.12.5.2"
},
{
"status": "affected",
"version": "20.15.3.1"
},
{
"status": "affected",
"version": "20.15.4_LI_Images"
},
{
"status": "affected",
"version": "20.15.4"
},
{
"status": "affected",
"version": "20.9.7.1_LI _Images"
},
{
"status": "affected",
"version": "20.9.7.1"
},
{
"status": "affected",
"version": "20.18.1"
},
{
"status": "affected",
"version": "20.18.1_LI_Images"
},
{
"status": "affected",
"version": "20.12.6_LI_Images"
},
{
"status": "affected",
"version": "20.12.6"
},
{
"status": "affected",
"version": "20.12.5.1.01"
},
{
"status": "affected",
"version": "20.9.8"
},
{
"status": "affected",
"version": "20.9.8_LI_Images"
},
{
"status": "affected",
"version": "20.18.2"
},
{
"status": "affected",
"version": "20.15.4.1_LI_Images"
},
{
"status": "affected",
"version": "20.15.4.1"
},
{
"status": "affected",
"version": "20.18.2_LI_Images"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in Cisco Catalyst SD-WAN Manager could allow an unauthenticated, remote attacker to view sensitive information on an affected system.\r\n\r\nThis vulnerability is due to insufficient file system access restrictions. An attacker could exploit this vulnerability by accessing the API of an affected system. A successful exploit could allow the attacker to read sensitive information on the underlying operating system."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-25T16:17:41.696Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-sdwan-authbp-qwCX8D4v",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-authbp-qwCX8D4v"
}
],
"source": {
"advisory": "cisco-sa-sdwan-authbp-qwCX8D4v",
"defects": [
"CSCws33583"
],
"discovery": "INTERNAL"
},
"title": "Cisco Catalyst SD-WAN Manager Information Disclosure Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2026-20133",
"datePublished": "2026-02-25T16:13:56.017Z",
"dateReserved": "2025-10-08T11:59:15.380Z",
"dateUpdated": "2026-02-25T19:05:52.915Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-20126 (GCVE-0-2026-20126)
Vulnerability from cvelistv5 – Published: 2026-02-25 16:13 – Updated: 2026-02-26 14:44
VLAI?
EPSS
Title
Cisco Catalyst SD-WAN Manager Privilege Escalation Vulnerability
Summary
A vulnerability in Cisco Catalyst SD-WAN Manager could allow an authenticated, local attacker with low privileges to gain root privileges on the underlying operating system.
This vulnerability is due to an insufficient user authentication mechanism in the REST API. An attacker could exploit this vulnerability by sending a request to the REST API of the affected system. A successful exploit could allow the attacker to gain root privileges on the underlying operating system.
Severity ?
8.8 (High)
CWE
- CWE-648 - Incorrect Use of Privileged APIs
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Catalyst SD-WAN Manager |
Affected:
20.1.12
Affected: 19.2.1 Affected: 18.4.4 Affected: 18.4.5 Affected: 20.1.1.1 Affected: 20.1.1 Affected: 19.3.0 Affected: 19.2.2 Affected: 19.2.099 Affected: 18.3.6 Affected: 18.3.7 Affected: 19.2.0 Affected: 18.3.8 Affected: 19.0.0 Affected: 19.1.0 Affected: 18.4.302 Affected: 18.4.303 Affected: 19.2.097 Affected: 19.2.098 Affected: 17.2.10 Affected: 18.3.6.1 Affected: 19.0.1a Affected: 18.2.0 Affected: 18.4.3 Affected: 18.4.1 Affected: 17.2.8 Affected: 18.3.3.1 Affected: 18.4.0 Affected: 18.3.1 Affected: 17.2.6 Affected: 17.2.9 Affected: 18.3.4 Affected: 17.2.5 Affected: 18.3.1.1 Affected: 18.3.5 Affected: 18.4.0.1 Affected: 18.3.3 Affected: 17.2.7 Affected: 17.2.4 Affected: 18.3.0 Affected: 19.2.3 Affected: 18.4.501_ES Affected: 20.3.1 Affected: 20.1.2 Affected: 19.2.929 Affected: 19.2.31 Affected: 20.3.2 Affected: 19.2.32 Affected: 20.3.2_925 Affected: 20.3.2.1 Affected: 20.3.2.1_927 Affected: 18.4.6 Affected: 20.1.2_937 Affected: 20.4.1 Affected: 20.3.2_928 Affected: 20.3.2_929 Affected: 20.4.1.0.1 Affected: 20.3.2.1_930 Affected: 19.2.4 Affected: 20.5.0.1.1 Affected: 20.4.1.1 Affected: 20.3.3 Affected: 19.2.4.0.1 Affected: 20.3.2_937 Affected: 20.3.3.1 Affected: 20.5.1 Affected: 20.1.3 Affected: 20.3.3.0.4 Affected: 20.3.3.1.2 Affected: 20.3.3.1.1 Affected: 20.4.1.2 Affected: 20.3.3.0.2 Affected: 20.4.1.1.5 Affected: 20.4.1.0.01 Affected: 20.4.1.0.02 Affected: 20.3.3.1.7 Affected: 20.3.3.1.5 Affected: 20.5.1.0.1 Affected: 20.3.3.1.10 Affected: 20.3.3.0.8 Affected: 20.4.2 Affected: 20.4.2.0.1 Affected: 20.3.4 Affected: 20.3.3.0.14 Affected: 19.2.4.0.8 Affected: 19.2.4.0.9 Affected: 20.3.4.0.1 Affected: 20.3.2.0.5 Affected: 20.6.1 Affected: 20.5.1.0.2 Affected: 20.3.3.0.17 Affected: 20.6.1.1 Affected: 20.6.0.18.3 Affected: 20.3.2.0.6 Affected: 20.6.0.18.4 Affected: 20.4.2.0.2 Affected: 20.3.3.0.16 Affected: 20.3.4.0.5 Affected: 20.6.1.0.1 Affected: 20.3.4.0.6 Affected: 20.6.2 Affected: 20.7.1EFT2 Affected: 20.3.4.0.9 Affected: 20.3.4.0.11 Affected: 20.4.2.0.4 Affected: 20.3.3.0.18 Affected: 20.7.1 Affected: 20.6.2.1 Affected: 20.3.4.1 Affected: 20.5.1.1 Affected: 20.4.2.1 Affected: 20.4.2.1.1 Affected: 20.3.4.1.1 Affected: 20.3.813 Affected: 20.3.4.0.19 Affected: 20.4.2.2.1 Affected: 20.5.1.2 Affected: 20.3.4.2 Affected: 20.3.814 Affected: 20.4.2.2 Affected: 20.6.2.2 Affected: 20.3.4.2.1 Affected: 20.7.1.1 Affected: 20.3.4.1.2 Affected: 20.6.2.2.2 Affected: 20.3.4.0.20 Affected: 20.6.2.2.3 Affected: 20.4.2.2.2 Affected: 20.3.5 Affected: 20.6.2.0.4 Affected: 20.4.2.2.3 Affected: 20.3.4.0.24 Affected: 20.6.2.2.7 Affected: 20.6.3 Affected: 20.3.4.2.2 Affected: 20.4.2.2.4 Affected: 20.7.1.0.2 Affected: 20.8.1 Affected: 20.3.5.0.8 Affected: 20.3.5.0.9 Affected: 20.4.2.2.8 Affected: 20.3.5.0.7 Affected: 20.6.3.0.7 Affected: 20.6.3.0.5 Affected: 20.6.3.0.10 Affected: 20.6.3.0.2 Affected: 20.7.2 Affected: 20.9.1EFT2 Affected: 20.6.3.0.11 Affected: 20.6.3.1 Affected: 20.6.3.0.14 Affected: 20.6.4 Affected: 20.9.1 Affected: 20.6.3.0.19 Affected: 20.6.3.0.18 Affected: 20.3.6 Affected: 20.9.1.1 Affected: 20.6.3.0.23 Affected: 20.6.4.0.4 Affected: 20.6.3.0.25 Affected: 20.6.5 Affected: 20.6.3.0.27 Affected: 20.9.2 Affected: 20.9.2.1 Affected: 20.6.3.0.29 Affected: 20.6.3.0.31 Affected: 20.6.3.0.32 Affected: 20.10.1 Affected: 20.6.3.0.33 Affected: 20.9.2.0.01 Affected: 20.9.1_LI_Images Affected: 20.10.1_LI_Images Affected: 20.9.2_LI_Images Affected: 20.3.7 Affected: 20.9.3 Affected: 20.6.5.1 Affected: 20.11.1 Affected: 20.11.1_LI_Images Affected: 20.9.3_LI_ Images Affected: 20.6.3.1.1 Affected: 20.9.3.0.2 Affected: 20.6.5.1.2 Affected: 20.9.3.0.3 Affected: 20.4.2.3 Affected: 20.6.3.2 Affected: 20.6.4.1 Affected: 20.6.3.0.38 Affected: 20.6.3.0.39 Affected: 20.3.5.1 Affected: 20.3.4.3 Affected: 20.9.3.1 Affected: 20.3.3.2 Affected: 20.6.5.2 Affected: 20.3.7.1 Affected: 20.10.1.1 Affected: 20.6.5.2.1 Affected: 20.3.4.0.25 Affected: 20.6.2.2.4 Affected: 20.6.1.2 Affected: 20.11.1.1 Affected: 20.9.3.0.5 Affected: 20.3.4.0.26 Affected: 20.6.5.1.3 Affected: 20.6.3.0.40 Affected: 20.1.3.1 Affected: 20.9.2.2 Affected: 20.6.5.2.3 Affected: 20.6.5.1.4 Affected: 20.6.5.3 Affected: 20.6.3.0.41 Affected: 20.9.3.0.7 Affected: 20.6.5.1.5 Affected: 20.9.3.0.4 Affected: 20.6.4.0.19 Affected: 20.6.5.1.6 Affected: 20.9.3.0.8 Affected: 20.6.3.3 Affected: 20.3.7.2 Affected: 20.6.5.4 Affected: 20.6.5.1.7 Affected: 20.9.3.0.12 Affected: 20.6.4.2 Affected: 20.6.5.5 Affected: 20.9.3.2 Affected: 20.11.1.2 Affected: 20.6.3.4 Affected: 20.10.1.2 Affected: 20.6.5.1.9 Affected: 20.9.3.0.16 Affected: 20.6.3.0.45 Affected: 20.6.5.1.10 Affected: 20.9.3.0.17 Affected: 20.6.5.2.4 Affected: 20.6.4.0.21 Affected: 20.9.3.0.18 Affected: 20.6.3.0.46 Affected: 20.6.3.0.47 Affected: 20.9.2.3 Affected: 20.9.3.2_LI_Images Affected: 20.9.3.0.21 Affected: 20.9.3.0.20 Affected: 20.9.4_LI_Images Affected: 20.9.4 Affected: 20.6.5.1.11 Affected: 20.12.1 Affected: 20.12.1_LI_Images Affected: 20.6.5.1.13 Affected: 20.9.3.0.23 Affected: 20.6.5.2.8 Affected: 20.9.4.1 Affected: 20.9.4.1_LI_Images Affected: 20.9.3.0.25 Affected: 20.9.3.0.24 Affected: 20.6.5.1.14 Affected: 20.3.8 Affected: 20.6.6 Affected: 20.9.3.0.26 Affected: 20.6.3.0.51 Affected: 20.9.3.0.29 Affected: 20.12.2 Affected: 20.12.2_LI_Images Affected: 20.6.6.0.1 Affected: 20.13.1_LI_Images Affected: 20.9.4.0.4 Affected: 20.13.1 Affected: 20.9.4.1.1 Affected: 20.9.5 Affected: 20.9.5_LI_Images Affected: 20.12.3_LI_Images Affected: 20.12.3 Affected: 20.9.4.1.3 Affected: 20.6.7 Affected: 20.9.5.1 Affected: 20.9.5.1_LI_Images Affected: 20.9.4.1.6 Affected: 20.14.1 Affected: 20.14.1_LI_Images Affected: 20.9.5.2 Affected: 20.9.5.2.1 Affected: 20.9.5.2_LI_Images Affected: 20.12.3.1 Affected: 20.12.4 Affected: 20.15.1_LI_Images Affected: 20.15.1 Affected: 20.9.5.1.4 Affected: 20.9.5.2.7 Affected: 20.9.5.2.13 Affected: 20.9.6 Affected: 20.9.6_LI_Images Affected: 20.9.5.2.14 Affected: 20.6.8 Affected: 20.12.4.0.03 Affected: 20.16.1 Affected: 20.16.1_LI_Images Affected: 20.12.4_LI_Images Affected: 20.9.5.2.16 Affected: 20.12.4.0.4 Affected: 20.12.401 Affected: 20.9.5.3 Affected: 20.9.5.3_LI_Images Affected: 20.12.4.1_LI_Images Affected: 20.12.4.1 Affected: 20.9.5.2.21 Affected: 20.9.6.0.3 Affected: 20.12.4.0.6 Affected: 20.15.2_LI_Images Affected: 20.15.2 Affected: 20.12.4_Monthly_ES5 Affected: 20.12.5 Affected: 20.12.5_LI_Images Affected: 20.9.7_LI _Images Affected: 20.9.7 Affected: 20.15.3 Affected: 20.15.3_ LI _Images Affected: 20.12.501 Affected: 20.12.5.1_LI_Images Affected: 20.12.5.1 Affected: 20.12.5.2_LI_Images Affected: 20.12.5.2 Affected: 20.15.3.1 Affected: 20.15.4_LI_Images Affected: 20.15.4 Affected: 20.9.7.1_LI _Images Affected: 20.9.7.1 Affected: 20.18.1 Affected: 20.18.1_LI_Images Affected: 20.12.6_LI_Images Affected: 20.12.6 Affected: 20.12.5.1.01 Affected: 20.9.8 Affected: 20.9.8_LI_Images Affected: 20.18.2 Affected: 20.15.4.1_LI_Images Affected: 20.15.4.1 Affected: 20.18.2_LI_Images |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-20126",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-26T04:56:09.308176Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T14:44:06.591Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco Catalyst SD-WAN Manager",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "20.1.12"
},
{
"status": "affected",
"version": "19.2.1"
},
{
"status": "affected",
"version": "18.4.4"
},
{
"status": "affected",
"version": "18.4.5"
},
{
"status": "affected",
"version": "20.1.1.1"
},
{
"status": "affected",
"version": "20.1.1"
},
{
"status": "affected",
"version": "19.3.0"
},
{
"status": "affected",
"version": "19.2.2"
},
{
"status": "affected",
"version": "19.2.099"
},
{
"status": "affected",
"version": "18.3.6"
},
{
"status": "affected",
"version": "18.3.7"
},
{
"status": "affected",
"version": "19.2.0"
},
{
"status": "affected",
"version": "18.3.8"
},
{
"status": "affected",
"version": "19.0.0"
},
{
"status": "affected",
"version": "19.1.0"
},
{
"status": "affected",
"version": "18.4.302"
},
{
"status": "affected",
"version": "18.4.303"
},
{
"status": "affected",
"version": "19.2.097"
},
{
"status": "affected",
"version": "19.2.098"
},
{
"status": "affected",
"version": "17.2.10"
},
{
"status": "affected",
"version": "18.3.6.1"
},
{
"status": "affected",
"version": "19.0.1a"
},
{
"status": "affected",
"version": "18.2.0"
},
{
"status": "affected",
"version": "18.4.3"
},
{
"status": "affected",
"version": "18.4.1"
},
{
"status": "affected",
"version": "17.2.8"
},
{
"status": "affected",
"version": "18.3.3.1"
},
{
"status": "affected",
"version": "18.4.0"
},
{
"status": "affected",
"version": "18.3.1"
},
{
"status": "affected",
"version": "17.2.6"
},
{
"status": "affected",
"version": "17.2.9"
},
{
"status": "affected",
"version": "18.3.4"
},
{
"status": "affected",
"version": "17.2.5"
},
{
"status": "affected",
"version": "18.3.1.1"
},
{
"status": "affected",
"version": "18.3.5"
},
{
"status": "affected",
"version": "18.4.0.1"
},
{
"status": "affected",
"version": "18.3.3"
},
{
"status": "affected",
"version": "17.2.7"
},
{
"status": "affected",
"version": "17.2.4"
},
{
"status": "affected",
"version": "18.3.0"
},
{
"status": "affected",
"version": "19.2.3"
},
{
"status": "affected",
"version": "18.4.501_ES"
},
{
"status": "affected",
"version": "20.3.1"
},
{
"status": "affected",
"version": "20.1.2"
},
{
"status": "affected",
"version": "19.2.929"
},
{
"status": "affected",
"version": "19.2.31"
},
{
"status": "affected",
"version": "20.3.2"
},
{
"status": "affected",
"version": "19.2.32"
},
{
"status": "affected",
"version": "20.3.2_925"
},
{
"status": "affected",
"version": "20.3.2.1"
},
{
"status": "affected",
"version": "20.3.2.1_927"
},
{
"status": "affected",
"version": "18.4.6"
},
{
"status": "affected",
"version": "20.1.2_937"
},
{
"status": "affected",
"version": "20.4.1"
},
{
"status": "affected",
"version": "20.3.2_928"
},
{
"status": "affected",
"version": "20.3.2_929"
},
{
"status": "affected",
"version": "20.4.1.0.1"
},
{
"status": "affected",
"version": "20.3.2.1_930"
},
{
"status": "affected",
"version": "19.2.4"
},
{
"status": "affected",
"version": "20.5.0.1.1"
},
{
"status": "affected",
"version": "20.4.1.1"
},
{
"status": "affected",
"version": "20.3.3"
},
{
"status": "affected",
"version": "19.2.4.0.1"
},
{
"status": "affected",
"version": "20.3.2_937"
},
{
"status": "affected",
"version": "20.3.3.1"
},
{
"status": "affected",
"version": "20.5.1"
},
{
"status": "affected",
"version": "20.1.3"
},
{
"status": "affected",
"version": "20.3.3.0.4"
},
{
"status": "affected",
"version": "20.3.3.1.2"
},
{
"status": "affected",
"version": "20.3.3.1.1"
},
{
"status": "affected",
"version": "20.4.1.2"
},
{
"status": "affected",
"version": "20.3.3.0.2"
},
{
"status": "affected",
"version": "20.4.1.1.5"
},
{
"status": "affected",
"version": "20.4.1.0.01"
},
{
"status": "affected",
"version": "20.4.1.0.02"
},
{
"status": "affected",
"version": "20.3.3.1.7"
},
{
"status": "affected",
"version": "20.3.3.1.5"
},
{
"status": "affected",
"version": "20.5.1.0.1"
},
{
"status": "affected",
"version": "20.3.3.1.10"
},
{
"status": "affected",
"version": "20.3.3.0.8"
},
{
"status": "affected",
"version": "20.4.2"
},
{
"status": "affected",
"version": "20.4.2.0.1"
},
{
"status": "affected",
"version": "20.3.4"
},
{
"status": "affected",
"version": "20.3.3.0.14"
},
{
"status": "affected",
"version": "19.2.4.0.8"
},
{
"status": "affected",
"version": "19.2.4.0.9"
},
{
"status": "affected",
"version": "20.3.4.0.1"
},
{
"status": "affected",
"version": "20.3.2.0.5"
},
{
"status": "affected",
"version": "20.6.1"
},
{
"status": "affected",
"version": "20.5.1.0.2"
},
{
"status": "affected",
"version": "20.3.3.0.17"
},
{
"status": "affected",
"version": "20.6.1.1"
},
{
"status": "affected",
"version": "20.6.0.18.3"
},
{
"status": "affected",
"version": "20.3.2.0.6"
},
{
"status": "affected",
"version": "20.6.0.18.4"
},
{
"status": "affected",
"version": "20.4.2.0.2"
},
{
"status": "affected",
"version": "20.3.3.0.16"
},
{
"status": "affected",
"version": "20.3.4.0.5"
},
{
"status": "affected",
"version": "20.6.1.0.1"
},
{
"status": "affected",
"version": "20.3.4.0.6"
},
{
"status": "affected",
"version": "20.6.2"
},
{
"status": "affected",
"version": "20.7.1EFT2"
},
{
"status": "affected",
"version": "20.3.4.0.9"
},
{
"status": "affected",
"version": "20.3.4.0.11"
},
{
"status": "affected",
"version": "20.4.2.0.4"
},
{
"status": "affected",
"version": "20.3.3.0.18"
},
{
"status": "affected",
"version": "20.7.1"
},
{
"status": "affected",
"version": "20.6.2.1"
},
{
"status": "affected",
"version": "20.3.4.1"
},
{
"status": "affected",
"version": "20.5.1.1"
},
{
"status": "affected",
"version": "20.4.2.1"
},
{
"status": "affected",
"version": "20.4.2.1.1"
},
{
"status": "affected",
"version": "20.3.4.1.1"
},
{
"status": "affected",
"version": "20.3.813"
},
{
"status": "affected",
"version": "20.3.4.0.19"
},
{
"status": "affected",
"version": "20.4.2.2.1"
},
{
"status": "affected",
"version": "20.5.1.2"
},
{
"status": "affected",
"version": "20.3.4.2"
},
{
"status": "affected",
"version": "20.3.814"
},
{
"status": "affected",
"version": "20.4.2.2"
},
{
"status": "affected",
"version": "20.6.2.2"
},
{
"status": "affected",
"version": "20.3.4.2.1"
},
{
"status": "affected",
"version": "20.7.1.1"
},
{
"status": "affected",
"version": "20.3.4.1.2"
},
{
"status": "affected",
"version": "20.6.2.2.2"
},
{
"status": "affected",
"version": "20.3.4.0.20"
},
{
"status": "affected",
"version": "20.6.2.2.3"
},
{
"status": "affected",
"version": "20.4.2.2.2"
},
{
"status": "affected",
"version": "20.3.5"
},
{
"status": "affected",
"version": "20.6.2.0.4"
},
{
"status": "affected",
"version": "20.4.2.2.3"
},
{
"status": "affected",
"version": "20.3.4.0.24"
},
{
"status": "affected",
"version": "20.6.2.2.7"
},
{
"status": "affected",
"version": "20.6.3"
},
{
"status": "affected",
"version": "20.3.4.2.2"
},
{
"status": "affected",
"version": "20.4.2.2.4"
},
{
"status": "affected",
"version": "20.7.1.0.2"
},
{
"status": "affected",
"version": "20.8.1"
},
{
"status": "affected",
"version": "20.3.5.0.8"
},
{
"status": "affected",
"version": "20.3.5.0.9"
},
{
"status": "affected",
"version": "20.4.2.2.8"
},
{
"status": "affected",
"version": "20.3.5.0.7"
},
{
"status": "affected",
"version": "20.6.3.0.7"
},
{
"status": "affected",
"version": "20.6.3.0.5"
},
{
"status": "affected",
"version": "20.6.3.0.10"
},
{
"status": "affected",
"version": "20.6.3.0.2"
},
{
"status": "affected",
"version": "20.7.2"
},
{
"status": "affected",
"version": "20.9.1EFT2"
},
{
"status": "affected",
"version": "20.6.3.0.11"
},
{
"status": "affected",
"version": "20.6.3.1"
},
{
"status": "affected",
"version": "20.6.3.0.14"
},
{
"status": "affected",
"version": "20.6.4"
},
{
"status": "affected",
"version": "20.9.1"
},
{
"status": "affected",
"version": "20.6.3.0.19"
},
{
"status": "affected",
"version": "20.6.3.0.18"
},
{
"status": "affected",
"version": "20.3.6"
},
{
"status": "affected",
"version": "20.9.1.1"
},
{
"status": "affected",
"version": "20.6.3.0.23"
},
{
"status": "affected",
"version": "20.6.4.0.4"
},
{
"status": "affected",
"version": "20.6.3.0.25"
},
{
"status": "affected",
"version": "20.6.5"
},
{
"status": "affected",
"version": "20.6.3.0.27"
},
{
"status": "affected",
"version": "20.9.2"
},
{
"status": "affected",
"version": "20.9.2.1"
},
{
"status": "affected",
"version": "20.6.3.0.29"
},
{
"status": "affected",
"version": "20.6.3.0.31"
},
{
"status": "affected",
"version": "20.6.3.0.32"
},
{
"status": "affected",
"version": "20.10.1"
},
{
"status": "affected",
"version": "20.6.3.0.33"
},
{
"status": "affected",
"version": "20.9.2.0.01"
},
{
"status": "affected",
"version": "20.9.1_LI_Images"
},
{
"status": "affected",
"version": "20.10.1_LI_Images"
},
{
"status": "affected",
"version": "20.9.2_LI_Images"
},
{
"status": "affected",
"version": "20.3.7"
},
{
"status": "affected",
"version": "20.9.3"
},
{
"status": "affected",
"version": "20.6.5.1"
},
{
"status": "affected",
"version": "20.11.1"
},
{
"status": "affected",
"version": "20.11.1_LI_Images"
},
{
"status": "affected",
"version": "20.9.3_LI_ Images"
},
{
"status": "affected",
"version": "20.6.3.1.1"
},
{
"status": "affected",
"version": "20.9.3.0.2"
},
{
"status": "affected",
"version": "20.6.5.1.2"
},
{
"status": "affected",
"version": "20.9.3.0.3"
},
{
"status": "affected",
"version": "20.4.2.3"
},
{
"status": "affected",
"version": "20.6.3.2"
},
{
"status": "affected",
"version": "20.6.4.1"
},
{
"status": "affected",
"version": "20.6.3.0.38"
},
{
"status": "affected",
"version": "20.6.3.0.39"
},
{
"status": "affected",
"version": "20.3.5.1"
},
{
"status": "affected",
"version": "20.3.4.3"
},
{
"status": "affected",
"version": "20.9.3.1"
},
{
"status": "affected",
"version": "20.3.3.2"
},
{
"status": "affected",
"version": "20.6.5.2"
},
{
"status": "affected",
"version": "20.3.7.1"
},
{
"status": "affected",
"version": "20.10.1.1"
},
{
"status": "affected",
"version": "20.6.5.2.1"
},
{
"status": "affected",
"version": "20.3.4.0.25"
},
{
"status": "affected",
"version": "20.6.2.2.4"
},
{
"status": "affected",
"version": "20.6.1.2"
},
{
"status": "affected",
"version": "20.11.1.1"
},
{
"status": "affected",
"version": "20.9.3.0.5"
},
{
"status": "affected",
"version": "20.3.4.0.26"
},
{
"status": "affected",
"version": "20.6.5.1.3"
},
{
"status": "affected",
"version": "20.6.3.0.40"
},
{
"status": "affected",
"version": "20.1.3.1"
},
{
"status": "affected",
"version": "20.9.2.2"
},
{
"status": "affected",
"version": "20.6.5.2.3"
},
{
"status": "affected",
"version": "20.6.5.1.4"
},
{
"status": "affected",
"version": "20.6.5.3"
},
{
"status": "affected",
"version": "20.6.3.0.41"
},
{
"status": "affected",
"version": "20.9.3.0.7"
},
{
"status": "affected",
"version": "20.6.5.1.5"
},
{
"status": "affected",
"version": "20.9.3.0.4"
},
{
"status": "affected",
"version": "20.6.4.0.19"
},
{
"status": "affected",
"version": "20.6.5.1.6"
},
{
"status": "affected",
"version": "20.9.3.0.8"
},
{
"status": "affected",
"version": "20.6.3.3"
},
{
"status": "affected",
"version": "20.3.7.2"
},
{
"status": "affected",
"version": "20.6.5.4"
},
{
"status": "affected",
"version": "20.6.5.1.7"
},
{
"status": "affected",
"version": "20.9.3.0.12"
},
{
"status": "affected",
"version": "20.6.4.2"
},
{
"status": "affected",
"version": "20.6.5.5"
},
{
"status": "affected",
"version": "20.9.3.2"
},
{
"status": "affected",
"version": "20.11.1.2"
},
{
"status": "affected",
"version": "20.6.3.4"
},
{
"status": "affected",
"version": "20.10.1.2"
},
{
"status": "affected",
"version": "20.6.5.1.9"
},
{
"status": "affected",
"version": "20.9.3.0.16"
},
{
"status": "affected",
"version": "20.6.3.0.45"
},
{
"status": "affected",
"version": "20.6.5.1.10"
},
{
"status": "affected",
"version": "20.9.3.0.17"
},
{
"status": "affected",
"version": "20.6.5.2.4"
},
{
"status": "affected",
"version": "20.6.4.0.21"
},
{
"status": "affected",
"version": "20.9.3.0.18"
},
{
"status": "affected",
"version": "20.6.3.0.46"
},
{
"status": "affected",
"version": "20.6.3.0.47"
},
{
"status": "affected",
"version": "20.9.2.3"
},
{
"status": "affected",
"version": "20.9.3.2_LI_Images"
},
{
"status": "affected",
"version": "20.9.3.0.21"
},
{
"status": "affected",
"version": "20.9.3.0.20"
},
{
"status": "affected",
"version": "20.9.4_LI_Images"
},
{
"status": "affected",
"version": "20.9.4"
},
{
"status": "affected",
"version": "20.6.5.1.11"
},
{
"status": "affected",
"version": "20.12.1"
},
{
"status": "affected",
"version": "20.12.1_LI_Images"
},
{
"status": "affected",
"version": "20.6.5.1.13"
},
{
"status": "affected",
"version": "20.9.3.0.23"
},
{
"status": "affected",
"version": "20.6.5.2.8"
},
{
"status": "affected",
"version": "20.9.4.1"
},
{
"status": "affected",
"version": "20.9.4.1_LI_Images"
},
{
"status": "affected",
"version": "20.9.3.0.25"
},
{
"status": "affected",
"version": "20.9.3.0.24"
},
{
"status": "affected",
"version": "20.6.5.1.14"
},
{
"status": "affected",
"version": "20.3.8"
},
{
"status": "affected",
"version": "20.6.6"
},
{
"status": "affected",
"version": "20.9.3.0.26"
},
{
"status": "affected",
"version": "20.6.3.0.51"
},
{
"status": "affected",
"version": "20.9.3.0.29"
},
{
"status": "affected",
"version": "20.12.2"
},
{
"status": "affected",
"version": "20.12.2_LI_Images"
},
{
"status": "affected",
"version": "20.6.6.0.1"
},
{
"status": "affected",
"version": "20.13.1_LI_Images"
},
{
"status": "affected",
"version": "20.9.4.0.4"
},
{
"status": "affected",
"version": "20.13.1"
},
{
"status": "affected",
"version": "20.9.4.1.1"
},
{
"status": "affected",
"version": "20.9.5"
},
{
"status": "affected",
"version": "20.9.5_LI_Images"
},
{
"status": "affected",
"version": "20.12.3_LI_Images"
},
{
"status": "affected",
"version": "20.12.3"
},
{
"status": "affected",
"version": "20.9.4.1.3"
},
{
"status": "affected",
"version": "20.6.7"
},
{
"status": "affected",
"version": "20.9.5.1"
},
{
"status": "affected",
"version": "20.9.5.1_LI_Images"
},
{
"status": "affected",
"version": "20.9.4.1.6"
},
{
"status": "affected",
"version": "20.14.1"
},
{
"status": "affected",
"version": "20.14.1_LI_Images"
},
{
"status": "affected",
"version": "20.9.5.2"
},
{
"status": "affected",
"version": "20.9.5.2.1"
},
{
"status": "affected",
"version": "20.9.5.2_LI_Images"
},
{
"status": "affected",
"version": "20.12.3.1"
},
{
"status": "affected",
"version": "20.12.4"
},
{
"status": "affected",
"version": "20.15.1_LI_Images"
},
{
"status": "affected",
"version": "20.15.1"
},
{
"status": "affected",
"version": "20.9.5.1.4"
},
{
"status": "affected",
"version": "20.9.5.2.7"
},
{
"status": "affected",
"version": "20.9.5.2.13"
},
{
"status": "affected",
"version": "20.9.6"
},
{
"status": "affected",
"version": "20.9.6_LI_Images"
},
{
"status": "affected",
"version": "20.9.5.2.14"
},
{
"status": "affected",
"version": "20.6.8"
},
{
"status": "affected",
"version": "20.12.4.0.03"
},
{
"status": "affected",
"version": "20.16.1"
},
{
"status": "affected",
"version": "20.16.1_LI_Images"
},
{
"status": "affected",
"version": "20.12.4_LI_Images"
},
{
"status": "affected",
"version": "20.9.5.2.16"
},
{
"status": "affected",
"version": "20.12.4.0.4"
},
{
"status": "affected",
"version": "20.12.401"
},
{
"status": "affected",
"version": "20.9.5.3"
},
{
"status": "affected",
"version": "20.9.5.3_LI_Images"
},
{
"status": "affected",
"version": "20.12.4.1_LI_Images"
},
{
"status": "affected",
"version": "20.12.4.1"
},
{
"status": "affected",
"version": "20.9.5.2.21"
},
{
"status": "affected",
"version": "20.9.6.0.3"
},
{
"status": "affected",
"version": "20.12.4.0.6"
},
{
"status": "affected",
"version": "20.15.2_LI_Images"
},
{
"status": "affected",
"version": "20.15.2"
},
{
"status": "affected",
"version": "20.12.4_Monthly_ES5"
},
{
"status": "affected",
"version": "20.12.5"
},
{
"status": "affected",
"version": "20.12.5_LI_Images"
},
{
"status": "affected",
"version": "20.9.7_LI _Images"
},
{
"status": "affected",
"version": "20.9.7"
},
{
"status": "affected",
"version": "20.15.3"
},
{
"status": "affected",
"version": "20.15.3_ LI _Images"
},
{
"status": "affected",
"version": "20.12.501"
},
{
"status": "affected",
"version": "20.12.5.1_LI_Images"
},
{
"status": "affected",
"version": "20.12.5.1"
},
{
"status": "affected",
"version": "20.12.5.2_LI_Images"
},
{
"status": "affected",
"version": "20.12.5.2"
},
{
"status": "affected",
"version": "20.15.3.1"
},
{
"status": "affected",
"version": "20.15.4_LI_Images"
},
{
"status": "affected",
"version": "20.15.4"
},
{
"status": "affected",
"version": "20.9.7.1_LI _Images"
},
{
"status": "affected",
"version": "20.9.7.1"
},
{
"status": "affected",
"version": "20.18.1"
},
{
"status": "affected",
"version": "20.18.1_LI_Images"
},
{
"status": "affected",
"version": "20.12.6_LI_Images"
},
{
"status": "affected",
"version": "20.12.6"
},
{
"status": "affected",
"version": "20.12.5.1.01"
},
{
"status": "affected",
"version": "20.9.8"
},
{
"status": "affected",
"version": "20.9.8_LI_Images"
},
{
"status": "affected",
"version": "20.18.2"
},
{
"status": "affected",
"version": "20.15.4.1_LI_Images"
},
{
"status": "affected",
"version": "20.15.4.1"
},
{
"status": "affected",
"version": "20.18.2_LI_Images"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in Cisco Catalyst SD-WAN Manager could allow an authenticated, local attacker with low privileges to gain root privileges on the underlying operating system.\r\n\r\nThis vulnerability is due to an insufficient user authentication mechanism in the REST API. An attacker could exploit this vulnerability by sending a request to the REST API of the affected system. A successful exploit could allow the attacker to\u0026nbsp;gain root privileges on the underlying operating system."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-648",
"description": "Incorrect Use of Privileged APIs",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-25T16:18:05.423Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-sdwan-authbp-qwCX8D4v",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-authbp-qwCX8D4v"
}
],
"source": {
"advisory": "cisco-sa-sdwan-authbp-qwCX8D4v",
"defects": [
"CSCws93470"
],
"discovery": "INTERNAL"
},
"title": "Cisco Catalyst SD-WAN Manager Privilege Escalation Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2026-20126",
"datePublished": "2026-02-25T16:13:58.856Z",
"dateReserved": "2025-10-08T11:59:15.378Z",
"dateUpdated": "2026-02-26T14:44:06.591Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-20122 (GCVE-0-2026-20122)
Vulnerability from cvelistv5 – Published: 2026-02-25 16:14 – Updated: 2026-03-09 13:50
VLAI?
EPSS
Title
Cisco Catalyst SD-WAN Manager Arbitrary File Overwrite Vulnerability
Summary
A vulnerability in the API of Cisco Catalyst SD-WAN Manager could allow an authenticated, remote attacker to overwrite arbitrary files on the local file system. To exploit this vulnerability, the attacker must have valid read-only credentials with API access on the affected system.
This vulnerability is due to improper file handling on the API interface of an affected system. An attacker could exploit this vulnerability by uploading a malicious file on the local file system. A successful exploit could allow the attacker to overwrite arbitrary files on the affected system and gain vmanage user privileges.
Severity ?
5.4 (Medium)
CWE
- CWE-648 - Incorrect Use of Privileged APIs
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Catalyst SD-WAN Manager |
Affected:
20.1.12
Affected: 19.2.1 Affected: 18.4.4 Affected: 18.4.5 Affected: 20.1.1.1 Affected: 20.1.1 Affected: 19.3.0 Affected: 19.2.2 Affected: 19.2.099 Affected: 18.3.6 Affected: 18.3.7 Affected: 19.2.0 Affected: 18.3.8 Affected: 19.0.0 Affected: 19.1.0 Affected: 18.4.302 Affected: 18.4.303 Affected: 19.2.097 Affected: 19.2.098 Affected: 17.2.10 Affected: 18.3.6.1 Affected: 19.0.1a Affected: 18.2.0 Affected: 18.4.3 Affected: 18.4.1 Affected: 17.2.8 Affected: 18.3.3.1 Affected: 18.4.0 Affected: 18.3.1 Affected: 17.2.6 Affected: 17.2.9 Affected: 18.3.4 Affected: 17.2.5 Affected: 18.3.1.1 Affected: 18.3.5 Affected: 18.4.0.1 Affected: 18.3.3 Affected: 17.2.7 Affected: 17.2.4 Affected: 18.3.0 Affected: 19.2.3 Affected: 18.4.501_ES Affected: 20.3.1 Affected: 20.1.2 Affected: 19.2.929 Affected: 19.2.31 Affected: 20.3.2 Affected: 19.2.32 Affected: 20.3.2_925 Affected: 20.3.2.1 Affected: 20.3.2.1_927 Affected: 18.4.6 Affected: 20.1.2_937 Affected: 20.4.1 Affected: 20.3.2_928 Affected: 20.3.2_929 Affected: 20.4.1.0.1 Affected: 20.3.2.1_930 Affected: 19.2.4 Affected: 20.5.0.1.1 Affected: 20.4.1.1 Affected: 20.3.3 Affected: 19.2.4.0.1 Affected: 20.3.2_937 Affected: 20.3.3.1 Affected: 20.5.1 Affected: 20.1.3 Affected: 20.3.3.0.4 Affected: 20.3.3.1.2 Affected: 20.3.3.1.1 Affected: 20.4.1.2 Affected: 20.3.3.0.2 Affected: 20.4.1.1.5 Affected: 20.4.1.0.01 Affected: 20.4.1.0.02 Affected: 20.3.3.1.7 Affected: 20.3.3.1.5 Affected: 20.5.1.0.1 Affected: 20.3.3.1.10 Affected: 20.3.3.0.8 Affected: 20.4.2 Affected: 20.4.2.0.1 Affected: 20.3.4 Affected: 20.3.3.0.14 Affected: 19.2.4.0.8 Affected: 19.2.4.0.9 Affected: 20.3.4.0.1 Affected: 20.3.2.0.5 Affected: 20.6.1 Affected: 20.5.1.0.2 Affected: 20.3.3.0.17 Affected: 20.6.1.1 Affected: 20.6.0.18.3 Affected: 20.3.2.0.6 Affected: 20.6.0.18.4 Affected: 20.4.2.0.2 Affected: 20.3.3.0.16 Affected: 20.3.4.0.5 Affected: 20.6.1.0.1 Affected: 20.3.4.0.6 Affected: 20.6.2 Affected: 20.7.1EFT2 Affected: 20.3.4.0.9 Affected: 20.3.4.0.11 Affected: 20.4.2.0.4 Affected: 20.3.3.0.18 Affected: 20.7.1 Affected: 20.6.2.1 Affected: 20.3.4.1 Affected: 20.5.1.1 Affected: 20.4.2.1 Affected: 20.4.2.1.1 Affected: 20.3.4.1.1 Affected: 20.3.813 Affected: 20.3.4.0.19 Affected: 20.4.2.2.1 Affected: 20.5.1.2 Affected: 20.3.4.2 Affected: 20.3.814 Affected: 20.4.2.2 Affected: 20.6.2.2 Affected: 20.3.4.2.1 Affected: 20.7.1.1 Affected: 20.3.4.1.2 Affected: 20.6.2.2.2 Affected: 20.3.4.0.20 Affected: 20.6.2.2.3 Affected: 20.4.2.2.2 Affected: 20.3.5 Affected: 20.6.2.0.4 Affected: 20.4.2.2.3 Affected: 20.3.4.0.24 Affected: 20.6.2.2.7 Affected: 20.6.3 Affected: 20.3.4.2.2 Affected: 20.4.2.2.4 Affected: 20.7.1.0.2 Affected: 20.8.1 Affected: 20.3.5.0.8 Affected: 20.3.5.0.9 Affected: 20.4.2.2.8 Affected: 20.3.5.0.7 Affected: 20.6.3.0.7 Affected: 20.6.3.0.5 Affected: 20.6.3.0.10 Affected: 20.6.3.0.2 Affected: 20.7.2 Affected: 20.9.1EFT2 Affected: 20.6.3.0.11 Affected: 20.6.3.1 Affected: 20.6.3.0.14 Affected: 20.6.4 Affected: 20.9.1 Affected: 20.6.3.0.19 Affected: 20.6.3.0.18 Affected: 20.3.6 Affected: 20.9.1.1 Affected: 20.6.3.0.23 Affected: 20.6.4.0.4 Affected: 20.6.3.0.25 Affected: 20.6.5 Affected: 20.6.3.0.27 Affected: 20.9.2 Affected: 20.9.2.1 Affected: 20.6.3.0.29 Affected: 20.6.3.0.31 Affected: 20.6.3.0.32 Affected: 20.10.1 Affected: 20.6.3.0.33 Affected: 20.9.2.0.01 Affected: 20.9.1_LI_Images Affected: 20.10.1_LI_Images Affected: 20.9.2_LI_Images Affected: 20.3.7 Affected: 20.9.3 Affected: 20.6.5.1 Affected: 20.11.1 Affected: 20.11.1_LI_Images Affected: 20.9.3_LI_ Images Affected: 20.6.3.1.1 Affected: 20.9.3.0.2 Affected: 20.6.5.1.2 Affected: 20.9.3.0.3 Affected: 20.4.2.3 Affected: 20.6.3.2 Affected: 20.6.4.1 Affected: 20.6.3.0.38 Affected: 20.6.3.0.39 Affected: 20.3.5.1 Affected: 20.3.4.3 Affected: 20.9.3.1 Affected: 20.3.3.2 Affected: 20.6.5.2 Affected: 20.3.7.1 Affected: 20.10.1.1 Affected: 20.6.5.2.1 Affected: 20.3.4.0.25 Affected: 20.6.2.2.4 Affected: 20.6.1.2 Affected: 20.11.1.1 Affected: 20.9.3.0.5 Affected: 20.3.4.0.26 Affected: 20.6.5.1.3 Affected: 20.6.3.0.40 Affected: 20.1.3.1 Affected: 20.9.2.2 Affected: 20.6.5.2.3 Affected: 20.6.5.1.4 Affected: 20.6.5.3 Affected: 20.6.3.0.41 Affected: 20.9.3.0.7 Affected: 20.6.5.1.5 Affected: 20.9.3.0.4 Affected: 20.6.4.0.19 Affected: 20.6.5.1.6 Affected: 20.9.3.0.8 Affected: 20.6.3.3 Affected: 20.3.7.2 Affected: 20.6.5.4 Affected: 20.6.5.1.7 Affected: 20.9.3.0.12 Affected: 20.6.4.2 Affected: 20.6.5.5 Affected: 20.9.3.2 Affected: 20.11.1.2 Affected: 20.6.3.4 Affected: 20.10.1.2 Affected: 20.6.5.1.9 Affected: 20.9.3.0.16 Affected: 20.6.3.0.45 Affected: 20.6.5.1.10 Affected: 20.9.3.0.17 Affected: 20.6.5.2.4 Affected: 20.6.4.0.21 Affected: 20.9.3.0.18 Affected: 20.6.3.0.46 Affected: 20.6.3.0.47 Affected: 20.9.2.3 Affected: 20.9.3.2_LI_Images Affected: 20.9.3.0.21 Affected: 20.9.3.0.20 Affected: 20.9.4_LI_Images Affected: 20.9.4 Affected: 20.6.5.1.11 Affected: 20.12.1 Affected: 20.12.1_LI_Images Affected: 20.6.5.1.13 Affected: 20.9.3.0.23 Affected: 20.6.5.2.8 Affected: 20.9.4.1 Affected: 20.9.4.1_LI_Images Affected: 20.9.3.0.25 Affected: 20.9.3.0.24 Affected: 20.6.5.1.14 Affected: 20.3.8 Affected: 20.6.6 Affected: 20.9.3.0.26 Affected: 20.6.3.0.51 Affected: 20.9.3.0.29 Affected: 20.12.2 Affected: 20.12.2_LI_Images Affected: 20.6.6.0.1 Affected: 20.13.1_LI_Images Affected: 20.9.4.0.4 Affected: 20.13.1 Affected: 20.9.4.1.1 Affected: 20.9.5 Affected: 20.9.5_LI_Images Affected: 20.12.3_LI_Images Affected: 20.12.3 Affected: 20.9.4.1.3 Affected: 20.6.7 Affected: 20.9.5.1 Affected: 20.9.5.1_LI_Images Affected: 20.9.4.1.6 Affected: 20.14.1 Affected: 20.14.1_LI_Images Affected: 20.9.5.2 Affected: 20.9.5.2.1 Affected: 20.9.5.2_LI_Images Affected: 20.12.3.1 Affected: 20.12.4 Affected: 20.15.1_LI_Images Affected: 20.15.1 Affected: 20.9.5.1.4 Affected: 20.9.5.2.7 Affected: 20.9.5.2.13 Affected: 20.9.6 Affected: 20.9.6_LI_Images Affected: 20.9.5.2.14 Affected: 20.6.8 Affected: 20.12.4.0.03 Affected: 20.16.1 Affected: 20.16.1_LI_Images Affected: 20.12.4_LI_Images Affected: 20.9.5.2.16 Affected: 20.12.4.0.4 Affected: 20.12.401 Affected: 20.9.5.3 Affected: 20.9.5.3_LI_Images Affected: 20.12.4.1_LI_Images Affected: 20.12.4.1 Affected: 20.9.5.2.21 Affected: 20.9.6.0.3 Affected: 20.12.4.0.6 Affected: 20.15.2_LI_Images Affected: 20.15.2 Affected: 20.12.4_Monthly_ES5 Affected: 20.12.5 Affected: 20.12.5_LI_Images Affected: 20.9.7_LI _Images Affected: 20.9.7 Affected: 20.15.3 Affected: 20.15.3_ LI _Images Affected: 20.12.501 Affected: 20.12.5.1_LI_Images Affected: 20.12.5.1 Affected: 20.12.5.2_LI_Images Affected: 20.12.5.2 Affected: 20.15.3.1 Affected: 20.15.4_LI_Images Affected: 20.15.4 Affected: 20.9.7.1_LI _Images Affected: 20.9.7.1 Affected: 20.18.1 Affected: 20.18.1_LI_Images Affected: 20.12.6_LI_Images Affected: 20.12.6 Affected: 20.12.5.1.01 Affected: 20.9.8 Affected: 20.9.8_LI_Images Affected: 20.18.2 Affected: 20.15.4.1_LI_Images Affected: 20.15.4.1 Affected: 20.18.2_LI_Images |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-20122",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-06T05:01:17.292143Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-09T13:50:12.729Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco Catalyst SD-WAN Manager",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "20.1.12"
},
{
"status": "affected",
"version": "19.2.1"
},
{
"status": "affected",
"version": "18.4.4"
},
{
"status": "affected",
"version": "18.4.5"
},
{
"status": "affected",
"version": "20.1.1.1"
},
{
"status": "affected",
"version": "20.1.1"
},
{
"status": "affected",
"version": "19.3.0"
},
{
"status": "affected",
"version": "19.2.2"
},
{
"status": "affected",
"version": "19.2.099"
},
{
"status": "affected",
"version": "18.3.6"
},
{
"status": "affected",
"version": "18.3.7"
},
{
"status": "affected",
"version": "19.2.0"
},
{
"status": "affected",
"version": "18.3.8"
},
{
"status": "affected",
"version": "19.0.0"
},
{
"status": "affected",
"version": "19.1.0"
},
{
"status": "affected",
"version": "18.4.302"
},
{
"status": "affected",
"version": "18.4.303"
},
{
"status": "affected",
"version": "19.2.097"
},
{
"status": "affected",
"version": "19.2.098"
},
{
"status": "affected",
"version": "17.2.10"
},
{
"status": "affected",
"version": "18.3.6.1"
},
{
"status": "affected",
"version": "19.0.1a"
},
{
"status": "affected",
"version": "18.2.0"
},
{
"status": "affected",
"version": "18.4.3"
},
{
"status": "affected",
"version": "18.4.1"
},
{
"status": "affected",
"version": "17.2.8"
},
{
"status": "affected",
"version": "18.3.3.1"
},
{
"status": "affected",
"version": "18.4.0"
},
{
"status": "affected",
"version": "18.3.1"
},
{
"status": "affected",
"version": "17.2.6"
},
{
"status": "affected",
"version": "17.2.9"
},
{
"status": "affected",
"version": "18.3.4"
},
{
"status": "affected",
"version": "17.2.5"
},
{
"status": "affected",
"version": "18.3.1.1"
},
{
"status": "affected",
"version": "18.3.5"
},
{
"status": "affected",
"version": "18.4.0.1"
},
{
"status": "affected",
"version": "18.3.3"
},
{
"status": "affected",
"version": "17.2.7"
},
{
"status": "affected",
"version": "17.2.4"
},
{
"status": "affected",
"version": "18.3.0"
},
{
"status": "affected",
"version": "19.2.3"
},
{
"status": "affected",
"version": "18.4.501_ES"
},
{
"status": "affected",
"version": "20.3.1"
},
{
"status": "affected",
"version": "20.1.2"
},
{
"status": "affected",
"version": "19.2.929"
},
{
"status": "affected",
"version": "19.2.31"
},
{
"status": "affected",
"version": "20.3.2"
},
{
"status": "affected",
"version": "19.2.32"
},
{
"status": "affected",
"version": "20.3.2_925"
},
{
"status": "affected",
"version": "20.3.2.1"
},
{
"status": "affected",
"version": "20.3.2.1_927"
},
{
"status": "affected",
"version": "18.4.6"
},
{
"status": "affected",
"version": "20.1.2_937"
},
{
"status": "affected",
"version": "20.4.1"
},
{
"status": "affected",
"version": "20.3.2_928"
},
{
"status": "affected",
"version": "20.3.2_929"
},
{
"status": "affected",
"version": "20.4.1.0.1"
},
{
"status": "affected",
"version": "20.3.2.1_930"
},
{
"status": "affected",
"version": "19.2.4"
},
{
"status": "affected",
"version": "20.5.0.1.1"
},
{
"status": "affected",
"version": "20.4.1.1"
},
{
"status": "affected",
"version": "20.3.3"
},
{
"status": "affected",
"version": "19.2.4.0.1"
},
{
"status": "affected",
"version": "20.3.2_937"
},
{
"status": "affected",
"version": "20.3.3.1"
},
{
"status": "affected",
"version": "20.5.1"
},
{
"status": "affected",
"version": "20.1.3"
},
{
"status": "affected",
"version": "20.3.3.0.4"
},
{
"status": "affected",
"version": "20.3.3.1.2"
},
{
"status": "affected",
"version": "20.3.3.1.1"
},
{
"status": "affected",
"version": "20.4.1.2"
},
{
"status": "affected",
"version": "20.3.3.0.2"
},
{
"status": "affected",
"version": "20.4.1.1.5"
},
{
"status": "affected",
"version": "20.4.1.0.01"
},
{
"status": "affected",
"version": "20.4.1.0.02"
},
{
"status": "affected",
"version": "20.3.3.1.7"
},
{
"status": "affected",
"version": "20.3.3.1.5"
},
{
"status": "affected",
"version": "20.5.1.0.1"
},
{
"status": "affected",
"version": "20.3.3.1.10"
},
{
"status": "affected",
"version": "20.3.3.0.8"
},
{
"status": "affected",
"version": "20.4.2"
},
{
"status": "affected",
"version": "20.4.2.0.1"
},
{
"status": "affected",
"version": "20.3.4"
},
{
"status": "affected",
"version": "20.3.3.0.14"
},
{
"status": "affected",
"version": "19.2.4.0.8"
},
{
"status": "affected",
"version": "19.2.4.0.9"
},
{
"status": "affected",
"version": "20.3.4.0.1"
},
{
"status": "affected",
"version": "20.3.2.0.5"
},
{
"status": "affected",
"version": "20.6.1"
},
{
"status": "affected",
"version": "20.5.1.0.2"
},
{
"status": "affected",
"version": "20.3.3.0.17"
},
{
"status": "affected",
"version": "20.6.1.1"
},
{
"status": "affected",
"version": "20.6.0.18.3"
},
{
"status": "affected",
"version": "20.3.2.0.6"
},
{
"status": "affected",
"version": "20.6.0.18.4"
},
{
"status": "affected",
"version": "20.4.2.0.2"
},
{
"status": "affected",
"version": "20.3.3.0.16"
},
{
"status": "affected",
"version": "20.3.4.0.5"
},
{
"status": "affected",
"version": "20.6.1.0.1"
},
{
"status": "affected",
"version": "20.3.4.0.6"
},
{
"status": "affected",
"version": "20.6.2"
},
{
"status": "affected",
"version": "20.7.1EFT2"
},
{
"status": "affected",
"version": "20.3.4.0.9"
},
{
"status": "affected",
"version": "20.3.4.0.11"
},
{
"status": "affected",
"version": "20.4.2.0.4"
},
{
"status": "affected",
"version": "20.3.3.0.18"
},
{
"status": "affected",
"version": "20.7.1"
},
{
"status": "affected",
"version": "20.6.2.1"
},
{
"status": "affected",
"version": "20.3.4.1"
},
{
"status": "affected",
"version": "20.5.1.1"
},
{
"status": "affected",
"version": "20.4.2.1"
},
{
"status": "affected",
"version": "20.4.2.1.1"
},
{
"status": "affected",
"version": "20.3.4.1.1"
},
{
"status": "affected",
"version": "20.3.813"
},
{
"status": "affected",
"version": "20.3.4.0.19"
},
{
"status": "affected",
"version": "20.4.2.2.1"
},
{
"status": "affected",
"version": "20.5.1.2"
},
{
"status": "affected",
"version": "20.3.4.2"
},
{
"status": "affected",
"version": "20.3.814"
},
{
"status": "affected",
"version": "20.4.2.2"
},
{
"status": "affected",
"version": "20.6.2.2"
},
{
"status": "affected",
"version": "20.3.4.2.1"
},
{
"status": "affected",
"version": "20.7.1.1"
},
{
"status": "affected",
"version": "20.3.4.1.2"
},
{
"status": "affected",
"version": "20.6.2.2.2"
},
{
"status": "affected",
"version": "20.3.4.0.20"
},
{
"status": "affected",
"version": "20.6.2.2.3"
},
{
"status": "affected",
"version": "20.4.2.2.2"
},
{
"status": "affected",
"version": "20.3.5"
},
{
"status": "affected",
"version": "20.6.2.0.4"
},
{
"status": "affected",
"version": "20.4.2.2.3"
},
{
"status": "affected",
"version": "20.3.4.0.24"
},
{
"status": "affected",
"version": "20.6.2.2.7"
},
{
"status": "affected",
"version": "20.6.3"
},
{
"status": "affected",
"version": "20.3.4.2.2"
},
{
"status": "affected",
"version": "20.4.2.2.4"
},
{
"status": "affected",
"version": "20.7.1.0.2"
},
{
"status": "affected",
"version": "20.8.1"
},
{
"status": "affected",
"version": "20.3.5.0.8"
},
{
"status": "affected",
"version": "20.3.5.0.9"
},
{
"status": "affected",
"version": "20.4.2.2.8"
},
{
"status": "affected",
"version": "20.3.5.0.7"
},
{
"status": "affected",
"version": "20.6.3.0.7"
},
{
"status": "affected",
"version": "20.6.3.0.5"
},
{
"status": "affected",
"version": "20.6.3.0.10"
},
{
"status": "affected",
"version": "20.6.3.0.2"
},
{
"status": "affected",
"version": "20.7.2"
},
{
"status": "affected",
"version": "20.9.1EFT2"
},
{
"status": "affected",
"version": "20.6.3.0.11"
},
{
"status": "affected",
"version": "20.6.3.1"
},
{
"status": "affected",
"version": "20.6.3.0.14"
},
{
"status": "affected",
"version": "20.6.4"
},
{
"status": "affected",
"version": "20.9.1"
},
{
"status": "affected",
"version": "20.6.3.0.19"
},
{
"status": "affected",
"version": "20.6.3.0.18"
},
{
"status": "affected",
"version": "20.3.6"
},
{
"status": "affected",
"version": "20.9.1.1"
},
{
"status": "affected",
"version": "20.6.3.0.23"
},
{
"status": "affected",
"version": "20.6.4.0.4"
},
{
"status": "affected",
"version": "20.6.3.0.25"
},
{
"status": "affected",
"version": "20.6.5"
},
{
"status": "affected",
"version": "20.6.3.0.27"
},
{
"status": "affected",
"version": "20.9.2"
},
{
"status": "affected",
"version": "20.9.2.1"
},
{
"status": "affected",
"version": "20.6.3.0.29"
},
{
"status": "affected",
"version": "20.6.3.0.31"
},
{
"status": "affected",
"version": "20.6.3.0.32"
},
{
"status": "affected",
"version": "20.10.1"
},
{
"status": "affected",
"version": "20.6.3.0.33"
},
{
"status": "affected",
"version": "20.9.2.0.01"
},
{
"status": "affected",
"version": "20.9.1_LI_Images"
},
{
"status": "affected",
"version": "20.10.1_LI_Images"
},
{
"status": "affected",
"version": "20.9.2_LI_Images"
},
{
"status": "affected",
"version": "20.3.7"
},
{
"status": "affected",
"version": "20.9.3"
},
{
"status": "affected",
"version": "20.6.5.1"
},
{
"status": "affected",
"version": "20.11.1"
},
{
"status": "affected",
"version": "20.11.1_LI_Images"
},
{
"status": "affected",
"version": "20.9.3_LI_ Images"
},
{
"status": "affected",
"version": "20.6.3.1.1"
},
{
"status": "affected",
"version": "20.9.3.0.2"
},
{
"status": "affected",
"version": "20.6.5.1.2"
},
{
"status": "affected",
"version": "20.9.3.0.3"
},
{
"status": "affected",
"version": "20.4.2.3"
},
{
"status": "affected",
"version": "20.6.3.2"
},
{
"status": "affected",
"version": "20.6.4.1"
},
{
"status": "affected",
"version": "20.6.3.0.38"
},
{
"status": "affected",
"version": "20.6.3.0.39"
},
{
"status": "affected",
"version": "20.3.5.1"
},
{
"status": "affected",
"version": "20.3.4.3"
},
{
"status": "affected",
"version": "20.9.3.1"
},
{
"status": "affected",
"version": "20.3.3.2"
},
{
"status": "affected",
"version": "20.6.5.2"
},
{
"status": "affected",
"version": "20.3.7.1"
},
{
"status": "affected",
"version": "20.10.1.1"
},
{
"status": "affected",
"version": "20.6.5.2.1"
},
{
"status": "affected",
"version": "20.3.4.0.25"
},
{
"status": "affected",
"version": "20.6.2.2.4"
},
{
"status": "affected",
"version": "20.6.1.2"
},
{
"status": "affected",
"version": "20.11.1.1"
},
{
"status": "affected",
"version": "20.9.3.0.5"
},
{
"status": "affected",
"version": "20.3.4.0.26"
},
{
"status": "affected",
"version": "20.6.5.1.3"
},
{
"status": "affected",
"version": "20.6.3.0.40"
},
{
"status": "affected",
"version": "20.1.3.1"
},
{
"status": "affected",
"version": "20.9.2.2"
},
{
"status": "affected",
"version": "20.6.5.2.3"
},
{
"status": "affected",
"version": "20.6.5.1.4"
},
{
"status": "affected",
"version": "20.6.5.3"
},
{
"status": "affected",
"version": "20.6.3.0.41"
},
{
"status": "affected",
"version": "20.9.3.0.7"
},
{
"status": "affected",
"version": "20.6.5.1.5"
},
{
"status": "affected",
"version": "20.9.3.0.4"
},
{
"status": "affected",
"version": "20.6.4.0.19"
},
{
"status": "affected",
"version": "20.6.5.1.6"
},
{
"status": "affected",
"version": "20.9.3.0.8"
},
{
"status": "affected",
"version": "20.6.3.3"
},
{
"status": "affected",
"version": "20.3.7.2"
},
{
"status": "affected",
"version": "20.6.5.4"
},
{
"status": "affected",
"version": "20.6.5.1.7"
},
{
"status": "affected",
"version": "20.9.3.0.12"
},
{
"status": "affected",
"version": "20.6.4.2"
},
{
"status": "affected",
"version": "20.6.5.5"
},
{
"status": "affected",
"version": "20.9.3.2"
},
{
"status": "affected",
"version": "20.11.1.2"
},
{
"status": "affected",
"version": "20.6.3.4"
},
{
"status": "affected",
"version": "20.10.1.2"
},
{
"status": "affected",
"version": "20.6.5.1.9"
},
{
"status": "affected",
"version": "20.9.3.0.16"
},
{
"status": "affected",
"version": "20.6.3.0.45"
},
{
"status": "affected",
"version": "20.6.5.1.10"
},
{
"status": "affected",
"version": "20.9.3.0.17"
},
{
"status": "affected",
"version": "20.6.5.2.4"
},
{
"status": "affected",
"version": "20.6.4.0.21"
},
{
"status": "affected",
"version": "20.9.3.0.18"
},
{
"status": "affected",
"version": "20.6.3.0.46"
},
{
"status": "affected",
"version": "20.6.3.0.47"
},
{
"status": "affected",
"version": "20.9.2.3"
},
{
"status": "affected",
"version": "20.9.3.2_LI_Images"
},
{
"status": "affected",
"version": "20.9.3.0.21"
},
{
"status": "affected",
"version": "20.9.3.0.20"
},
{
"status": "affected",
"version": "20.9.4_LI_Images"
},
{
"status": "affected",
"version": "20.9.4"
},
{
"status": "affected",
"version": "20.6.5.1.11"
},
{
"status": "affected",
"version": "20.12.1"
},
{
"status": "affected",
"version": "20.12.1_LI_Images"
},
{
"status": "affected",
"version": "20.6.5.1.13"
},
{
"status": "affected",
"version": "20.9.3.0.23"
},
{
"status": "affected",
"version": "20.6.5.2.8"
},
{
"status": "affected",
"version": "20.9.4.1"
},
{
"status": "affected",
"version": "20.9.4.1_LI_Images"
},
{
"status": "affected",
"version": "20.9.3.0.25"
},
{
"status": "affected",
"version": "20.9.3.0.24"
},
{
"status": "affected",
"version": "20.6.5.1.14"
},
{
"status": "affected",
"version": "20.3.8"
},
{
"status": "affected",
"version": "20.6.6"
},
{
"status": "affected",
"version": "20.9.3.0.26"
},
{
"status": "affected",
"version": "20.6.3.0.51"
},
{
"status": "affected",
"version": "20.9.3.0.29"
},
{
"status": "affected",
"version": "20.12.2"
},
{
"status": "affected",
"version": "20.12.2_LI_Images"
},
{
"status": "affected",
"version": "20.6.6.0.1"
},
{
"status": "affected",
"version": "20.13.1_LI_Images"
},
{
"status": "affected",
"version": "20.9.4.0.4"
},
{
"status": "affected",
"version": "20.13.1"
},
{
"status": "affected",
"version": "20.9.4.1.1"
},
{
"status": "affected",
"version": "20.9.5"
},
{
"status": "affected",
"version": "20.9.5_LI_Images"
},
{
"status": "affected",
"version": "20.12.3_LI_Images"
},
{
"status": "affected",
"version": "20.12.3"
},
{
"status": "affected",
"version": "20.9.4.1.3"
},
{
"status": "affected",
"version": "20.6.7"
},
{
"status": "affected",
"version": "20.9.5.1"
},
{
"status": "affected",
"version": "20.9.5.1_LI_Images"
},
{
"status": "affected",
"version": "20.9.4.1.6"
},
{
"status": "affected",
"version": "20.14.1"
},
{
"status": "affected",
"version": "20.14.1_LI_Images"
},
{
"status": "affected",
"version": "20.9.5.2"
},
{
"status": "affected",
"version": "20.9.5.2.1"
},
{
"status": "affected",
"version": "20.9.5.2_LI_Images"
},
{
"status": "affected",
"version": "20.12.3.1"
},
{
"status": "affected",
"version": "20.12.4"
},
{
"status": "affected",
"version": "20.15.1_LI_Images"
},
{
"status": "affected",
"version": "20.15.1"
},
{
"status": "affected",
"version": "20.9.5.1.4"
},
{
"status": "affected",
"version": "20.9.5.2.7"
},
{
"status": "affected",
"version": "20.9.5.2.13"
},
{
"status": "affected",
"version": "20.9.6"
},
{
"status": "affected",
"version": "20.9.6_LI_Images"
},
{
"status": "affected",
"version": "20.9.5.2.14"
},
{
"status": "affected",
"version": "20.6.8"
},
{
"status": "affected",
"version": "20.12.4.0.03"
},
{
"status": "affected",
"version": "20.16.1"
},
{
"status": "affected",
"version": "20.16.1_LI_Images"
},
{
"status": "affected",
"version": "20.12.4_LI_Images"
},
{
"status": "affected",
"version": "20.9.5.2.16"
},
{
"status": "affected",
"version": "20.12.4.0.4"
},
{
"status": "affected",
"version": "20.12.401"
},
{
"status": "affected",
"version": "20.9.5.3"
},
{
"status": "affected",
"version": "20.9.5.3_LI_Images"
},
{
"status": "affected",
"version": "20.12.4.1_LI_Images"
},
{
"status": "affected",
"version": "20.12.4.1"
},
{
"status": "affected",
"version": "20.9.5.2.21"
},
{
"status": "affected",
"version": "20.9.6.0.3"
},
{
"status": "affected",
"version": "20.12.4.0.6"
},
{
"status": "affected",
"version": "20.15.2_LI_Images"
},
{
"status": "affected",
"version": "20.15.2"
},
{
"status": "affected",
"version": "20.12.4_Monthly_ES5"
},
{
"status": "affected",
"version": "20.12.5"
},
{
"status": "affected",
"version": "20.12.5_LI_Images"
},
{
"status": "affected",
"version": "20.9.7_LI _Images"
},
{
"status": "affected",
"version": "20.9.7"
},
{
"status": "affected",
"version": "20.15.3"
},
{
"status": "affected",
"version": "20.15.3_ LI _Images"
},
{
"status": "affected",
"version": "20.12.501"
},
{
"status": "affected",
"version": "20.12.5.1_LI_Images"
},
{
"status": "affected",
"version": "20.12.5.1"
},
{
"status": "affected",
"version": "20.12.5.2_LI_Images"
},
{
"status": "affected",
"version": "20.12.5.2"
},
{
"status": "affected",
"version": "20.15.3.1"
},
{
"status": "affected",
"version": "20.15.4_LI_Images"
},
{
"status": "affected",
"version": "20.15.4"
},
{
"status": "affected",
"version": "20.9.7.1_LI _Images"
},
{
"status": "affected",
"version": "20.9.7.1"
},
{
"status": "affected",
"version": "20.18.1"
},
{
"status": "affected",
"version": "20.18.1_LI_Images"
},
{
"status": "affected",
"version": "20.12.6_LI_Images"
},
{
"status": "affected",
"version": "20.12.6"
},
{
"status": "affected",
"version": "20.12.5.1.01"
},
{
"status": "affected",
"version": "20.9.8"
},
{
"status": "affected",
"version": "20.9.8_LI_Images"
},
{
"status": "affected",
"version": "20.18.2"
},
{
"status": "affected",
"version": "20.15.4.1_LI_Images"
},
{
"status": "affected",
"version": "20.15.4.1"
},
{
"status": "affected",
"version": "20.18.2_LI_Images"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the API of Cisco Catalyst SD-WAN Manager could allow an authenticated, remote attacker to overwrite arbitrary files on the local file system. To exploit this vulnerability, the attacker must have valid read-only credentials with API access on the affected system.\r\n\r\nThis vulnerability is due to improper file handling on the API interface of an affected system. An attacker could exploit this vulnerability by uploading a malicious file on the local file system. A successful exploit could allow the attacker to overwrite arbitrary files on the affected system\u0026nbsp;and gain vmanage user privileges."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-648",
"description": "Incorrect Use of Privileged APIs",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-25T16:17:57.583Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-sdwan-authbp-qwCX8D4v",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-authbp-qwCX8D4v"
}
],
"source": {
"advisory": "cisco-sa-sdwan-authbp-qwCX8D4v",
"defects": [
"CSCws33584"
],
"discovery": "INTERNAL"
},
"title": "Cisco Catalyst SD-WAN Manager Arbitrary File Overwrite Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2026-20122",
"datePublished": "2026-02-25T16:14:21.256Z",
"dateReserved": "2025-10-08T11:59:15.377Z",
"dateUpdated": "2026-03-09T13:50:12.729Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-20129 (GCVE-0-2026-20129)
Vulnerability from cvelistv5 – Published: 2026-02-25 16:14 – Updated: 2026-02-26 14:44
VLAI?
EPSS
Title
Cisco Catayst SD-WAN Authentication Bypass Vulnerability
Summary
A vulnerability in the API user authentication of Cisco Catalyst SD-WAN Manager could allow an unauthenticated, remote attacker to gain access to an affected system as a user who has the netadmin role.
The vulnerability is due to improper authentication for requests that are sent to the API. An attacker could exploit this vulnerability by sending a crafted request to the API of an affected system. A successful exploit could allow the attacker to execute commands with the privileges of the netadmin role.
Note: Cisco Catalyst SD-WAN Manager releases 20.18 and later are not affected by this vulnerability.
Severity ?
9.8 (Critical)
CWE
- CWE-287 - Improper Authentication
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Catalyst SD-WAN Manager |
Affected:
20.1.12
Affected: 19.2.1 Affected: 18.4.4 Affected: 18.4.5 Affected: 20.1.1.1 Affected: 20.1.1 Affected: 19.3.0 Affected: 19.2.2 Affected: 19.2.099 Affected: 18.3.6 Affected: 18.3.7 Affected: 19.2.0 Affected: 18.3.8 Affected: 19.0.0 Affected: 19.1.0 Affected: 18.4.302 Affected: 18.4.303 Affected: 19.2.097 Affected: 19.2.098 Affected: 17.2.10 Affected: 18.3.6.1 Affected: 19.0.1a Affected: 18.2.0 Affected: 18.4.3 Affected: 18.4.1 Affected: 17.2.8 Affected: 18.3.3.1 Affected: 18.4.0 Affected: 18.3.1 Affected: 17.2.6 Affected: 17.2.9 Affected: 18.3.4 Affected: 17.2.5 Affected: 18.3.1.1 Affected: 18.3.5 Affected: 18.4.0.1 Affected: 18.3.3 Affected: 17.2.7 Affected: 17.2.4 Affected: 18.3.0 Affected: 19.2.3 Affected: 18.4.501_ES Affected: 20.3.1 Affected: 20.1.2 Affected: 19.2.929 Affected: 19.2.31 Affected: 20.3.2 Affected: 19.2.32 Affected: 20.3.2_925 Affected: 20.3.2.1 Affected: 20.3.2.1_927 Affected: 18.4.6 Affected: 20.1.2_937 Affected: 20.4.1 Affected: 20.3.2_928 Affected: 20.3.2_929 Affected: 20.4.1.0.1 Affected: 20.3.2.1_930 Affected: 19.2.4 Affected: 20.5.0.1.1 Affected: 20.4.1.1 Affected: 20.3.3 Affected: 19.2.4.0.1 Affected: 20.3.2_937 Affected: 20.3.3.1 Affected: 20.5.1 Affected: 20.1.3 Affected: 20.3.3.0.4 Affected: 20.3.3.1.2 Affected: 20.3.3.1.1 Affected: 20.4.1.2 Affected: 20.3.3.0.2 Affected: 20.4.1.1.5 Affected: 20.4.1.0.01 Affected: 20.4.1.0.02 Affected: 20.3.3.1.7 Affected: 20.3.3.1.5 Affected: 20.5.1.0.1 Affected: 20.3.3.1.10 Affected: 20.3.3.0.8 Affected: 20.4.2 Affected: 20.4.2.0.1 Affected: 20.3.4 Affected: 20.3.3.0.14 Affected: 19.2.4.0.8 Affected: 19.2.4.0.9 Affected: 20.3.4.0.1 Affected: 20.3.2.0.5 Affected: 20.6.1 Affected: 20.5.1.0.2 Affected: 20.3.3.0.17 Affected: 20.6.1.1 Affected: 20.6.0.18.3 Affected: 20.3.2.0.6 Affected: 20.6.0.18.4 Affected: 20.4.2.0.2 Affected: 20.3.3.0.16 Affected: 20.3.4.0.5 Affected: 20.6.1.0.1 Affected: 20.3.4.0.6 Affected: 20.6.2 Affected: 20.7.1EFT2 Affected: 20.3.4.0.9 Affected: 20.3.4.0.11 Affected: 20.4.2.0.4 Affected: 20.3.3.0.18 Affected: 20.7.1 Affected: 20.6.2.1 Affected: 20.3.4.1 Affected: 20.5.1.1 Affected: 20.4.2.1 Affected: 20.4.2.1.1 Affected: 20.3.4.1.1 Affected: 20.3.813 Affected: 20.3.4.0.19 Affected: 20.4.2.2.1 Affected: 20.5.1.2 Affected: 20.3.4.2 Affected: 20.3.814 Affected: 20.4.2.2 Affected: 20.6.2.2 Affected: 20.3.4.2.1 Affected: 20.7.1.1 Affected: 20.3.4.1.2 Affected: 20.6.2.2.2 Affected: 20.3.4.0.20 Affected: 20.6.2.2.3 Affected: 20.4.2.2.2 Affected: 20.3.5 Affected: 20.6.2.0.4 Affected: 20.4.2.2.3 Affected: 20.3.4.0.24 Affected: 20.6.2.2.7 Affected: 20.6.3 Affected: 20.3.4.2.2 Affected: 20.4.2.2.4 Affected: 20.7.1.0.2 Affected: 20.8.1 Affected: 20.3.5.0.8 Affected: 20.3.5.0.9 Affected: 20.4.2.2.8 Affected: 20.3.5.0.7 Affected: 20.6.3.0.7 Affected: 20.6.3.0.5 Affected: 20.6.3.0.10 Affected: 20.6.3.0.2 Affected: 20.7.2 Affected: 20.9.1EFT2 Affected: 20.6.3.0.11 Affected: 20.6.3.1 Affected: 20.6.3.0.14 Affected: 20.6.4 Affected: 20.9.1 Affected: 20.6.3.0.19 Affected: 20.6.3.0.18 Affected: 20.3.6 Affected: 20.9.1.1 Affected: 20.6.3.0.23 Affected: 20.6.4.0.4 Affected: 20.6.3.0.25 Affected: 20.6.5 Affected: 20.6.3.0.27 Affected: 20.9.2 Affected: 20.9.2.1 Affected: 20.6.3.0.29 Affected: 20.6.3.0.31 Affected: 20.6.3.0.32 Affected: 20.10.1 Affected: 20.6.3.0.33 Affected: 20.9.2.0.01 Affected: 20.9.1_LI_Images Affected: 20.10.1_LI_Images Affected: 20.9.2_LI_Images Affected: 20.3.7 Affected: 20.9.3 Affected: 20.6.5.1 Affected: 20.11.1 Affected: 20.11.1_LI_Images Affected: 20.9.3_LI_ Images Affected: 20.6.3.1.1 Affected: 20.9.3.0.2 Affected: 20.6.5.1.2 Affected: 20.9.3.0.3 Affected: 20.4.2.3 Affected: 20.6.3.2 Affected: 20.6.4.1 Affected: 20.6.3.0.38 Affected: 20.6.3.0.39 Affected: 20.3.5.1 Affected: 20.3.4.3 Affected: 20.9.3.1 Affected: 20.3.3.2 Affected: 20.6.5.2 Affected: 20.3.7.1 Affected: 20.10.1.1 Affected: 20.6.5.2.1 Affected: 20.3.4.0.25 Affected: 20.6.2.2.4 Affected: 20.6.1.2 Affected: 20.11.1.1 Affected: 20.9.3.0.5 Affected: 20.3.4.0.26 Affected: 20.6.5.1.3 Affected: 20.6.3.0.40 Affected: 20.1.3.1 Affected: 20.9.2.2 Affected: 20.6.5.2.3 Affected: 20.6.5.1.4 Affected: 20.6.5.3 Affected: 20.6.3.0.41 Affected: 20.9.3.0.7 Affected: 20.6.5.1.5 Affected: 20.9.3.0.4 Affected: 20.6.4.0.19 Affected: 20.6.5.1.6 Affected: 20.9.3.0.8 Affected: 20.6.3.3 Affected: 20.3.7.2 Affected: 20.6.5.4 Affected: 20.6.5.1.7 Affected: 20.9.3.0.12 Affected: 20.6.4.2 Affected: 20.6.5.5 Affected: 20.9.3.2 Affected: 20.11.1.2 Affected: 20.6.3.4 Affected: 20.10.1.2 Affected: 20.6.5.1.9 Affected: 20.9.3.0.16 Affected: 20.6.3.0.45 Affected: 20.6.5.1.10 Affected: 20.9.3.0.17 Affected: 20.6.5.2.4 Affected: 20.6.4.0.21 Affected: 20.9.3.0.18 Affected: 20.6.3.0.46 Affected: 20.6.3.0.47 Affected: 20.9.2.3 Affected: 20.9.3.2_LI_Images Affected: 20.9.3.0.21 Affected: 20.9.3.0.20 Affected: 20.9.4_LI_Images Affected: 20.9.4 Affected: 20.6.5.1.11 Affected: 20.12.1 Affected: 20.12.1_LI_Images Affected: 20.6.5.1.13 Affected: 20.9.3.0.23 Affected: 20.6.5.2.8 Affected: 20.9.4.1 Affected: 20.9.4.1_LI_Images Affected: 20.9.3.0.25 Affected: 20.9.3.0.24 Affected: 20.6.5.1.14 Affected: 20.3.8 Affected: 20.6.6 Affected: 20.9.3.0.26 Affected: 20.6.3.0.51 Affected: 20.9.3.0.29 Affected: 20.12.2 Affected: 20.12.2_LI_Images Affected: 20.6.6.0.1 Affected: 20.13.1_LI_Images Affected: 20.9.4.0.4 Affected: 20.13.1 Affected: 20.9.4.1.1 Affected: 20.9.5 Affected: 20.9.5_LI_Images Affected: 20.12.3_LI_Images Affected: 20.12.3 Affected: 20.9.4.1.3 Affected: 20.6.7 Affected: 20.9.5.1 Affected: 20.9.5.1_LI_Images Affected: 20.9.4.1.6 Affected: 20.14.1 Affected: 20.14.1_LI_Images Affected: 20.9.5.2 Affected: 20.9.5.2.1 Affected: 20.9.5.2_LI_Images Affected: 20.12.3.1 Affected: 20.12.4 Affected: 20.15.1_LI_Images Affected: 20.15.1 Affected: 20.9.5.1.4 Affected: 20.9.5.2.7 Affected: 20.9.5.2.13 Affected: 20.9.6 Affected: 20.9.6_LI_Images Affected: 20.9.5.2.14 Affected: 20.6.8 Affected: 20.12.4.0.03 Affected: 20.16.1 Affected: 20.16.1_LI_Images Affected: 20.12.4_LI_Images Affected: 20.9.5.2.16 Affected: 20.12.4.0.4 Affected: 20.12.401 Affected: 20.9.5.3 Affected: 20.9.5.3_LI_Images Affected: 20.12.4.1_LI_Images Affected: 20.12.4.1 Affected: 20.9.5.2.21 Affected: 20.9.6.0.3 Affected: 20.12.4.0.6 Affected: 20.15.2_LI_Images Affected: 20.15.2 Affected: 20.12.4_Monthly_ES5 Affected: 20.12.5 Affected: 20.12.5_LI_Images Affected: 20.9.7_LI _Images Affected: 20.9.7 Affected: 20.15.3 Affected: 20.15.3_ LI _Images Affected: 20.12.501 Affected: 20.12.5.1_LI_Images Affected: 20.12.5.1 Affected: 20.12.5.2_LI_Images Affected: 20.12.5.2 Affected: 20.15.3.1 Affected: 20.15.4_LI_Images Affected: 20.15.4 Affected: 20.9.7.1_LI _Images Affected: 20.9.7.1 Affected: 20.18.1 Affected: 20.18.1_LI_Images Affected: 20.12.6_LI_Images Affected: 20.12.6 Affected: 20.12.5.1.01 Affected: 20.9.8 Affected: 20.9.8_LI_Images Affected: 20.18.2 Affected: 20.15.4.1_LI_Images Affected: 20.15.4.1 Affected: 20.18.2_LI_Images |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-20129",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-26T04:56:11.188124Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T14:44:06.393Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco Catalyst SD-WAN Manager",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "20.1.12"
},
{
"status": "affected",
"version": "19.2.1"
},
{
"status": "affected",
"version": "18.4.4"
},
{
"status": "affected",
"version": "18.4.5"
},
{
"status": "affected",
"version": "20.1.1.1"
},
{
"status": "affected",
"version": "20.1.1"
},
{
"status": "affected",
"version": "19.3.0"
},
{
"status": "affected",
"version": "19.2.2"
},
{
"status": "affected",
"version": "19.2.099"
},
{
"status": "affected",
"version": "18.3.6"
},
{
"status": "affected",
"version": "18.3.7"
},
{
"status": "affected",
"version": "19.2.0"
},
{
"status": "affected",
"version": "18.3.8"
},
{
"status": "affected",
"version": "19.0.0"
},
{
"status": "affected",
"version": "19.1.0"
},
{
"status": "affected",
"version": "18.4.302"
},
{
"status": "affected",
"version": "18.4.303"
},
{
"status": "affected",
"version": "19.2.097"
},
{
"status": "affected",
"version": "19.2.098"
},
{
"status": "affected",
"version": "17.2.10"
},
{
"status": "affected",
"version": "18.3.6.1"
},
{
"status": "affected",
"version": "19.0.1a"
},
{
"status": "affected",
"version": "18.2.0"
},
{
"status": "affected",
"version": "18.4.3"
},
{
"status": "affected",
"version": "18.4.1"
},
{
"status": "affected",
"version": "17.2.8"
},
{
"status": "affected",
"version": "18.3.3.1"
},
{
"status": "affected",
"version": "18.4.0"
},
{
"status": "affected",
"version": "18.3.1"
},
{
"status": "affected",
"version": "17.2.6"
},
{
"status": "affected",
"version": "17.2.9"
},
{
"status": "affected",
"version": "18.3.4"
},
{
"status": "affected",
"version": "17.2.5"
},
{
"status": "affected",
"version": "18.3.1.1"
},
{
"status": "affected",
"version": "18.3.5"
},
{
"status": "affected",
"version": "18.4.0.1"
},
{
"status": "affected",
"version": "18.3.3"
},
{
"status": "affected",
"version": "17.2.7"
},
{
"status": "affected",
"version": "17.2.4"
},
{
"status": "affected",
"version": "18.3.0"
},
{
"status": "affected",
"version": "19.2.3"
},
{
"status": "affected",
"version": "18.4.501_ES"
},
{
"status": "affected",
"version": "20.3.1"
},
{
"status": "affected",
"version": "20.1.2"
},
{
"status": "affected",
"version": "19.2.929"
},
{
"status": "affected",
"version": "19.2.31"
},
{
"status": "affected",
"version": "20.3.2"
},
{
"status": "affected",
"version": "19.2.32"
},
{
"status": "affected",
"version": "20.3.2_925"
},
{
"status": "affected",
"version": "20.3.2.1"
},
{
"status": "affected",
"version": "20.3.2.1_927"
},
{
"status": "affected",
"version": "18.4.6"
},
{
"status": "affected",
"version": "20.1.2_937"
},
{
"status": "affected",
"version": "20.4.1"
},
{
"status": "affected",
"version": "20.3.2_928"
},
{
"status": "affected",
"version": "20.3.2_929"
},
{
"status": "affected",
"version": "20.4.1.0.1"
},
{
"status": "affected",
"version": "20.3.2.1_930"
},
{
"status": "affected",
"version": "19.2.4"
},
{
"status": "affected",
"version": "20.5.0.1.1"
},
{
"status": "affected",
"version": "20.4.1.1"
},
{
"status": "affected",
"version": "20.3.3"
},
{
"status": "affected",
"version": "19.2.4.0.1"
},
{
"status": "affected",
"version": "20.3.2_937"
},
{
"status": "affected",
"version": "20.3.3.1"
},
{
"status": "affected",
"version": "20.5.1"
},
{
"status": "affected",
"version": "20.1.3"
},
{
"status": "affected",
"version": "20.3.3.0.4"
},
{
"status": "affected",
"version": "20.3.3.1.2"
},
{
"status": "affected",
"version": "20.3.3.1.1"
},
{
"status": "affected",
"version": "20.4.1.2"
},
{
"status": "affected",
"version": "20.3.3.0.2"
},
{
"status": "affected",
"version": "20.4.1.1.5"
},
{
"status": "affected",
"version": "20.4.1.0.01"
},
{
"status": "affected",
"version": "20.4.1.0.02"
},
{
"status": "affected",
"version": "20.3.3.1.7"
},
{
"status": "affected",
"version": "20.3.3.1.5"
},
{
"status": "affected",
"version": "20.5.1.0.1"
},
{
"status": "affected",
"version": "20.3.3.1.10"
},
{
"status": "affected",
"version": "20.3.3.0.8"
},
{
"status": "affected",
"version": "20.4.2"
},
{
"status": "affected",
"version": "20.4.2.0.1"
},
{
"status": "affected",
"version": "20.3.4"
},
{
"status": "affected",
"version": "20.3.3.0.14"
},
{
"status": "affected",
"version": "19.2.4.0.8"
},
{
"status": "affected",
"version": "19.2.4.0.9"
},
{
"status": "affected",
"version": "20.3.4.0.1"
},
{
"status": "affected",
"version": "20.3.2.0.5"
},
{
"status": "affected",
"version": "20.6.1"
},
{
"status": "affected",
"version": "20.5.1.0.2"
},
{
"status": "affected",
"version": "20.3.3.0.17"
},
{
"status": "affected",
"version": "20.6.1.1"
},
{
"status": "affected",
"version": "20.6.0.18.3"
},
{
"status": "affected",
"version": "20.3.2.0.6"
},
{
"status": "affected",
"version": "20.6.0.18.4"
},
{
"status": "affected",
"version": "20.4.2.0.2"
},
{
"status": "affected",
"version": "20.3.3.0.16"
},
{
"status": "affected",
"version": "20.3.4.0.5"
},
{
"status": "affected",
"version": "20.6.1.0.1"
},
{
"status": "affected",
"version": "20.3.4.0.6"
},
{
"status": "affected",
"version": "20.6.2"
},
{
"status": "affected",
"version": "20.7.1EFT2"
},
{
"status": "affected",
"version": "20.3.4.0.9"
},
{
"status": "affected",
"version": "20.3.4.0.11"
},
{
"status": "affected",
"version": "20.4.2.0.4"
},
{
"status": "affected",
"version": "20.3.3.0.18"
},
{
"status": "affected",
"version": "20.7.1"
},
{
"status": "affected",
"version": "20.6.2.1"
},
{
"status": "affected",
"version": "20.3.4.1"
},
{
"status": "affected",
"version": "20.5.1.1"
},
{
"status": "affected",
"version": "20.4.2.1"
},
{
"status": "affected",
"version": "20.4.2.1.1"
},
{
"status": "affected",
"version": "20.3.4.1.1"
},
{
"status": "affected",
"version": "20.3.813"
},
{
"status": "affected",
"version": "20.3.4.0.19"
},
{
"status": "affected",
"version": "20.4.2.2.1"
},
{
"status": "affected",
"version": "20.5.1.2"
},
{
"status": "affected",
"version": "20.3.4.2"
},
{
"status": "affected",
"version": "20.3.814"
},
{
"status": "affected",
"version": "20.4.2.2"
},
{
"status": "affected",
"version": "20.6.2.2"
},
{
"status": "affected",
"version": "20.3.4.2.1"
},
{
"status": "affected",
"version": "20.7.1.1"
},
{
"status": "affected",
"version": "20.3.4.1.2"
},
{
"status": "affected",
"version": "20.6.2.2.2"
},
{
"status": "affected",
"version": "20.3.4.0.20"
},
{
"status": "affected",
"version": "20.6.2.2.3"
},
{
"status": "affected",
"version": "20.4.2.2.2"
},
{
"status": "affected",
"version": "20.3.5"
},
{
"status": "affected",
"version": "20.6.2.0.4"
},
{
"status": "affected",
"version": "20.4.2.2.3"
},
{
"status": "affected",
"version": "20.3.4.0.24"
},
{
"status": "affected",
"version": "20.6.2.2.7"
},
{
"status": "affected",
"version": "20.6.3"
},
{
"status": "affected",
"version": "20.3.4.2.2"
},
{
"status": "affected",
"version": "20.4.2.2.4"
},
{
"status": "affected",
"version": "20.7.1.0.2"
},
{
"status": "affected",
"version": "20.8.1"
},
{
"status": "affected",
"version": "20.3.5.0.8"
},
{
"status": "affected",
"version": "20.3.5.0.9"
},
{
"status": "affected",
"version": "20.4.2.2.8"
},
{
"status": "affected",
"version": "20.3.5.0.7"
},
{
"status": "affected",
"version": "20.6.3.0.7"
},
{
"status": "affected",
"version": "20.6.3.0.5"
},
{
"status": "affected",
"version": "20.6.3.0.10"
},
{
"status": "affected",
"version": "20.6.3.0.2"
},
{
"status": "affected",
"version": "20.7.2"
},
{
"status": "affected",
"version": "20.9.1EFT2"
},
{
"status": "affected",
"version": "20.6.3.0.11"
},
{
"status": "affected",
"version": "20.6.3.1"
},
{
"status": "affected",
"version": "20.6.3.0.14"
},
{
"status": "affected",
"version": "20.6.4"
},
{
"status": "affected",
"version": "20.9.1"
},
{
"status": "affected",
"version": "20.6.3.0.19"
},
{
"status": "affected",
"version": "20.6.3.0.18"
},
{
"status": "affected",
"version": "20.3.6"
},
{
"status": "affected",
"version": "20.9.1.1"
},
{
"status": "affected",
"version": "20.6.3.0.23"
},
{
"status": "affected",
"version": "20.6.4.0.4"
},
{
"status": "affected",
"version": "20.6.3.0.25"
},
{
"status": "affected",
"version": "20.6.5"
},
{
"status": "affected",
"version": "20.6.3.0.27"
},
{
"status": "affected",
"version": "20.9.2"
},
{
"status": "affected",
"version": "20.9.2.1"
},
{
"status": "affected",
"version": "20.6.3.0.29"
},
{
"status": "affected",
"version": "20.6.3.0.31"
},
{
"status": "affected",
"version": "20.6.3.0.32"
},
{
"status": "affected",
"version": "20.10.1"
},
{
"status": "affected",
"version": "20.6.3.0.33"
},
{
"status": "affected",
"version": "20.9.2.0.01"
},
{
"status": "affected",
"version": "20.9.1_LI_Images"
},
{
"status": "affected",
"version": "20.10.1_LI_Images"
},
{
"status": "affected",
"version": "20.9.2_LI_Images"
},
{
"status": "affected",
"version": "20.3.7"
},
{
"status": "affected",
"version": "20.9.3"
},
{
"status": "affected",
"version": "20.6.5.1"
},
{
"status": "affected",
"version": "20.11.1"
},
{
"status": "affected",
"version": "20.11.1_LI_Images"
},
{
"status": "affected",
"version": "20.9.3_LI_ Images"
},
{
"status": "affected",
"version": "20.6.3.1.1"
},
{
"status": "affected",
"version": "20.9.3.0.2"
},
{
"status": "affected",
"version": "20.6.5.1.2"
},
{
"status": "affected",
"version": "20.9.3.0.3"
},
{
"status": "affected",
"version": "20.4.2.3"
},
{
"status": "affected",
"version": "20.6.3.2"
},
{
"status": "affected",
"version": "20.6.4.1"
},
{
"status": "affected",
"version": "20.6.3.0.38"
},
{
"status": "affected",
"version": "20.6.3.0.39"
},
{
"status": "affected",
"version": "20.3.5.1"
},
{
"status": "affected",
"version": "20.3.4.3"
},
{
"status": "affected",
"version": "20.9.3.1"
},
{
"status": "affected",
"version": "20.3.3.2"
},
{
"status": "affected",
"version": "20.6.5.2"
},
{
"status": "affected",
"version": "20.3.7.1"
},
{
"status": "affected",
"version": "20.10.1.1"
},
{
"status": "affected",
"version": "20.6.5.2.1"
},
{
"status": "affected",
"version": "20.3.4.0.25"
},
{
"status": "affected",
"version": "20.6.2.2.4"
},
{
"status": "affected",
"version": "20.6.1.2"
},
{
"status": "affected",
"version": "20.11.1.1"
},
{
"status": "affected",
"version": "20.9.3.0.5"
},
{
"status": "affected",
"version": "20.3.4.0.26"
},
{
"status": "affected",
"version": "20.6.5.1.3"
},
{
"status": "affected",
"version": "20.6.3.0.40"
},
{
"status": "affected",
"version": "20.1.3.1"
},
{
"status": "affected",
"version": "20.9.2.2"
},
{
"status": "affected",
"version": "20.6.5.2.3"
},
{
"status": "affected",
"version": "20.6.5.1.4"
},
{
"status": "affected",
"version": "20.6.5.3"
},
{
"status": "affected",
"version": "20.6.3.0.41"
},
{
"status": "affected",
"version": "20.9.3.0.7"
},
{
"status": "affected",
"version": "20.6.5.1.5"
},
{
"status": "affected",
"version": "20.9.3.0.4"
},
{
"status": "affected",
"version": "20.6.4.0.19"
},
{
"status": "affected",
"version": "20.6.5.1.6"
},
{
"status": "affected",
"version": "20.9.3.0.8"
},
{
"status": "affected",
"version": "20.6.3.3"
},
{
"status": "affected",
"version": "20.3.7.2"
},
{
"status": "affected",
"version": "20.6.5.4"
},
{
"status": "affected",
"version": "20.6.5.1.7"
},
{
"status": "affected",
"version": "20.9.3.0.12"
},
{
"status": "affected",
"version": "20.6.4.2"
},
{
"status": "affected",
"version": "20.6.5.5"
},
{
"status": "affected",
"version": "20.9.3.2"
},
{
"status": "affected",
"version": "20.11.1.2"
},
{
"status": "affected",
"version": "20.6.3.4"
},
{
"status": "affected",
"version": "20.10.1.2"
},
{
"status": "affected",
"version": "20.6.5.1.9"
},
{
"status": "affected",
"version": "20.9.3.0.16"
},
{
"status": "affected",
"version": "20.6.3.0.45"
},
{
"status": "affected",
"version": "20.6.5.1.10"
},
{
"status": "affected",
"version": "20.9.3.0.17"
},
{
"status": "affected",
"version": "20.6.5.2.4"
},
{
"status": "affected",
"version": "20.6.4.0.21"
},
{
"status": "affected",
"version": "20.9.3.0.18"
},
{
"status": "affected",
"version": "20.6.3.0.46"
},
{
"status": "affected",
"version": "20.6.3.0.47"
},
{
"status": "affected",
"version": "20.9.2.3"
},
{
"status": "affected",
"version": "20.9.3.2_LI_Images"
},
{
"status": "affected",
"version": "20.9.3.0.21"
},
{
"status": "affected",
"version": "20.9.3.0.20"
},
{
"status": "affected",
"version": "20.9.4_LI_Images"
},
{
"status": "affected",
"version": "20.9.4"
},
{
"status": "affected",
"version": "20.6.5.1.11"
},
{
"status": "affected",
"version": "20.12.1"
},
{
"status": "affected",
"version": "20.12.1_LI_Images"
},
{
"status": "affected",
"version": "20.6.5.1.13"
},
{
"status": "affected",
"version": "20.9.3.0.23"
},
{
"status": "affected",
"version": "20.6.5.2.8"
},
{
"status": "affected",
"version": "20.9.4.1"
},
{
"status": "affected",
"version": "20.9.4.1_LI_Images"
},
{
"status": "affected",
"version": "20.9.3.0.25"
},
{
"status": "affected",
"version": "20.9.3.0.24"
},
{
"status": "affected",
"version": "20.6.5.1.14"
},
{
"status": "affected",
"version": "20.3.8"
},
{
"status": "affected",
"version": "20.6.6"
},
{
"status": "affected",
"version": "20.9.3.0.26"
},
{
"status": "affected",
"version": "20.6.3.0.51"
},
{
"status": "affected",
"version": "20.9.3.0.29"
},
{
"status": "affected",
"version": "20.12.2"
},
{
"status": "affected",
"version": "20.12.2_LI_Images"
},
{
"status": "affected",
"version": "20.6.6.0.1"
},
{
"status": "affected",
"version": "20.13.1_LI_Images"
},
{
"status": "affected",
"version": "20.9.4.0.4"
},
{
"status": "affected",
"version": "20.13.1"
},
{
"status": "affected",
"version": "20.9.4.1.1"
},
{
"status": "affected",
"version": "20.9.5"
},
{
"status": "affected",
"version": "20.9.5_LI_Images"
},
{
"status": "affected",
"version": "20.12.3_LI_Images"
},
{
"status": "affected",
"version": "20.12.3"
},
{
"status": "affected",
"version": "20.9.4.1.3"
},
{
"status": "affected",
"version": "20.6.7"
},
{
"status": "affected",
"version": "20.9.5.1"
},
{
"status": "affected",
"version": "20.9.5.1_LI_Images"
},
{
"status": "affected",
"version": "20.9.4.1.6"
},
{
"status": "affected",
"version": "20.14.1"
},
{
"status": "affected",
"version": "20.14.1_LI_Images"
},
{
"status": "affected",
"version": "20.9.5.2"
},
{
"status": "affected",
"version": "20.9.5.2.1"
},
{
"status": "affected",
"version": "20.9.5.2_LI_Images"
},
{
"status": "affected",
"version": "20.12.3.1"
},
{
"status": "affected",
"version": "20.12.4"
},
{
"status": "affected",
"version": "20.15.1_LI_Images"
},
{
"status": "affected",
"version": "20.15.1"
},
{
"status": "affected",
"version": "20.9.5.1.4"
},
{
"status": "affected",
"version": "20.9.5.2.7"
},
{
"status": "affected",
"version": "20.9.5.2.13"
},
{
"status": "affected",
"version": "20.9.6"
},
{
"status": "affected",
"version": "20.9.6_LI_Images"
},
{
"status": "affected",
"version": "20.9.5.2.14"
},
{
"status": "affected",
"version": "20.6.8"
},
{
"status": "affected",
"version": "20.12.4.0.03"
},
{
"status": "affected",
"version": "20.16.1"
},
{
"status": "affected",
"version": "20.16.1_LI_Images"
},
{
"status": "affected",
"version": "20.12.4_LI_Images"
},
{
"status": "affected",
"version": "20.9.5.2.16"
},
{
"status": "affected",
"version": "20.12.4.0.4"
},
{
"status": "affected",
"version": "20.12.401"
},
{
"status": "affected",
"version": "20.9.5.3"
},
{
"status": "affected",
"version": "20.9.5.3_LI_Images"
},
{
"status": "affected",
"version": "20.12.4.1_LI_Images"
},
{
"status": "affected",
"version": "20.12.4.1"
},
{
"status": "affected",
"version": "20.9.5.2.21"
},
{
"status": "affected",
"version": "20.9.6.0.3"
},
{
"status": "affected",
"version": "20.12.4.0.6"
},
{
"status": "affected",
"version": "20.15.2_LI_Images"
},
{
"status": "affected",
"version": "20.15.2"
},
{
"status": "affected",
"version": "20.12.4_Monthly_ES5"
},
{
"status": "affected",
"version": "20.12.5"
},
{
"status": "affected",
"version": "20.12.5_LI_Images"
},
{
"status": "affected",
"version": "20.9.7_LI _Images"
},
{
"status": "affected",
"version": "20.9.7"
},
{
"status": "affected",
"version": "20.15.3"
},
{
"status": "affected",
"version": "20.15.3_ LI _Images"
},
{
"status": "affected",
"version": "20.12.501"
},
{
"status": "affected",
"version": "20.12.5.1_LI_Images"
},
{
"status": "affected",
"version": "20.12.5.1"
},
{
"status": "affected",
"version": "20.12.5.2_LI_Images"
},
{
"status": "affected",
"version": "20.12.5.2"
},
{
"status": "affected",
"version": "20.15.3.1"
},
{
"status": "affected",
"version": "20.15.4_LI_Images"
},
{
"status": "affected",
"version": "20.15.4"
},
{
"status": "affected",
"version": "20.9.7.1_LI _Images"
},
{
"status": "affected",
"version": "20.9.7.1"
},
{
"status": "affected",
"version": "20.18.1"
},
{
"status": "affected",
"version": "20.18.1_LI_Images"
},
{
"status": "affected",
"version": "20.12.6_LI_Images"
},
{
"status": "affected",
"version": "20.12.6"
},
{
"status": "affected",
"version": "20.12.5.1.01"
},
{
"status": "affected",
"version": "20.9.8"
},
{
"status": "affected",
"version": "20.9.8_LI_Images"
},
{
"status": "affected",
"version": "20.18.2"
},
{
"status": "affected",
"version": "20.15.4.1_LI_Images"
},
{
"status": "affected",
"version": "20.15.4.1"
},
{
"status": "affected",
"version": "20.18.2_LI_Images"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the API user authentication of Cisco Catalyst SD-WAN Manager could allow an unauthenticated, remote attacker to gain access to an affected system as a user who has the\u0026nbsp;netadmin role.\r\n\r\nThe vulnerability is due to improper authentication for requests that are sent to the API. An attacker could exploit this vulnerability by sending a crafted request to the API of an affected system. A successful exploit could allow the attacker to execute commands with the privileges of the netadmin role.\r\nNote: Cisco Catalyst SD-WAN Manager releases 20.18 and later are not affected by this vulnerability.\u0026nbsp;"
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "Improper Authentication",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-25T16:17:41.772Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-sdwan-authbp-qwCX8D4v",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-authbp-qwCX8D4v"
}
],
"source": {
"advisory": "cisco-sa-sdwan-authbp-qwCX8D4v",
"defects": [
"CSCws33587"
],
"discovery": "INTERNAL"
},
"title": "Cisco Catayst SD-WAN Authentication Bypass Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2026-20129",
"datePublished": "2026-02-25T16:14:09.046Z",
"dateReserved": "2025-10-08T11:59:15.379Z",
"dateUpdated": "2026-02-26T14:44:06.393Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-20128 (GCVE-0-2026-20128)
Vulnerability from cvelistv5 – Published: 2026-02-25 16:14 – Updated: 2026-03-09 13:50
VLAI?
EPSS
Title
Cisco Catalyst SD-WAN Manager Information Disclosure Vulnerability
Summary
A vulnerability in the Data Collection Agent (DCA) feature of Cisco Catalyst SD-WAN Manager could allow an authenticated, local attacker to gain DCA user privileges on an affected system. To exploit this vulnerability, the attacker must have valid vmanage credentials on the affected system.
This vulnerability is due to the presence of a credential file for the DCA user on an affected system. An attacker could exploit this vulnerability by accessing the filesystem as a low-privileged user and reading the file that contains the DCA password from that affected system. A successful exploit could allow the attacker to access another affected system and gain DCA user privileges.
Note: Cisco Catalyst SD-WAN Manager releases 20.18 and later are not affected by this vulnerability.
Severity ?
7.5 (High)
CWE
- CWE-257 - Storing Passwords in a Recoverable Format
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Catalyst SD-WAN Manager |
Affected:
20.1.12
Affected: 19.2.1 Affected: 18.4.4 Affected: 18.4.5 Affected: 20.1.1.1 Affected: 20.1.1 Affected: 19.3.0 Affected: 19.2.2 Affected: 19.2.099 Affected: 18.3.6 Affected: 18.3.7 Affected: 19.2.0 Affected: 18.3.8 Affected: 19.0.0 Affected: 19.1.0 Affected: 18.4.302 Affected: 18.4.303 Affected: 19.2.097 Affected: 19.2.098 Affected: 17.2.10 Affected: 18.3.6.1 Affected: 19.0.1a Affected: 18.2.0 Affected: 18.4.3 Affected: 18.4.1 Affected: 17.2.8 Affected: 18.3.3.1 Affected: 18.4.0 Affected: 18.3.1 Affected: 17.2.6 Affected: 17.2.9 Affected: 18.3.4 Affected: 17.2.5 Affected: 18.3.1.1 Affected: 18.3.5 Affected: 18.4.0.1 Affected: 18.3.3 Affected: 17.2.7 Affected: 18.3.0 Affected: 19.2.3 Affected: 18.4.501_ES Affected: 20.3.1 Affected: 20.1.2 Affected: 19.2.929 Affected: 19.2.31 Affected: 20.3.2 Affected: 19.2.32 Affected: 20.3.2.1 Affected: 20.3.2.1_927 Affected: 18.4.6 Affected: 20.3.2_928 Affected: 20.3.2_929 Affected: 20.4.1.0.1 Affected: 20.3.2.1_930 Affected: 19.2.4 Affected: 20.5.0.1.1 Affected: 20.4.1.1 Affected: 20.3.3 Affected: 19.2.4.0.1 Affected: 20.3.2_937 Affected: 20.5.1 Affected: 20.1.3 Affected: 20.3.3.0.4 Affected: 20.3.3.1.2 Affected: 20.3.3.1.1 Affected: 20.4.1.2 Affected: 20.3.3.0.2 Affected: 20.4.1.1.5 Affected: 20.4.1.0.02 Affected: 20.3.3.1.7 Affected: 20.3.3.1.5 Affected: 20.5.1.0.1 Affected: 20.3.3.1.10 Affected: 20.3.3.0.8 Affected: 20.4.2 Affected: 20.3.4 Affected: 20.3.3.0.14 Affected: 19.2.4.0.8 Affected: 19.2.4.0.9 Affected: 20.3.4.0.1 Affected: 20.3.2.0.5 Affected: 20.5.1.0.2 Affected: 20.6.1.1 Affected: 20.6.0.18.3 Affected: 20.3.2.0.6 Affected: 20.6.0.18.4 Affected: 20.4.2.0.2 Affected: 20.3.3.0.16 Affected: 20.6.1.0.1 Affected: 20.3.4.0.6 Affected: 20.7.1EFT2 Affected: 20.3.4.0.9 Affected: 20.3.4.0.11 Affected: 20.3.3.0.18 Affected: 20.6.2.1 Affected: 20.3.4.1 Affected: 20.4.2.1 Affected: 20.4.2.1.1 Affected: 20.3.4.1.1 Affected: 20.3.813 Affected: 20.3.4.0.19 Affected: 20.4.2.2.1 Affected: 20.5.1.2 Affected: 20.3.814 Affected: 20.4.2.2 Affected: 20.6.2.2 Affected: 20.3.4.2.1 Affected: 20.3.4.1.2 Affected: 20.3.4.0.20 Affected: 20.6.2.2.3 Affected: 20.4.2.2.2 Affected: 20.6.2.0.4 Affected: 20.3.4.0.24 Affected: 20.6.2.2.7 Affected: 20.3.4.2.2 Affected: 20.4.2.2.4 Affected: 20.3.5.0.8 Affected: 20.3.5.0.9 Affected: 20.3.5.0.7 Affected: 20.6.3.0.2 Affected: 20.9.1EFT2 Affected: 20.3.6 Affected: 20.3.7 Affected: 20.4.2.3 Affected: 20.3.5.1 Affected: 20.3.4.3 Affected: 20.3.3.2 Affected: 20.3.7.1 Affected: 20.3.4.0.25 Affected: 20.6.2.2.4 Affected: 20.6.1.2 Affected: 20.1.3.1 Affected: 20.6.5.1.4 Affected: 20.3.8 Affected: 20.12.501 Affected: 26.1.1 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-20128",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-06T05:01:16.162532Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-09T13:50:28.015Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco Catalyst SD-WAN Manager",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "20.1.12"
},
{
"status": "affected",
"version": "19.2.1"
},
{
"status": "affected",
"version": "18.4.4"
},
{
"status": "affected",
"version": "18.4.5"
},
{
"status": "affected",
"version": "20.1.1.1"
},
{
"status": "affected",
"version": "20.1.1"
},
{
"status": "affected",
"version": "19.3.0"
},
{
"status": "affected",
"version": "19.2.2"
},
{
"status": "affected",
"version": "19.2.099"
},
{
"status": "affected",
"version": "18.3.6"
},
{
"status": "affected",
"version": "18.3.7"
},
{
"status": "affected",
"version": "19.2.0"
},
{
"status": "affected",
"version": "18.3.8"
},
{
"status": "affected",
"version": "19.0.0"
},
{
"status": "affected",
"version": "19.1.0"
},
{
"status": "affected",
"version": "18.4.302"
},
{
"status": "affected",
"version": "18.4.303"
},
{
"status": "affected",
"version": "19.2.097"
},
{
"status": "affected",
"version": "19.2.098"
},
{
"status": "affected",
"version": "17.2.10"
},
{
"status": "affected",
"version": "18.3.6.1"
},
{
"status": "affected",
"version": "19.0.1a"
},
{
"status": "affected",
"version": "18.2.0"
},
{
"status": "affected",
"version": "18.4.3"
},
{
"status": "affected",
"version": "18.4.1"
},
{
"status": "affected",
"version": "17.2.8"
},
{
"status": "affected",
"version": "18.3.3.1"
},
{
"status": "affected",
"version": "18.4.0"
},
{
"status": "affected",
"version": "18.3.1"
},
{
"status": "affected",
"version": "17.2.6"
},
{
"status": "affected",
"version": "17.2.9"
},
{
"status": "affected",
"version": "18.3.4"
},
{
"status": "affected",
"version": "17.2.5"
},
{
"status": "affected",
"version": "18.3.1.1"
},
{
"status": "affected",
"version": "18.3.5"
},
{
"status": "affected",
"version": "18.4.0.1"
},
{
"status": "affected",
"version": "18.3.3"
},
{
"status": "affected",
"version": "17.2.7"
},
{
"status": "affected",
"version": "18.3.0"
},
{
"status": "affected",
"version": "19.2.3"
},
{
"status": "affected",
"version": "18.4.501_ES"
},
{
"status": "affected",
"version": "20.3.1"
},
{
"status": "affected",
"version": "20.1.2"
},
{
"status": "affected",
"version": "19.2.929"
},
{
"status": "affected",
"version": "19.2.31"
},
{
"status": "affected",
"version": "20.3.2"
},
{
"status": "affected",
"version": "19.2.32"
},
{
"status": "affected",
"version": "20.3.2.1"
},
{
"status": "affected",
"version": "20.3.2.1_927"
},
{
"status": "affected",
"version": "18.4.6"
},
{
"status": "affected",
"version": "20.3.2_928"
},
{
"status": "affected",
"version": "20.3.2_929"
},
{
"status": "affected",
"version": "20.4.1.0.1"
},
{
"status": "affected",
"version": "20.3.2.1_930"
},
{
"status": "affected",
"version": "19.2.4"
},
{
"status": "affected",
"version": "20.5.0.1.1"
},
{
"status": "affected",
"version": "20.4.1.1"
},
{
"status": "affected",
"version": "20.3.3"
},
{
"status": "affected",
"version": "19.2.4.0.1"
},
{
"status": "affected",
"version": "20.3.2_937"
},
{
"status": "affected",
"version": "20.5.1"
},
{
"status": "affected",
"version": "20.1.3"
},
{
"status": "affected",
"version": "20.3.3.0.4"
},
{
"status": "affected",
"version": "20.3.3.1.2"
},
{
"status": "affected",
"version": "20.3.3.1.1"
},
{
"status": "affected",
"version": "20.4.1.2"
},
{
"status": "affected",
"version": "20.3.3.0.2"
},
{
"status": "affected",
"version": "20.4.1.1.5"
},
{
"status": "affected",
"version": "20.4.1.0.02"
},
{
"status": "affected",
"version": "20.3.3.1.7"
},
{
"status": "affected",
"version": "20.3.3.1.5"
},
{
"status": "affected",
"version": "20.5.1.0.1"
},
{
"status": "affected",
"version": "20.3.3.1.10"
},
{
"status": "affected",
"version": "20.3.3.0.8"
},
{
"status": "affected",
"version": "20.4.2"
},
{
"status": "affected",
"version": "20.3.4"
},
{
"status": "affected",
"version": "20.3.3.0.14"
},
{
"status": "affected",
"version": "19.2.4.0.8"
},
{
"status": "affected",
"version": "19.2.4.0.9"
},
{
"status": "affected",
"version": "20.3.4.0.1"
},
{
"status": "affected",
"version": "20.3.2.0.5"
},
{
"status": "affected",
"version": "20.5.1.0.2"
},
{
"status": "affected",
"version": "20.6.1.1"
},
{
"status": "affected",
"version": "20.6.0.18.3"
},
{
"status": "affected",
"version": "20.3.2.0.6"
},
{
"status": "affected",
"version": "20.6.0.18.4"
},
{
"status": "affected",
"version": "20.4.2.0.2"
},
{
"status": "affected",
"version": "20.3.3.0.16"
},
{
"status": "affected",
"version": "20.6.1.0.1"
},
{
"status": "affected",
"version": "20.3.4.0.6"
},
{
"status": "affected",
"version": "20.7.1EFT2"
},
{
"status": "affected",
"version": "20.3.4.0.9"
},
{
"status": "affected",
"version": "20.3.4.0.11"
},
{
"status": "affected",
"version": "20.3.3.0.18"
},
{
"status": "affected",
"version": "20.6.2.1"
},
{
"status": "affected",
"version": "20.3.4.1"
},
{
"status": "affected",
"version": "20.4.2.1"
},
{
"status": "affected",
"version": "20.4.2.1.1"
},
{
"status": "affected",
"version": "20.3.4.1.1"
},
{
"status": "affected",
"version": "20.3.813"
},
{
"status": "affected",
"version": "20.3.4.0.19"
},
{
"status": "affected",
"version": "20.4.2.2.1"
},
{
"status": "affected",
"version": "20.5.1.2"
},
{
"status": "affected",
"version": "20.3.814"
},
{
"status": "affected",
"version": "20.4.2.2"
},
{
"status": "affected",
"version": "20.6.2.2"
},
{
"status": "affected",
"version": "20.3.4.2.1"
},
{
"status": "affected",
"version": "20.3.4.1.2"
},
{
"status": "affected",
"version": "20.3.4.0.20"
},
{
"status": "affected",
"version": "20.6.2.2.3"
},
{
"status": "affected",
"version": "20.4.2.2.2"
},
{
"status": "affected",
"version": "20.6.2.0.4"
},
{
"status": "affected",
"version": "20.3.4.0.24"
},
{
"status": "affected",
"version": "20.6.2.2.7"
},
{
"status": "affected",
"version": "20.3.4.2.2"
},
{
"status": "affected",
"version": "20.4.2.2.4"
},
{
"status": "affected",
"version": "20.3.5.0.8"
},
{
"status": "affected",
"version": "20.3.5.0.9"
},
{
"status": "affected",
"version": "20.3.5.0.7"
},
{
"status": "affected",
"version": "20.6.3.0.2"
},
{
"status": "affected",
"version": "20.9.1EFT2"
},
{
"status": "affected",
"version": "20.3.6"
},
{
"status": "affected",
"version": "20.3.7"
},
{
"status": "affected",
"version": "20.4.2.3"
},
{
"status": "affected",
"version": "20.3.5.1"
},
{
"status": "affected",
"version": "20.3.4.3"
},
{
"status": "affected",
"version": "20.3.3.2"
},
{
"status": "affected",
"version": "20.3.7.1"
},
{
"status": "affected",
"version": "20.3.4.0.25"
},
{
"status": "affected",
"version": "20.6.2.2.4"
},
{
"status": "affected",
"version": "20.6.1.2"
},
{
"status": "affected",
"version": "20.1.3.1"
},
{
"status": "affected",
"version": "20.6.5.1.4"
},
{
"status": "affected",
"version": "20.3.8"
},
{
"status": "affected",
"version": "20.12.501"
},
{
"status": "affected",
"version": "26.1.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Data Collection Agent (DCA) feature of Cisco Catalyst SD-WAN Manager could allow an authenticated, local attacker to gain DCA user privileges on an affected system. To exploit this vulnerability, the attacker must have valid\u0026nbsp;vmanage credentials on the affected system.\r\n\r\nThis vulnerability is due to the presence of a credential file for the DCA user on an affected system. An attacker could exploit this vulnerability by accessing the filesystem as a low-privileged user and reading the file that contains the DCA password from that affected system. A successful exploit could allow the attacker to access another affected system and gain DCA user privileges.\r\nNote: Cisco Catalyst SD-WAN Manager releases 20.18 and later are not affected by this vulnerability."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-257",
"description": "Storing Passwords in a Recoverable Format",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-25T16:17:53.544Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-sdwan-authbp-qwCX8D4v",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-authbp-qwCX8D4v"
}
],
"source": {
"advisory": "cisco-sa-sdwan-authbp-qwCX8D4v",
"defects": [
"CSCws33585"
],
"discovery": "INTERNAL"
},
"title": "Cisco Catalyst SD-WAN Manager Information Disclosure Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2026-20128",
"datePublished": "2026-02-25T16:14:12.353Z",
"dateReserved": "2025-10-08T11:59:15.379Z",
"dateUpdated": "2026-03-09T13:50:28.015Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-20127 (GCVE-0-2026-20127)
Vulnerability from cvelistv5 – Published: 2026-02-25 16:14 – Updated: 2026-02-26 14:44
VLAI?
EPSS
Title
Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability
Summary
A vulnerability in the peering authentication in Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, and Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an unauthenticated, remote attacker to bypass authentication and obtain administrative privileges on an affected system.
This vulnerability exists because the peering authentication mechanism in an affected system is not working properly. An attacker could exploit this vulnerability by sending crafted requests to an affected system. A successful exploit could allow the attacker to log in to an affected Cisco Catalyst SD-WAN Controller as an internal, high-privileged, non-root user account. Using this account, the attacker could access NETCONF, which would then allow the attacker to manipulate network configuration for the SD-WAN fabric.
Severity ?
10 (Critical)
CWE
- CWE-287 - Improper Authentication
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Catalyst SD-WAN Manager |
Affected:
20.1.12
Affected: 19.2.1 Affected: 18.4.4 Affected: 18.4.5 Affected: 20.1.1.1 Affected: 20.1.1 Affected: 19.3.0 Affected: 19.2.2 Affected: 19.2.099 Affected: 18.3.6 Affected: 18.3.7 Affected: 19.2.0 Affected: 18.3.8 Affected: 19.0.0 Affected: 19.1.0 Affected: 18.4.302 Affected: 18.4.303 Affected: 19.2.097 Affected: 19.2.098 Affected: 17.2.10 Affected: 18.3.6.1 Affected: 19.0.1a Affected: 18.2.0 Affected: 18.4.3 Affected: 18.4.1 Affected: 17.2.8 Affected: 18.3.3.1 Affected: 18.4.0 Affected: 18.3.1 Affected: 17.2.6 Affected: 17.2.9 Affected: 18.3.4 Affected: 17.2.5 Affected: 18.3.1.1 Affected: 18.3.5 Affected: 18.4.0.1 Affected: 18.3.3 Affected: 17.2.7 Affected: 17.2.4 Affected: 18.3.0 Affected: 19.2.3 Affected: 18.4.501_ES Affected: 20.3.1 Affected: 20.1.2 Affected: 19.2.929 Affected: 19.2.31 Affected: 20.3.2 Affected: 19.2.32 Affected: 20.3.2_925 Affected: 20.3.2.1 Affected: 20.3.2.1_927 Affected: 18.4.6 Affected: 20.1.2_937 Affected: 20.4.1 Affected: 20.3.2_928 Affected: 20.3.2_929 Affected: 20.4.1.0.1 Affected: 20.3.2.1_930 Affected: 19.2.4 Affected: 20.5.0.1.1 Affected: 20.4.1.1 Affected: 20.3.3 Affected: 19.2.4.0.1 Affected: 20.3.2_937 Affected: 20.3.3.1 Affected: 20.5.1 Affected: 20.1.3 Affected: 20.3.3.0.4 Affected: 20.3.3.1.2 Affected: 20.3.3.1.1 Affected: 20.4.1.2 Affected: 20.3.3.0.2 Affected: 20.4.1.1.5 Affected: 20.4.1.0.01 Affected: 20.4.1.0.02 Affected: 20.3.3.1.7 Affected: 20.3.3.1.5 Affected: 20.5.1.0.1 Affected: 20.3.3.1.10 Affected: 20.3.3.0.8 Affected: 20.4.2 Affected: 20.4.2.0.1 Affected: 20.3.4 Affected: 20.3.3.0.14 Affected: 19.2.4.0.8 Affected: 19.2.4.0.9 Affected: 20.3.4.0.1 Affected: 20.3.2.0.5 Affected: 20.6.1 Affected: 20.5.1.0.2 Affected: 20.3.3.0.17 Affected: 20.6.1.1 Affected: 20.6.0.18.3 Affected: 20.3.2.0.6 Affected: 20.6.0.18.4 Affected: 20.4.2.0.2 Affected: 20.3.3.0.16 Affected: 20.3.4.0.5 Affected: 20.6.1.0.1 Affected: 20.3.4.0.6 Affected: 20.6.2 Affected: 20.7.1EFT2 Affected: 20.3.4.0.9 Affected: 20.3.4.0.11 Affected: 20.4.2.0.4 Affected: 20.3.3.0.18 Affected: 20.7.1 Affected: 20.6.2.1 Affected: 20.3.4.1 Affected: 20.5.1.1 Affected: 20.4.2.1 Affected: 20.4.2.1.1 Affected: 20.3.4.1.1 Affected: 20.3.813 Affected: 20.3.4.0.19 Affected: 20.4.2.2.1 Affected: 20.5.1.2 Affected: 20.3.4.2 Affected: 20.3.814 Affected: 20.4.2.2 Affected: 20.6.2.2 Affected: 20.3.4.2.1 Affected: 20.7.1.1 Affected: 20.3.4.1.2 Affected: 20.6.2.2.2 Affected: 20.3.4.0.20 Affected: 20.6.2.2.3 Affected: 20.4.2.2.2 Affected: 20.3.5 Affected: 20.6.2.0.4 Affected: 20.4.2.2.3 Affected: 20.3.4.0.24 Affected: 20.6.2.2.7 Affected: 20.6.3 Affected: 20.3.4.2.2 Affected: 20.4.2.2.4 Affected: 20.7.1.0.2 Affected: 20.8.1 Affected: 20.3.5.0.8 Affected: 20.3.5.0.9 Affected: 20.4.2.2.8 Affected: 20.3.5.0.7 Affected: 20.6.3.0.7 Affected: 20.6.3.0.5 Affected: 20.6.3.0.10 Affected: 20.6.3.0.2 Affected: 20.7.2 Affected: 20.9.1EFT2 Affected: 20.6.3.0.11 Affected: 20.6.3.1 Affected: 20.6.3.0.14 Affected: 20.6.4 Affected: 20.9.1 Affected: 20.6.3.0.19 Affected: 20.6.3.0.18 Affected: 20.3.6 Affected: 20.9.1.1 Affected: 20.6.3.0.23 Affected: 20.6.4.0.4 Affected: 20.6.3.0.25 Affected: 20.6.5 Affected: 20.6.3.0.27 Affected: 20.9.2 Affected: 20.9.2.1 Affected: 20.6.3.0.29 Affected: 20.6.3.0.31 Affected: 20.6.3.0.32 Affected: 20.10.1 Affected: 20.6.3.0.33 Affected: 20.9.2.0.01 Affected: 20.9.1_LI_Images Affected: 20.10.1_LI_Images Affected: 20.9.2_LI_Images Affected: 20.3.7 Affected: 20.9.3 Affected: 20.6.5.1 Affected: 20.11.1 Affected: 20.11.1_LI_Images Affected: 20.9.3_LI_ Images Affected: 20.6.3.1.1 Affected: 20.9.3.0.2 Affected: 20.6.5.1.2 Affected: 20.9.3.0.3 Affected: 20.4.2.3 Affected: 20.6.3.2 Affected: 20.6.4.1 Affected: 20.6.3.0.38 Affected: 20.6.3.0.39 Affected: 20.3.5.1 Affected: 20.3.4.3 Affected: 20.9.3.1 Affected: 20.3.3.2 Affected: 20.6.5.2 Affected: 20.3.7.1 Affected: 20.10.1.1 Affected: 20.6.5.2.1 Affected: 20.3.4.0.25 Affected: 20.6.2.2.4 Affected: 20.6.1.2 Affected: 20.11.1.1 Affected: 20.9.3.0.5 Affected: 20.3.4.0.26 Affected: 20.6.5.1.3 Affected: 20.6.3.0.40 Affected: 20.1.3.1 Affected: 20.9.2.2 Affected: 20.6.5.2.3 Affected: 20.6.5.1.4 Affected: 20.6.5.3 Affected: 20.6.3.0.41 Affected: 20.9.3.0.7 Affected: 20.6.5.1.5 Affected: 20.9.3.0.4 Affected: 20.6.4.0.19 Affected: 20.6.5.1.6 Affected: 20.9.3.0.8 Affected: 20.6.3.3 Affected: 20.3.7.2 Affected: 20.6.5.4 Affected: 20.6.5.1.7 Affected: 20.9.3.0.12 Affected: 20.6.4.2 Affected: 20.6.5.5 Affected: 20.9.3.2 Affected: 20.11.1.2 Affected: 20.6.3.4 Affected: 20.10.1.2 Affected: 20.6.5.1.9 Affected: 20.9.3.0.16 Affected: 20.6.3.0.45 Affected: 20.6.5.1.10 Affected: 20.9.3.0.17 Affected: 20.6.5.2.4 Affected: 20.6.4.0.21 Affected: 20.9.3.0.18 Affected: 20.6.3.0.46 Affected: 20.6.3.0.47 Affected: 20.9.2.3 Affected: 20.9.3.2_LI_Images Affected: 20.9.3.0.21 Affected: 20.9.3.0.20 Affected: 20.9.4_LI_Images Affected: 20.9.4 Affected: 20.6.5.1.11 Affected: 20.12.1 Affected: 20.12.1_LI_Images Affected: 20.6.5.1.13 Affected: 20.9.3.0.23 Affected: 20.6.5.2.8 Affected: 20.9.4.1 Affected: 20.9.4.1_LI_Images Affected: 20.9.3.0.25 Affected: 20.9.3.0.24 Affected: 20.6.5.1.14 Affected: 20.3.8 Affected: 20.6.6 Affected: 20.9.3.0.26 Affected: 20.6.3.0.51 Affected: 20.9.3.0.29 Affected: 20.12.2 Affected: 20.12.2_LI_Images Affected: 20.6.6.0.1 Affected: 20.13.1_LI_Images Affected: 20.9.4.0.4 Affected: 20.13.1 Affected: 20.9.4.1.1 Affected: 20.9.5 Affected: 20.9.5_LI_Images Affected: 20.12.3_LI_Images Affected: 20.12.3 Affected: 20.9.4.1.3 Affected: 20.6.7 Affected: 20.9.5.1 Affected: 20.9.5.1_LI_Images Affected: 20.9.4.1.6 Affected: 20.14.1 Affected: 20.14.1_LI_Images Affected: 20.9.5.2 Affected: 20.9.5.2.1 Affected: 20.9.5.2_LI_Images Affected: 20.12.3.1 Affected: 20.12.4 Affected: 20.15.1_LI_Images Affected: 20.15.1 Affected: 20.9.5.1.4 Affected: 20.9.5.2.7 Affected: 20.9.5.2.13 Affected: 20.9.6 Affected: 20.9.6_LI_Images Affected: 20.9.5.2.14 Affected: 20.6.8 Affected: 20.12.4.0.03 Affected: 20.16.1 Affected: 20.16.1_LI_Images Affected: 20.12.4_LI_Images Affected: 20.9.5.2.16 Affected: 20.12.4.0.4 Affected: 20.12.401 Affected: 20.9.5.3 Affected: 20.9.5.3_LI_Images Affected: 20.12.4.1_LI_Images Affected: 20.12.4.1 Affected: 20.9.5.2.21 Affected: 20.9.6.0.3 Affected: 20.12.4.0.6 Affected: 20.15.2_LI_Images Affected: 20.15.2 Affected: 20.12.4_Monthly_ES5 Affected: 20.12.5 Affected: 20.12.5_LI_Images Affected: 20.9.7_LI _Images Affected: 20.9.7 Affected: 20.15.3 Affected: 20.15.3_ LI _Images Affected: 20.12.501 Affected: 20.12.5.1_LI_Images Affected: 20.12.5.1 Affected: 20.12.5.2_LI_Images Affected: 20.12.5.2 Affected: 20.15.3.1 Affected: 20.15.4_LI_Images Affected: 20.15.4 Affected: 20.9.7.1_LI _Images Affected: 20.9.7.1 Affected: 20.18.1 Affected: 20.18.1_LI_Images Affected: 20.12.6_LI_Images Affected: 20.12.6 Affected: 20.12.5.1.01 Affected: 20.9.8 Affected: 20.9.8_LI_Images Affected: 20.18.2 Affected: 20.15.4.1_LI_Images Affected: 20.15.4.1 Affected: 20.18.2_LI_Images |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-20127",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-26T04:55:54.782171Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2026-02-25",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-20127"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T14:44:06.050Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-20127"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco Catalyst SD-WAN Manager",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "20.1.12"
},
{
"status": "affected",
"version": "19.2.1"
},
{
"status": "affected",
"version": "18.4.4"
},
{
"status": "affected",
"version": "18.4.5"
},
{
"status": "affected",
"version": "20.1.1.1"
},
{
"status": "affected",
"version": "20.1.1"
},
{
"status": "affected",
"version": "19.3.0"
},
{
"status": "affected",
"version": "19.2.2"
},
{
"status": "affected",
"version": "19.2.099"
},
{
"status": "affected",
"version": "18.3.6"
},
{
"status": "affected",
"version": "18.3.7"
},
{
"status": "affected",
"version": "19.2.0"
},
{
"status": "affected",
"version": "18.3.8"
},
{
"status": "affected",
"version": "19.0.0"
},
{
"status": "affected",
"version": "19.1.0"
},
{
"status": "affected",
"version": "18.4.302"
},
{
"status": "affected",
"version": "18.4.303"
},
{
"status": "affected",
"version": "19.2.097"
},
{
"status": "affected",
"version": "19.2.098"
},
{
"status": "affected",
"version": "17.2.10"
},
{
"status": "affected",
"version": "18.3.6.1"
},
{
"status": "affected",
"version": "19.0.1a"
},
{
"status": "affected",
"version": "18.2.0"
},
{
"status": "affected",
"version": "18.4.3"
},
{
"status": "affected",
"version": "18.4.1"
},
{
"status": "affected",
"version": "17.2.8"
},
{
"status": "affected",
"version": "18.3.3.1"
},
{
"status": "affected",
"version": "18.4.0"
},
{
"status": "affected",
"version": "18.3.1"
},
{
"status": "affected",
"version": "17.2.6"
},
{
"status": "affected",
"version": "17.2.9"
},
{
"status": "affected",
"version": "18.3.4"
},
{
"status": "affected",
"version": "17.2.5"
},
{
"status": "affected",
"version": "18.3.1.1"
},
{
"status": "affected",
"version": "18.3.5"
},
{
"status": "affected",
"version": "18.4.0.1"
},
{
"status": "affected",
"version": "18.3.3"
},
{
"status": "affected",
"version": "17.2.7"
},
{
"status": "affected",
"version": "17.2.4"
},
{
"status": "affected",
"version": "18.3.0"
},
{
"status": "affected",
"version": "19.2.3"
},
{
"status": "affected",
"version": "18.4.501_ES"
},
{
"status": "affected",
"version": "20.3.1"
},
{
"status": "affected",
"version": "20.1.2"
},
{
"status": "affected",
"version": "19.2.929"
},
{
"status": "affected",
"version": "19.2.31"
},
{
"status": "affected",
"version": "20.3.2"
},
{
"status": "affected",
"version": "19.2.32"
},
{
"status": "affected",
"version": "20.3.2_925"
},
{
"status": "affected",
"version": "20.3.2.1"
},
{
"status": "affected",
"version": "20.3.2.1_927"
},
{
"status": "affected",
"version": "18.4.6"
},
{
"status": "affected",
"version": "20.1.2_937"
},
{
"status": "affected",
"version": "20.4.1"
},
{
"status": "affected",
"version": "20.3.2_928"
},
{
"status": "affected",
"version": "20.3.2_929"
},
{
"status": "affected",
"version": "20.4.1.0.1"
},
{
"status": "affected",
"version": "20.3.2.1_930"
},
{
"status": "affected",
"version": "19.2.4"
},
{
"status": "affected",
"version": "20.5.0.1.1"
},
{
"status": "affected",
"version": "20.4.1.1"
},
{
"status": "affected",
"version": "20.3.3"
},
{
"status": "affected",
"version": "19.2.4.0.1"
},
{
"status": "affected",
"version": "20.3.2_937"
},
{
"status": "affected",
"version": "20.3.3.1"
},
{
"status": "affected",
"version": "20.5.1"
},
{
"status": "affected",
"version": "20.1.3"
},
{
"status": "affected",
"version": "20.3.3.0.4"
},
{
"status": "affected",
"version": "20.3.3.1.2"
},
{
"status": "affected",
"version": "20.3.3.1.1"
},
{
"status": "affected",
"version": "20.4.1.2"
},
{
"status": "affected",
"version": "20.3.3.0.2"
},
{
"status": "affected",
"version": "20.4.1.1.5"
},
{
"status": "affected",
"version": "20.4.1.0.01"
},
{
"status": "affected",
"version": "20.4.1.0.02"
},
{
"status": "affected",
"version": "20.3.3.1.7"
},
{
"status": "affected",
"version": "20.3.3.1.5"
},
{
"status": "affected",
"version": "20.5.1.0.1"
},
{
"status": "affected",
"version": "20.3.3.1.10"
},
{
"status": "affected",
"version": "20.3.3.0.8"
},
{
"status": "affected",
"version": "20.4.2"
},
{
"status": "affected",
"version": "20.4.2.0.1"
},
{
"status": "affected",
"version": "20.3.4"
},
{
"status": "affected",
"version": "20.3.3.0.14"
},
{
"status": "affected",
"version": "19.2.4.0.8"
},
{
"status": "affected",
"version": "19.2.4.0.9"
},
{
"status": "affected",
"version": "20.3.4.0.1"
},
{
"status": "affected",
"version": "20.3.2.0.5"
},
{
"status": "affected",
"version": "20.6.1"
},
{
"status": "affected",
"version": "20.5.1.0.2"
},
{
"status": "affected",
"version": "20.3.3.0.17"
},
{
"status": "affected",
"version": "20.6.1.1"
},
{
"status": "affected",
"version": "20.6.0.18.3"
},
{
"status": "affected",
"version": "20.3.2.0.6"
},
{
"status": "affected",
"version": "20.6.0.18.4"
},
{
"status": "affected",
"version": "20.4.2.0.2"
},
{
"status": "affected",
"version": "20.3.3.0.16"
},
{
"status": "affected",
"version": "20.3.4.0.5"
},
{
"status": "affected",
"version": "20.6.1.0.1"
},
{
"status": "affected",
"version": "20.3.4.0.6"
},
{
"status": "affected",
"version": "20.6.2"
},
{
"status": "affected",
"version": "20.7.1EFT2"
},
{
"status": "affected",
"version": "20.3.4.0.9"
},
{
"status": "affected",
"version": "20.3.4.0.11"
},
{
"status": "affected",
"version": "20.4.2.0.4"
},
{
"status": "affected",
"version": "20.3.3.0.18"
},
{
"status": "affected",
"version": "20.7.1"
},
{
"status": "affected",
"version": "20.6.2.1"
},
{
"status": "affected",
"version": "20.3.4.1"
},
{
"status": "affected",
"version": "20.5.1.1"
},
{
"status": "affected",
"version": "20.4.2.1"
},
{
"status": "affected",
"version": "20.4.2.1.1"
},
{
"status": "affected",
"version": "20.3.4.1.1"
},
{
"status": "affected",
"version": "20.3.813"
},
{
"status": "affected",
"version": "20.3.4.0.19"
},
{
"status": "affected",
"version": "20.4.2.2.1"
},
{
"status": "affected",
"version": "20.5.1.2"
},
{
"status": "affected",
"version": "20.3.4.2"
},
{
"status": "affected",
"version": "20.3.814"
},
{
"status": "affected",
"version": "20.4.2.2"
},
{
"status": "affected",
"version": "20.6.2.2"
},
{
"status": "affected",
"version": "20.3.4.2.1"
},
{
"status": "affected",
"version": "20.7.1.1"
},
{
"status": "affected",
"version": "20.3.4.1.2"
},
{
"status": "affected",
"version": "20.6.2.2.2"
},
{
"status": "affected",
"version": "20.3.4.0.20"
},
{
"status": "affected",
"version": "20.6.2.2.3"
},
{
"status": "affected",
"version": "20.4.2.2.2"
},
{
"status": "affected",
"version": "20.3.5"
},
{
"status": "affected",
"version": "20.6.2.0.4"
},
{
"status": "affected",
"version": "20.4.2.2.3"
},
{
"status": "affected",
"version": "20.3.4.0.24"
},
{
"status": "affected",
"version": "20.6.2.2.7"
},
{
"status": "affected",
"version": "20.6.3"
},
{
"status": "affected",
"version": "20.3.4.2.2"
},
{
"status": "affected",
"version": "20.4.2.2.4"
},
{
"status": "affected",
"version": "20.7.1.0.2"
},
{
"status": "affected",
"version": "20.8.1"
},
{
"status": "affected",
"version": "20.3.5.0.8"
},
{
"status": "affected",
"version": "20.3.5.0.9"
},
{
"status": "affected",
"version": "20.4.2.2.8"
},
{
"status": "affected",
"version": "20.3.5.0.7"
},
{
"status": "affected",
"version": "20.6.3.0.7"
},
{
"status": "affected",
"version": "20.6.3.0.5"
},
{
"status": "affected",
"version": "20.6.3.0.10"
},
{
"status": "affected",
"version": "20.6.3.0.2"
},
{
"status": "affected",
"version": "20.7.2"
},
{
"status": "affected",
"version": "20.9.1EFT2"
},
{
"status": "affected",
"version": "20.6.3.0.11"
},
{
"status": "affected",
"version": "20.6.3.1"
},
{
"status": "affected",
"version": "20.6.3.0.14"
},
{
"status": "affected",
"version": "20.6.4"
},
{
"status": "affected",
"version": "20.9.1"
},
{
"status": "affected",
"version": "20.6.3.0.19"
},
{
"status": "affected",
"version": "20.6.3.0.18"
},
{
"status": "affected",
"version": "20.3.6"
},
{
"status": "affected",
"version": "20.9.1.1"
},
{
"status": "affected",
"version": "20.6.3.0.23"
},
{
"status": "affected",
"version": "20.6.4.0.4"
},
{
"status": "affected",
"version": "20.6.3.0.25"
},
{
"status": "affected",
"version": "20.6.5"
},
{
"status": "affected",
"version": "20.6.3.0.27"
},
{
"status": "affected",
"version": "20.9.2"
},
{
"status": "affected",
"version": "20.9.2.1"
},
{
"status": "affected",
"version": "20.6.3.0.29"
},
{
"status": "affected",
"version": "20.6.3.0.31"
},
{
"status": "affected",
"version": "20.6.3.0.32"
},
{
"status": "affected",
"version": "20.10.1"
},
{
"status": "affected",
"version": "20.6.3.0.33"
},
{
"status": "affected",
"version": "20.9.2.0.01"
},
{
"status": "affected",
"version": "20.9.1_LI_Images"
},
{
"status": "affected",
"version": "20.10.1_LI_Images"
},
{
"status": "affected",
"version": "20.9.2_LI_Images"
},
{
"status": "affected",
"version": "20.3.7"
},
{
"status": "affected",
"version": "20.9.3"
},
{
"status": "affected",
"version": "20.6.5.1"
},
{
"status": "affected",
"version": "20.11.1"
},
{
"status": "affected",
"version": "20.11.1_LI_Images"
},
{
"status": "affected",
"version": "20.9.3_LI_ Images"
},
{
"status": "affected",
"version": "20.6.3.1.1"
},
{
"status": "affected",
"version": "20.9.3.0.2"
},
{
"status": "affected",
"version": "20.6.5.1.2"
},
{
"status": "affected",
"version": "20.9.3.0.3"
},
{
"status": "affected",
"version": "20.4.2.3"
},
{
"status": "affected",
"version": "20.6.3.2"
},
{
"status": "affected",
"version": "20.6.4.1"
},
{
"status": "affected",
"version": "20.6.3.0.38"
},
{
"status": "affected",
"version": "20.6.3.0.39"
},
{
"status": "affected",
"version": "20.3.5.1"
},
{
"status": "affected",
"version": "20.3.4.3"
},
{
"status": "affected",
"version": "20.9.3.1"
},
{
"status": "affected",
"version": "20.3.3.2"
},
{
"status": "affected",
"version": "20.6.5.2"
},
{
"status": "affected",
"version": "20.3.7.1"
},
{
"status": "affected",
"version": "20.10.1.1"
},
{
"status": "affected",
"version": "20.6.5.2.1"
},
{
"status": "affected",
"version": "20.3.4.0.25"
},
{
"status": "affected",
"version": "20.6.2.2.4"
},
{
"status": "affected",
"version": "20.6.1.2"
},
{
"status": "affected",
"version": "20.11.1.1"
},
{
"status": "affected",
"version": "20.9.3.0.5"
},
{
"status": "affected",
"version": "20.3.4.0.26"
},
{
"status": "affected",
"version": "20.6.5.1.3"
},
{
"status": "affected",
"version": "20.6.3.0.40"
},
{
"status": "affected",
"version": "20.1.3.1"
},
{
"status": "affected",
"version": "20.9.2.2"
},
{
"status": "affected",
"version": "20.6.5.2.3"
},
{
"status": "affected",
"version": "20.6.5.1.4"
},
{
"status": "affected",
"version": "20.6.5.3"
},
{
"status": "affected",
"version": "20.6.3.0.41"
},
{
"status": "affected",
"version": "20.9.3.0.7"
},
{
"status": "affected",
"version": "20.6.5.1.5"
},
{
"status": "affected",
"version": "20.9.3.0.4"
},
{
"status": "affected",
"version": "20.6.4.0.19"
},
{
"status": "affected",
"version": "20.6.5.1.6"
},
{
"status": "affected",
"version": "20.9.3.0.8"
},
{
"status": "affected",
"version": "20.6.3.3"
},
{
"status": "affected",
"version": "20.3.7.2"
},
{
"status": "affected",
"version": "20.6.5.4"
},
{
"status": "affected",
"version": "20.6.5.1.7"
},
{
"status": "affected",
"version": "20.9.3.0.12"
},
{
"status": "affected",
"version": "20.6.4.2"
},
{
"status": "affected",
"version": "20.6.5.5"
},
{
"status": "affected",
"version": "20.9.3.2"
},
{
"status": "affected",
"version": "20.11.1.2"
},
{
"status": "affected",
"version": "20.6.3.4"
},
{
"status": "affected",
"version": "20.10.1.2"
},
{
"status": "affected",
"version": "20.6.5.1.9"
},
{
"status": "affected",
"version": "20.9.3.0.16"
},
{
"status": "affected",
"version": "20.6.3.0.45"
},
{
"status": "affected",
"version": "20.6.5.1.10"
},
{
"status": "affected",
"version": "20.9.3.0.17"
},
{
"status": "affected",
"version": "20.6.5.2.4"
},
{
"status": "affected",
"version": "20.6.4.0.21"
},
{
"status": "affected",
"version": "20.9.3.0.18"
},
{
"status": "affected",
"version": "20.6.3.0.46"
},
{
"status": "affected",
"version": "20.6.3.0.47"
},
{
"status": "affected",
"version": "20.9.2.3"
},
{
"status": "affected",
"version": "20.9.3.2_LI_Images"
},
{
"status": "affected",
"version": "20.9.3.0.21"
},
{
"status": "affected",
"version": "20.9.3.0.20"
},
{
"status": "affected",
"version": "20.9.4_LI_Images"
},
{
"status": "affected",
"version": "20.9.4"
},
{
"status": "affected",
"version": "20.6.5.1.11"
},
{
"status": "affected",
"version": "20.12.1"
},
{
"status": "affected",
"version": "20.12.1_LI_Images"
},
{
"status": "affected",
"version": "20.6.5.1.13"
},
{
"status": "affected",
"version": "20.9.3.0.23"
},
{
"status": "affected",
"version": "20.6.5.2.8"
},
{
"status": "affected",
"version": "20.9.4.1"
},
{
"status": "affected",
"version": "20.9.4.1_LI_Images"
},
{
"status": "affected",
"version": "20.9.3.0.25"
},
{
"status": "affected",
"version": "20.9.3.0.24"
},
{
"status": "affected",
"version": "20.6.5.1.14"
},
{
"status": "affected",
"version": "20.3.8"
},
{
"status": "affected",
"version": "20.6.6"
},
{
"status": "affected",
"version": "20.9.3.0.26"
},
{
"status": "affected",
"version": "20.6.3.0.51"
},
{
"status": "affected",
"version": "20.9.3.0.29"
},
{
"status": "affected",
"version": "20.12.2"
},
{
"status": "affected",
"version": "20.12.2_LI_Images"
},
{
"status": "affected",
"version": "20.6.6.0.1"
},
{
"status": "affected",
"version": "20.13.1_LI_Images"
},
{
"status": "affected",
"version": "20.9.4.0.4"
},
{
"status": "affected",
"version": "20.13.1"
},
{
"status": "affected",
"version": "20.9.4.1.1"
},
{
"status": "affected",
"version": "20.9.5"
},
{
"status": "affected",
"version": "20.9.5_LI_Images"
},
{
"status": "affected",
"version": "20.12.3_LI_Images"
},
{
"status": "affected",
"version": "20.12.3"
},
{
"status": "affected",
"version": "20.9.4.1.3"
},
{
"status": "affected",
"version": "20.6.7"
},
{
"status": "affected",
"version": "20.9.5.1"
},
{
"status": "affected",
"version": "20.9.5.1_LI_Images"
},
{
"status": "affected",
"version": "20.9.4.1.6"
},
{
"status": "affected",
"version": "20.14.1"
},
{
"status": "affected",
"version": "20.14.1_LI_Images"
},
{
"status": "affected",
"version": "20.9.5.2"
},
{
"status": "affected",
"version": "20.9.5.2.1"
},
{
"status": "affected",
"version": "20.9.5.2_LI_Images"
},
{
"status": "affected",
"version": "20.12.3.1"
},
{
"status": "affected",
"version": "20.12.4"
},
{
"status": "affected",
"version": "20.15.1_LI_Images"
},
{
"status": "affected",
"version": "20.15.1"
},
{
"status": "affected",
"version": "20.9.5.1.4"
},
{
"status": "affected",
"version": "20.9.5.2.7"
},
{
"status": "affected",
"version": "20.9.5.2.13"
},
{
"status": "affected",
"version": "20.9.6"
},
{
"status": "affected",
"version": "20.9.6_LI_Images"
},
{
"status": "affected",
"version": "20.9.5.2.14"
},
{
"status": "affected",
"version": "20.6.8"
},
{
"status": "affected",
"version": "20.12.4.0.03"
},
{
"status": "affected",
"version": "20.16.1"
},
{
"status": "affected",
"version": "20.16.1_LI_Images"
},
{
"status": "affected",
"version": "20.12.4_LI_Images"
},
{
"status": "affected",
"version": "20.9.5.2.16"
},
{
"status": "affected",
"version": "20.12.4.0.4"
},
{
"status": "affected",
"version": "20.12.401"
},
{
"status": "affected",
"version": "20.9.5.3"
},
{
"status": "affected",
"version": "20.9.5.3_LI_Images"
},
{
"status": "affected",
"version": "20.12.4.1_LI_Images"
},
{
"status": "affected",
"version": "20.12.4.1"
},
{
"status": "affected",
"version": "20.9.5.2.21"
},
{
"status": "affected",
"version": "20.9.6.0.3"
},
{
"status": "affected",
"version": "20.12.4.0.6"
},
{
"status": "affected",
"version": "20.15.2_LI_Images"
},
{
"status": "affected",
"version": "20.15.2"
},
{
"status": "affected",
"version": "20.12.4_Monthly_ES5"
},
{
"status": "affected",
"version": "20.12.5"
},
{
"status": "affected",
"version": "20.12.5_LI_Images"
},
{
"status": "affected",
"version": "20.9.7_LI _Images"
},
{
"status": "affected",
"version": "20.9.7"
},
{
"status": "affected",
"version": "20.15.3"
},
{
"status": "affected",
"version": "20.15.3_ LI _Images"
},
{
"status": "affected",
"version": "20.12.501"
},
{
"status": "affected",
"version": "20.12.5.1_LI_Images"
},
{
"status": "affected",
"version": "20.12.5.1"
},
{
"status": "affected",
"version": "20.12.5.2_LI_Images"
},
{
"status": "affected",
"version": "20.12.5.2"
},
{
"status": "affected",
"version": "20.15.3.1"
},
{
"status": "affected",
"version": "20.15.4_LI_Images"
},
{
"status": "affected",
"version": "20.15.4"
},
{
"status": "affected",
"version": "20.9.7.1_LI _Images"
},
{
"status": "affected",
"version": "20.9.7.1"
},
{
"status": "affected",
"version": "20.18.1"
},
{
"status": "affected",
"version": "20.18.1_LI_Images"
},
{
"status": "affected",
"version": "20.12.6_LI_Images"
},
{
"status": "affected",
"version": "20.12.6"
},
{
"status": "affected",
"version": "20.12.5.1.01"
},
{
"status": "affected",
"version": "20.9.8"
},
{
"status": "affected",
"version": "20.9.8_LI_Images"
},
{
"status": "affected",
"version": "20.18.2"
},
{
"status": "affected",
"version": "20.15.4.1_LI_Images"
},
{
"status": "affected",
"version": "20.15.4.1"
},
{
"status": "affected",
"version": "20.18.2_LI_Images"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the peering authentication in Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, and Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an unauthenticated, remote attacker to bypass authentication and obtain administrative privileges on an affected system.\r\n\r\nThis vulnerability exists because the peering authentication mechanism in an affected system is not working properly. An attacker could exploit this vulnerability by sending crafted requests to an affected system. A successful exploit could allow the attacker to log in to an affected Cisco Catalyst SD-WAN Controller as an internal, high-privileged, non-root\u0026nbsp;user account. Using this account, the attacker could access NETCONF, which would then allow the attacker to manipulate network configuration for the SD-WAN fabric.\u0026nbsp;"
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is aware of limited exploitation of this vulnerability. Cisco continues to strongly recommend that customers upgrade to a fixed software release to remediate this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "Improper Authentication",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-25T16:18:10.274Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-sdwan-rpa-EHchtZk",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-rpa-EHchtZk"
}
],
"source": {
"advisory": "cisco-sa-sdwan-rpa-EHchtZk",
"defects": [
"CSCws52722"
],
"discovery": "INTERNAL"
},
"title": "Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2026-20127",
"datePublished": "2026-02-25T16:14:20.137Z",
"dateReserved": "2025-10-08T11:59:15.379Z",
"dateUpdated": "2026-02-26T14:44:06.050Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…