Action not permitted
Modal body text goes here.
Modal Title
Modal Body
WID-SEC-W-2026-0516
Vulnerability from csaf_certbund - Published: 2026-02-25 23:00 - Updated: 2026-03-05 23:00Summary
Cisco Catalyst SD-WAN Manager und SD-WAN Controller: Mehrere Schwachstellen
Severity
Kritisch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Cisco Catalyst SD-WAN ist eine Netzwerklösung, die Software-definierte Wide-Area-Networking-Funktionen (SD-WAN) mit Cisco Catalyst Series Switches kombiniert, um die Netzwerkleistung an verteilten Standorten zu optimieren und zu sichern.
Angriff: Ein entfernter, anonymer oder lokaler Angreifer kann mehrere Schwachstellen in Cisco Catalyst SD-WAN Manager ausnutzen, um Administratorrechte zu erlangen, die Authentifizierung zu umgehen, Befehle mit Netadmin-Rechten auszuführen, sensible Systeminformationen zu lesen und beliebige Dateien auf dem System zu überschreiben.
Betroffene Betriebssysteme: - CISCO Appliance
References
{
"document": {
"aggregate_severity": {
"text": "kritisch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Cisco Catalyst SD-WAN ist eine Netzwerkl\u00f6sung, die Software-definierte Wide-Area-Networking-Funktionen (SD-WAN) mit Cisco Catalyst Series Switches kombiniert, um die Netzwerkleistung an verteilten Standorten zu optimieren und zu sichern.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer oder lokaler Angreifer kann mehrere Schwachstellen in Cisco Catalyst SD-WAN Manager ausnutzen, um Administratorrechte zu erlangen, die Authentifizierung zu umgehen, Befehle mit Netadmin-Rechten auszuf\u00fchren, sensible Systeminformationen zu lesen und beliebige Dateien auf dem System zu \u00fcberschreiben.",
"title": "Angriff"
},
{
"category": "general",
"text": "- CISCO Appliance",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2026-0516 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-0516.json"
},
{
"category": "self",
"summary": "WID-SEC-2026-0516 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-0516"
},
{
"category": "external",
"summary": "Cisco Security Advisory cisco-sa-sdwan-authbp-qwCX8D4v vom 2026-02-25",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-authbp-qwCX8D4v"
},
{
"category": "external",
"summary": "Cisco Security Advisory cisco-sa-sdwan-rpa-EHchtZk vom 2026-02-25",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-rpa-EHchtZk"
},
{
"category": "external",
"summary": "CISA KEV: CVE-2026-20127 Cisco Catalyst SD-WAN Controller and Manager Authentication Bypass Vulnerability vom 2026-02-25",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "external",
"summary": "Cisco Talos Blog: Active exploitation of Cisco Catalyst SD-WAN by UAT-8616 vom 2026-02-25",
"url": "https://blog.talosintelligence.com/uat-8616-sd-wan/"
},
{
"category": "external",
"summary": "Australian Signals Directorate - Cisco SD-WAN Threat Hunt Guide",
"url": "https://www.cyber.gov.au/sites/default/files/2026-02/ACSC-led%20Cisco%20SD-WAN%20Hunt%20Guide.pdf"
},
{
"category": "external",
"summary": "PoC CVE-2026-20127",
"url": "https://github.com/zerozenxlabs/CVE-2026-20127---Cisco-SD-WAN-Preauth-RCE"
}
],
"source_lang": "en-US",
"title": "Cisco Catalyst SD-WAN Manager und SD-WAN Controller: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2026-03-05T23:00:00.000+00:00",
"generator": {
"date": "2026-03-06T12:32:06.165+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.5.0"
}
},
"id": "WID-SEC-W-2026-0516",
"initial_release_date": "2026-02-25T23:00:00.000+00:00",
"revision_history": [
{
"date": "2026-02-25T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2026-03-04T23:00:00.000+00:00",
"number": "2",
"summary": "Exploit aufgenommen CVE-2026-20128 und CVE-2026-20122"
},
{
"date": "2026-03-05T23:00:00.000+00:00",
"number": "3",
"summary": "PoC aufgenommen"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c20.9.8.2",
"product": {
"name": "Cisco Catalyst SD-WAN Manager \u003c20.9.8.2",
"product_id": "T051198"
}
},
{
"category": "product_version",
"name": "20.9.8.2",
"product": {
"name": "Cisco Catalyst SD-WAN Manager 20.9.8.2",
"product_id": "T051198-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:cisco:catalyst_sd-wan_manager:20.9.8.2"
}
}
},
{
"category": "product_version_range",
"name": "\u003c20.12.6.1",
"product": {
"name": "Cisco Catalyst SD-WAN Manager \u003c20.12.6.1",
"product_id": "T051199"
}
},
{
"category": "product_version",
"name": "20.12.6.1",
"product": {
"name": "Cisco Catalyst SD-WAN Manager 20.12.6.1",
"product_id": "T051199-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:cisco:catalyst_sd-wan_manager:20.12.6.1"
}
}
},
{
"category": "product_version_range",
"name": "\u003c20.12.5.3",
"product": {
"name": "Cisco Catalyst SD-WAN Manager \u003c20.12.5.3",
"product_id": "T051200"
}
},
{
"category": "product_version",
"name": "20.12.5.3",
"product": {
"name": "Cisco Catalyst SD-WAN Manager 20.12.5.3",
"product_id": "T051200-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:cisco:catalyst_sd-wan_manager:20.12.5.3"
}
}
},
{
"category": "product_version_range",
"name": "\u003c20.15.4.2",
"product": {
"name": "Cisco Catalyst SD-WAN Manager \u003c20.15.4.2",
"product_id": "T051202"
}
},
{
"category": "product_version",
"name": "20.15.4.2",
"product": {
"name": "Cisco Catalyst SD-WAN Manager 20.15.4.2",
"product_id": "T051202-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:cisco:catalyst_sd-wan_manager:20.15.4.2"
}
}
},
{
"category": "product_version_range",
"name": "\u003c20.18.2.1",
"product": {
"name": "Cisco Catalyst SD-WAN Manager \u003c20.18.2.1",
"product_id": "T051203"
}
},
{
"category": "product_version",
"name": "20.18.2.1",
"product": {
"name": "Cisco Catalyst SD-WAN Manager 20.18.2.1",
"product_id": "T051203-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:cisco:catalyst_sd-wan_manager:20.18.2.1"
}
}
},
{
"category": "product_version_range",
"name": "SD-WAN Controller \u003c20.9.8.2",
"product": {
"name": "Cisco Catalyst SD-WAN Manager SD-WAN Controller \u003c20.9.8.2",
"product_id": "T051204"
}
},
{
"category": "product_version",
"name": "SD-WAN Controller 20.9.8.2",
"product": {
"name": "Cisco Catalyst SD-WAN Manager SD-WAN Controller 20.9.8.2",
"product_id": "T051204-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:cisco:catalyst_sd-wan_manager:sd-wan_controller__20.9.8.2"
}
}
},
{
"category": "product_version_range",
"name": "SD-WAN Controller \u003c20.12.5.3",
"product": {
"name": "Cisco Catalyst SD-WAN Manager SD-WAN Controller \u003c20.12.5.3",
"product_id": "T051205"
}
},
{
"category": "product_version",
"name": "SD-WAN Controller 20.12.5.3",
"product": {
"name": "Cisco Catalyst SD-WAN Manager SD-WAN Controller 20.12.5.3",
"product_id": "T051205-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:cisco:catalyst_sd-wan_manager:sd-wan_controller__20.12.5.3"
}
}
},
{
"category": "product_version_range",
"name": "SD-WAN Controller \u003c20.12.6.1",
"product": {
"name": "Cisco Catalyst SD-WAN Manager SD-WAN Controller \u003c20.12.6.1",
"product_id": "T051206"
}
},
{
"category": "product_version",
"name": "SD-WAN Controller 20.12.6.1",
"product": {
"name": "Cisco Catalyst SD-WAN Manager SD-WAN Controller 20.12.6.1",
"product_id": "T051206-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:cisco:catalyst_sd-wan_manager:sd-wan_controller__20.12.6.1"
}
}
},
{
"category": "product_version_range",
"name": "SD-WAN Controller \u003c20.15.4.2",
"product": {
"name": "Cisco Catalyst SD-WAN Manager SD-WAN Controller \u003c20.15.4.2",
"product_id": "T051207"
}
},
{
"category": "product_version",
"name": "SD-WAN Controller 20.15.4.2",
"product": {
"name": "Cisco Catalyst SD-WAN Manager SD-WAN Controller 20.15.4.2",
"product_id": "T051207-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:cisco:catalyst_sd-wan_manager:sd-wan_controller__20.15.4.2"
}
}
},
{
"category": "product_version_range",
"name": "SD-WAN Controller \u003c20.18.2.1",
"product": {
"name": "Cisco Catalyst SD-WAN Manager SD-WAN Controller \u003c20.18.2.1",
"product_id": "T051208"
}
},
{
"category": "product_version",
"name": "SD-WAN Controller 20.18.2.1",
"product": {
"name": "Cisco Catalyst SD-WAN Manager SD-WAN Controller 20.18.2.1",
"product_id": "T051208-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:cisco:catalyst_sd-wan_manager:sd-wan_controller__20.18.2.1"
}
}
}
],
"category": "product_name",
"name": "Catalyst SD-WAN Manager"
}
],
"category": "vendor",
"name": "Cisco"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-20122",
"product_status": {
"known_affected": [
"T051203",
"T051202",
"T051199",
"T051198",
"T051200"
]
},
"release_date": "2026-02-25T23:00:00.000+00:00",
"title": "CVE-2026-20122"
},
{
"cve": "CVE-2026-20126",
"product_status": {
"known_affected": [
"T051203",
"T051202",
"T051199",
"T051198",
"T051200"
]
},
"release_date": "2026-02-25T23:00:00.000+00:00",
"title": "CVE-2026-20126"
},
{
"cve": "CVE-2026-20128",
"product_status": {
"known_affected": [
"T051203",
"T051202",
"T051199",
"T051198",
"T051200"
]
},
"release_date": "2026-02-25T23:00:00.000+00:00",
"title": "CVE-2026-20128"
},
{
"cve": "CVE-2026-20129",
"product_status": {
"known_affected": [
"T051203",
"T051202",
"T051199",
"T051198",
"T051200"
]
},
"release_date": "2026-02-25T23:00:00.000+00:00",
"title": "CVE-2026-20129"
},
{
"cve": "CVE-2026-20133",
"product_status": {
"known_affected": [
"T051203",
"T051202",
"T051199",
"T051198",
"T051200"
]
},
"release_date": "2026-02-25T23:00:00.000+00:00",
"title": "CVE-2026-20133"
},
{
"cve": "CVE-2026-20127",
"product_status": {
"known_affected": [
"T051207",
"T051206",
"T051208",
"T051203",
"T051202",
"T051205",
"T051204",
"T051199",
"T051198",
"T051200"
]
},
"release_date": "2026-02-25T23:00:00.000+00:00",
"title": "CVE-2026-20127"
}
]
}
CVE-2026-20129 (GCVE-0-2026-20129)
Vulnerability from cvelistv5 – Published: 2026-02-25 16:14 – Updated: 2026-03-20 21:47
VLAI?
EPSS
Title
Cisco Catayst SD-WAN Authentication Bypass Vulnerability
Summary
A vulnerability in the API user authentication of Cisco Catalyst SD-WAN Manager could allow an unauthenticated, remote attacker to gain access to an affected system as a user who has the netadmin role.
The vulnerability is due to improper authentication for requests that are sent to the API. An attacker could exploit this vulnerability by sending a crafted request to the API of an affected system. A successful exploit could allow the attacker to execute commands with the privileges of the netadmin role.
Note: Cisco Catalyst SD-WAN Manager releases 20.18 and later are not affected by this vulnerability.
Severity ?
9.8 (Critical)
CWE
- CWE-287 - Improper Authentication
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Catalyst SD-WAN Manager |
Affected:
20.1.12
Affected: 19.2.1 Affected: 18.4.4 Affected: 18.4.5 Affected: 20.1.1.1 Affected: 20.1.1 Affected: 19.3.0 Affected: 19.2.2 Affected: 19.2.099 Affected: 18.3.6 Affected: 18.3.7 Affected: 19.2.0 Affected: 18.3.8 Affected: 19.0.0 Affected: 19.1.0 Affected: 18.4.302 Affected: 18.4.303 Affected: 19.2.097 Affected: 19.2.098 Affected: 17.2.10 Affected: 18.3.6.1 Affected: 19.0.1a Affected: 18.2.0 Affected: 18.4.3 Affected: 18.4.1 Affected: 17.2.8 Affected: 18.3.3.1 Affected: 18.4.0 Affected: 18.3.1 Affected: 17.2.6 Affected: 17.2.9 Affected: 18.3.4 Affected: 17.2.5 Affected: 18.3.1.1 Affected: 18.3.5 Affected: 18.4.0.1 Affected: 18.3.3 Affected: 17.2.7 Affected: 17.2.4 Affected: 18.3.0 Affected: 19.2.3 Affected: 18.4.501_ES Affected: 20.3.1 Affected: 20.1.2 Affected: 19.2.929 Affected: 19.2.31 Affected: 20.3.2 Affected: 19.2.32 Affected: 20.3.2_925 Affected: 20.3.2.1 Affected: 20.3.2.1_927 Affected: 18.4.6 Affected: 20.1.2_937 Affected: 20.4.1 Affected: 20.3.2_928 Affected: 20.3.2_929 Affected: 20.4.1.0.1 Affected: 20.3.2.1_930 Affected: 19.2.4 Affected: 20.5.0.1.1 Affected: 20.4.1.1 Affected: 20.3.3 Affected: 19.2.4.0.1 Affected: 20.3.2_937 Affected: 20.3.3.1 Affected: 20.5.1 Affected: 20.1.3 Affected: 20.3.3.0.4 Affected: 20.3.3.1.2 Affected: 20.3.3.1.1 Affected: 20.4.1.2 Affected: 20.3.3.0.2 Affected: 20.4.1.1.5 Affected: 20.4.1.0.01 Affected: 20.4.1.0.02 Affected: 20.3.3.1.7 Affected: 20.3.3.1.5 Affected: 20.5.1.0.1 Affected: 20.3.3.1.10 Affected: 20.3.3.0.8 Affected: 20.4.2 Affected: 20.4.2.0.1 Affected: 20.3.4 Affected: 20.3.3.0.14 Affected: 19.2.4.0.8 Affected: 19.2.4.0.9 Affected: 20.3.4.0.1 Affected: 20.3.2.0.5 Affected: 20.6.1 Affected: 20.5.1.0.2 Affected: 20.3.3.0.17 Affected: 20.6.1.1 Affected: 20.6.0.18.3 Affected: 20.3.2.0.6 Affected: 20.6.0.18.4 Affected: 20.4.2.0.2 Affected: 20.3.3.0.16 Affected: 20.3.4.0.5 Affected: 20.6.1.0.1 Affected: 20.3.4.0.6 Affected: 20.6.2 Affected: 20.7.1EFT2 Affected: 20.3.4.0.9 Affected: 20.3.4.0.11 Affected: 20.4.2.0.4 Affected: 20.3.3.0.18 Affected: 20.7.1 Affected: 20.6.2.1 Affected: 20.3.4.1 Affected: 20.5.1.1 Affected: 20.4.2.1 Affected: 20.4.2.1.1 Affected: 20.3.4.1.1 Affected: 20.3.813 Affected: 20.3.4.0.19 Affected: 20.4.2.2.1 Affected: 20.5.1.2 Affected: 20.3.4.2 Affected: 20.3.814 Affected: 20.4.2.2 Affected: 20.6.2.2 Affected: 20.3.4.2.1 Affected: 20.7.1.1 Affected: 20.3.4.1.2 Affected: 20.6.2.2.2 Affected: 20.3.4.0.20 Affected: 20.6.2.2.3 Affected: 20.4.2.2.2 Affected: 20.3.5 Affected: 20.6.2.0.4 Affected: 20.4.2.2.3 Affected: 20.3.4.0.24 Affected: 20.6.2.2.7 Affected: 20.6.3 Affected: 20.3.4.2.2 Affected: 20.4.2.2.4 Affected: 20.7.1.0.2 Affected: 20.8.1 Affected: 20.3.5.0.8 Affected: 20.3.5.0.9 Affected: 20.4.2.2.8 Affected: 20.3.5.0.7 Affected: 20.6.3.0.7 Affected: 20.6.3.0.5 Affected: 20.6.3.0.10 Affected: 20.6.3.0.2 Affected: 20.7.2 Affected: 20.9.1EFT2 Affected: 20.6.3.0.11 Affected: 20.6.3.1 Affected: 20.6.3.0.14 Affected: 20.6.4 Affected: 20.9.1 Affected: 20.6.3.0.19 Affected: 20.6.3.0.18 Affected: 20.3.6 Affected: 20.9.1.1 Affected: 20.6.3.0.23 Affected: 20.6.4.0.4 Affected: 20.6.3.0.25 Affected: 20.6.5 Affected: 20.6.3.0.27 Affected: 20.9.2 Affected: 20.9.2.1 Affected: 20.6.3.0.29 Affected: 20.6.3.0.31 Affected: 20.6.3.0.32 Affected: 20.10.1 Affected: 20.6.3.0.33 Affected: 20.9.2.0.01 Affected: 20.9.1_LI_Images Affected: 20.10.1_LI_Images Affected: 20.9.2_LI_Images Affected: 20.3.7 Affected: 20.9.3 Affected: 20.6.5.1 Affected: 20.11.1 Affected: 20.11.1_LI_Images Affected: 20.9.3_LI_ Images Affected: 20.6.3.1.1 Affected: 20.9.3.0.2 Affected: 20.6.5.1.2 Affected: 20.9.3.0.3 Affected: 20.4.2.3 Affected: 20.6.3.2 Affected: 20.6.4.1 Affected: 20.6.3.0.38 Affected: 20.6.3.0.39 Affected: 20.3.5.1 Affected: 20.3.4.3 Affected: 20.9.3.1 Affected: 20.3.3.2 Affected: 20.6.5.2 Affected: 20.3.7.1 Affected: 20.10.1.1 Affected: 20.6.5.2.1 Affected: 20.3.4.0.25 Affected: 20.6.2.2.4 Affected: 20.6.1.2 Affected: 20.11.1.1 Affected: 20.9.3.0.5 Affected: 20.3.4.0.26 Affected: 20.6.5.1.3 Affected: 20.6.3.0.40 Affected: 20.1.3.1 Affected: 20.9.2.2 Affected: 20.6.5.2.3 Affected: 20.6.5.1.4 Affected: 20.6.5.3 Affected: 20.6.3.0.41 Affected: 20.9.3.0.7 Affected: 20.6.5.1.5 Affected: 20.9.3.0.4 Affected: 20.6.4.0.19 Affected: 20.6.5.1.6 Affected: 20.9.3.0.8 Affected: 20.6.3.3 Affected: 20.3.7.2 Affected: 20.6.5.4 Affected: 20.6.5.1.7 Affected: 20.9.3.0.12 Affected: 20.6.4.2 Affected: 20.6.5.5 Affected: 20.9.3.2 Affected: 20.11.1.2 Affected: 20.6.3.4 Affected: 20.10.1.2 Affected: 20.6.5.1.9 Affected: 20.9.3.0.16 Affected: 20.6.3.0.45 Affected: 20.6.5.1.10 Affected: 20.9.3.0.17 Affected: 20.6.5.2.4 Affected: 20.6.4.0.21 Affected: 20.9.3.0.18 Affected: 20.6.3.0.46 Affected: 20.6.3.0.47 Affected: 20.9.2.3 Affected: 20.9.3.2_LI_Images Affected: 20.9.3.0.21 Affected: 20.9.3.0.20 Affected: 20.9.4_LI_Images Affected: 20.9.4 Affected: 20.6.5.1.11 Affected: 20.12.1 Affected: 20.12.1_LI_Images Affected: 20.6.5.1.13 Affected: 20.9.3.0.23 Affected: 20.6.5.2.8 Affected: 20.9.4.1 Affected: 20.9.4.1_LI_Images Affected: 20.9.3.0.25 Affected: 20.9.3.0.24 Affected: 20.6.5.1.14 Affected: 20.3.8 Affected: 20.6.6 Affected: 20.9.3.0.26 Affected: 20.6.3.0.51 Affected: 20.9.3.0.29 Affected: 20.12.2 Affected: 20.12.2_LI_Images Affected: 20.6.6.0.1 Affected: 20.13.1_LI_Images Affected: 20.9.4.0.4 Affected: 20.13.1 Affected: 20.9.4.1.1 Affected: 20.9.5 Affected: 20.9.5_LI_Images Affected: 20.12.3_LI_Images Affected: 20.12.3 Affected: 20.9.4.1.3 Affected: 20.6.7 Affected: 20.9.5.1 Affected: 20.9.5.1_LI_Images Affected: 20.9.4.1.6 Affected: 20.14.1 Affected: 20.14.1_LI_Images Affected: 20.9.5.2 Affected: 20.9.5.2.1 Affected: 20.9.5.2_LI_Images Affected: 20.12.3.1 Affected: 20.12.4 Affected: 20.15.1_LI_Images Affected: 20.15.1 Affected: 20.9.5.1.4 Affected: 20.9.5.2.7 Affected: 20.9.5.2.13 Affected: 20.9.6 Affected: 20.9.6_LI_Images Affected: 20.9.5.2.14 Affected: 20.6.8 Affected: 20.12.4.0.03 Affected: 20.16.1 Affected: 20.16.1_LI_Images Affected: 20.12.4_LI_Images Affected: 20.9.5.2.16 Affected: 20.12.4.0.4 Affected: 20.12.401 Affected: 20.9.5.3 Affected: 20.9.5.3_LI_Images Affected: 20.12.4.1_LI_Images Affected: 20.12.4.1 Affected: 20.9.5.2.21 Affected: 20.9.6.0.3 Affected: 20.12.4.0.6 Affected: 20.15.2_LI_Images Affected: 20.15.2 Affected: 20.12.4_Monthly_ES5 Affected: 20.12.5 Affected: 20.12.5_LI_Images Affected: 20.9.7_LI _Images Affected: 20.9.7 Affected: 20.15.3 Affected: 20.15.3_ LI _Images Affected: 20.12.501 Affected: 20.12.5.1_LI_Images Affected: 20.12.5.1 Affected: 20.12.5.2_LI_Images Affected: 20.12.5.2 Affected: 20.15.3.1 Affected: 20.15.4_LI_Images Affected: 20.15.4 Affected: 20.9.7.1_LI _Images Affected: 20.9.7.1 Affected: 20.18.1 Affected: 20.18.1_LI_Images Affected: 20.12.6_LI_Images Affected: 20.12.6 Affected: 20.12.5.1.01 Affected: 20.9.8 Affected: 20.9.8_LI_Images Affected: 20.18.2 Affected: 20.15.4.1_LI_Images Affected: 20.15.4.1 Affected: 20.18.2_LI_Images |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-20129",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-26T04:56:11.188124Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T14:44:06.393Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco Catalyst SD-WAN Manager",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "20.1.12"
},
{
"status": "affected",
"version": "19.2.1"
},
{
"status": "affected",
"version": "18.4.4"
},
{
"status": "affected",
"version": "18.4.5"
},
{
"status": "affected",
"version": "20.1.1.1"
},
{
"status": "affected",
"version": "20.1.1"
},
{
"status": "affected",
"version": "19.3.0"
},
{
"status": "affected",
"version": "19.2.2"
},
{
"status": "affected",
"version": "19.2.099"
},
{
"status": "affected",
"version": "18.3.6"
},
{
"status": "affected",
"version": "18.3.7"
},
{
"status": "affected",
"version": "19.2.0"
},
{
"status": "affected",
"version": "18.3.8"
},
{
"status": "affected",
"version": "19.0.0"
},
{
"status": "affected",
"version": "19.1.0"
},
{
"status": "affected",
"version": "18.4.302"
},
{
"status": "affected",
"version": "18.4.303"
},
{
"status": "affected",
"version": "19.2.097"
},
{
"status": "affected",
"version": "19.2.098"
},
{
"status": "affected",
"version": "17.2.10"
},
{
"status": "affected",
"version": "18.3.6.1"
},
{
"status": "affected",
"version": "19.0.1a"
},
{
"status": "affected",
"version": "18.2.0"
},
{
"status": "affected",
"version": "18.4.3"
},
{
"status": "affected",
"version": "18.4.1"
},
{
"status": "affected",
"version": "17.2.8"
},
{
"status": "affected",
"version": "18.3.3.1"
},
{
"status": "affected",
"version": "18.4.0"
},
{
"status": "affected",
"version": "18.3.1"
},
{
"status": "affected",
"version": "17.2.6"
},
{
"status": "affected",
"version": "17.2.9"
},
{
"status": "affected",
"version": "18.3.4"
},
{
"status": "affected",
"version": "17.2.5"
},
{
"status": "affected",
"version": "18.3.1.1"
},
{
"status": "affected",
"version": "18.3.5"
},
{
"status": "affected",
"version": "18.4.0.1"
},
{
"status": "affected",
"version": "18.3.3"
},
{
"status": "affected",
"version": "17.2.7"
},
{
"status": "affected",
"version": "17.2.4"
},
{
"status": "affected",
"version": "18.3.0"
},
{
"status": "affected",
"version": "19.2.3"
},
{
"status": "affected",
"version": "18.4.501_ES"
},
{
"status": "affected",
"version": "20.3.1"
},
{
"status": "affected",
"version": "20.1.2"
},
{
"status": "affected",
"version": "19.2.929"
},
{
"status": "affected",
"version": "19.2.31"
},
{
"status": "affected",
"version": "20.3.2"
},
{
"status": "affected",
"version": "19.2.32"
},
{
"status": "affected",
"version": "20.3.2_925"
},
{
"status": "affected",
"version": "20.3.2.1"
},
{
"status": "affected",
"version": "20.3.2.1_927"
},
{
"status": "affected",
"version": "18.4.6"
},
{
"status": "affected",
"version": "20.1.2_937"
},
{
"status": "affected",
"version": "20.4.1"
},
{
"status": "affected",
"version": "20.3.2_928"
},
{
"status": "affected",
"version": "20.3.2_929"
},
{
"status": "affected",
"version": "20.4.1.0.1"
},
{
"status": "affected",
"version": "20.3.2.1_930"
},
{
"status": "affected",
"version": "19.2.4"
},
{
"status": "affected",
"version": "20.5.0.1.1"
},
{
"status": "affected",
"version": "20.4.1.1"
},
{
"status": "affected",
"version": "20.3.3"
},
{
"status": "affected",
"version": "19.2.4.0.1"
},
{
"status": "affected",
"version": "20.3.2_937"
},
{
"status": "affected",
"version": "20.3.3.1"
},
{
"status": "affected",
"version": "20.5.1"
},
{
"status": "affected",
"version": "20.1.3"
},
{
"status": "affected",
"version": "20.3.3.0.4"
},
{
"status": "affected",
"version": "20.3.3.1.2"
},
{
"status": "affected",
"version": "20.3.3.1.1"
},
{
"status": "affected",
"version": "20.4.1.2"
},
{
"status": "affected",
"version": "20.3.3.0.2"
},
{
"status": "affected",
"version": "20.4.1.1.5"
},
{
"status": "affected",
"version": "20.4.1.0.01"
},
{
"status": "affected",
"version": "20.4.1.0.02"
},
{
"status": "affected",
"version": "20.3.3.1.7"
},
{
"status": "affected",
"version": "20.3.3.1.5"
},
{
"status": "affected",
"version": "20.5.1.0.1"
},
{
"status": "affected",
"version": "20.3.3.1.10"
},
{
"status": "affected",
"version": "20.3.3.0.8"
},
{
"status": "affected",
"version": "20.4.2"
},
{
"status": "affected",
"version": "20.4.2.0.1"
},
{
"status": "affected",
"version": "20.3.4"
},
{
"status": "affected",
"version": "20.3.3.0.14"
},
{
"status": "affected",
"version": "19.2.4.0.8"
},
{
"status": "affected",
"version": "19.2.4.0.9"
},
{
"status": "affected",
"version": "20.3.4.0.1"
},
{
"status": "affected",
"version": "20.3.2.0.5"
},
{
"status": "affected",
"version": "20.6.1"
},
{
"status": "affected",
"version": "20.5.1.0.2"
},
{
"status": "affected",
"version": "20.3.3.0.17"
},
{
"status": "affected",
"version": "20.6.1.1"
},
{
"status": "affected",
"version": "20.6.0.18.3"
},
{
"status": "affected",
"version": "20.3.2.0.6"
},
{
"status": "affected",
"version": "20.6.0.18.4"
},
{
"status": "affected",
"version": "20.4.2.0.2"
},
{
"status": "affected",
"version": "20.3.3.0.16"
},
{
"status": "affected",
"version": "20.3.4.0.5"
},
{
"status": "affected",
"version": "20.6.1.0.1"
},
{
"status": "affected",
"version": "20.3.4.0.6"
},
{
"status": "affected",
"version": "20.6.2"
},
{
"status": "affected",
"version": "20.7.1EFT2"
},
{
"status": "affected",
"version": "20.3.4.0.9"
},
{
"status": "affected",
"version": "20.3.4.0.11"
},
{
"status": "affected",
"version": "20.4.2.0.4"
},
{
"status": "affected",
"version": "20.3.3.0.18"
},
{
"status": "affected",
"version": "20.7.1"
},
{
"status": "affected",
"version": "20.6.2.1"
},
{
"status": "affected",
"version": "20.3.4.1"
},
{
"status": "affected",
"version": "20.5.1.1"
},
{
"status": "affected",
"version": "20.4.2.1"
},
{
"status": "affected",
"version": "20.4.2.1.1"
},
{
"status": "affected",
"version": "20.3.4.1.1"
},
{
"status": "affected",
"version": "20.3.813"
},
{
"status": "affected",
"version": "20.3.4.0.19"
},
{
"status": "affected",
"version": "20.4.2.2.1"
},
{
"status": "affected",
"version": "20.5.1.2"
},
{
"status": "affected",
"version": "20.3.4.2"
},
{
"status": "affected",
"version": "20.3.814"
},
{
"status": "affected",
"version": "20.4.2.2"
},
{
"status": "affected",
"version": "20.6.2.2"
},
{
"status": "affected",
"version": "20.3.4.2.1"
},
{
"status": "affected",
"version": "20.7.1.1"
},
{
"status": "affected",
"version": "20.3.4.1.2"
},
{
"status": "affected",
"version": "20.6.2.2.2"
},
{
"status": "affected",
"version": "20.3.4.0.20"
},
{
"status": "affected",
"version": "20.6.2.2.3"
},
{
"status": "affected",
"version": "20.4.2.2.2"
},
{
"status": "affected",
"version": "20.3.5"
},
{
"status": "affected",
"version": "20.6.2.0.4"
},
{
"status": "affected",
"version": "20.4.2.2.3"
},
{
"status": "affected",
"version": "20.3.4.0.24"
},
{
"status": "affected",
"version": "20.6.2.2.7"
},
{
"status": "affected",
"version": "20.6.3"
},
{
"status": "affected",
"version": "20.3.4.2.2"
},
{
"status": "affected",
"version": "20.4.2.2.4"
},
{
"status": "affected",
"version": "20.7.1.0.2"
},
{
"status": "affected",
"version": "20.8.1"
},
{
"status": "affected",
"version": "20.3.5.0.8"
},
{
"status": "affected",
"version": "20.3.5.0.9"
},
{
"status": "affected",
"version": "20.4.2.2.8"
},
{
"status": "affected",
"version": "20.3.5.0.7"
},
{
"status": "affected",
"version": "20.6.3.0.7"
},
{
"status": "affected",
"version": "20.6.3.0.5"
},
{
"status": "affected",
"version": "20.6.3.0.10"
},
{
"status": "affected",
"version": "20.6.3.0.2"
},
{
"status": "affected",
"version": "20.7.2"
},
{
"status": "affected",
"version": "20.9.1EFT2"
},
{
"status": "affected",
"version": "20.6.3.0.11"
},
{
"status": "affected",
"version": "20.6.3.1"
},
{
"status": "affected",
"version": "20.6.3.0.14"
},
{
"status": "affected",
"version": "20.6.4"
},
{
"status": "affected",
"version": "20.9.1"
},
{
"status": "affected",
"version": "20.6.3.0.19"
},
{
"status": "affected",
"version": "20.6.3.0.18"
},
{
"status": "affected",
"version": "20.3.6"
},
{
"status": "affected",
"version": "20.9.1.1"
},
{
"status": "affected",
"version": "20.6.3.0.23"
},
{
"status": "affected",
"version": "20.6.4.0.4"
},
{
"status": "affected",
"version": "20.6.3.0.25"
},
{
"status": "affected",
"version": "20.6.5"
},
{
"status": "affected",
"version": "20.6.3.0.27"
},
{
"status": "affected",
"version": "20.9.2"
},
{
"status": "affected",
"version": "20.9.2.1"
},
{
"status": "affected",
"version": "20.6.3.0.29"
},
{
"status": "affected",
"version": "20.6.3.0.31"
},
{
"status": "affected",
"version": "20.6.3.0.32"
},
{
"status": "affected",
"version": "20.10.1"
},
{
"status": "affected",
"version": "20.6.3.0.33"
},
{
"status": "affected",
"version": "20.9.2.0.01"
},
{
"status": "affected",
"version": "20.9.1_LI_Images"
},
{
"status": "affected",
"version": "20.10.1_LI_Images"
},
{
"status": "affected",
"version": "20.9.2_LI_Images"
},
{
"status": "affected",
"version": "20.3.7"
},
{
"status": "affected",
"version": "20.9.3"
},
{
"status": "affected",
"version": "20.6.5.1"
},
{
"status": "affected",
"version": "20.11.1"
},
{
"status": "affected",
"version": "20.11.1_LI_Images"
},
{
"status": "affected",
"version": "20.9.3_LI_ Images"
},
{
"status": "affected",
"version": "20.6.3.1.1"
},
{
"status": "affected",
"version": "20.9.3.0.2"
},
{
"status": "affected",
"version": "20.6.5.1.2"
},
{
"status": "affected",
"version": "20.9.3.0.3"
},
{
"status": "affected",
"version": "20.4.2.3"
},
{
"status": "affected",
"version": "20.6.3.2"
},
{
"status": "affected",
"version": "20.6.4.1"
},
{
"status": "affected",
"version": "20.6.3.0.38"
},
{
"status": "affected",
"version": "20.6.3.0.39"
},
{
"status": "affected",
"version": "20.3.5.1"
},
{
"status": "affected",
"version": "20.3.4.3"
},
{
"status": "affected",
"version": "20.9.3.1"
},
{
"status": "affected",
"version": "20.3.3.2"
},
{
"status": "affected",
"version": "20.6.5.2"
},
{
"status": "affected",
"version": "20.3.7.1"
},
{
"status": "affected",
"version": "20.10.1.1"
},
{
"status": "affected",
"version": "20.6.5.2.1"
},
{
"status": "affected",
"version": "20.3.4.0.25"
},
{
"status": "affected",
"version": "20.6.2.2.4"
},
{
"status": "affected",
"version": "20.6.1.2"
},
{
"status": "affected",
"version": "20.11.1.1"
},
{
"status": "affected",
"version": "20.9.3.0.5"
},
{
"status": "affected",
"version": "20.3.4.0.26"
},
{
"status": "affected",
"version": "20.6.5.1.3"
},
{
"status": "affected",
"version": "20.6.3.0.40"
},
{
"status": "affected",
"version": "20.1.3.1"
},
{
"status": "affected",
"version": "20.9.2.2"
},
{
"status": "affected",
"version": "20.6.5.2.3"
},
{
"status": "affected",
"version": "20.6.5.1.4"
},
{
"status": "affected",
"version": "20.6.5.3"
},
{
"status": "affected",
"version": "20.6.3.0.41"
},
{
"status": "affected",
"version": "20.9.3.0.7"
},
{
"status": "affected",
"version": "20.6.5.1.5"
},
{
"status": "affected",
"version": "20.9.3.0.4"
},
{
"status": "affected",
"version": "20.6.4.0.19"
},
{
"status": "affected",
"version": "20.6.5.1.6"
},
{
"status": "affected",
"version": "20.9.3.0.8"
},
{
"status": "affected",
"version": "20.6.3.3"
},
{
"status": "affected",
"version": "20.3.7.2"
},
{
"status": "affected",
"version": "20.6.5.4"
},
{
"status": "affected",
"version": "20.6.5.1.7"
},
{
"status": "affected",
"version": "20.9.3.0.12"
},
{
"status": "affected",
"version": "20.6.4.2"
},
{
"status": "affected",
"version": "20.6.5.5"
},
{
"status": "affected",
"version": "20.9.3.2"
},
{
"status": "affected",
"version": "20.11.1.2"
},
{
"status": "affected",
"version": "20.6.3.4"
},
{
"status": "affected",
"version": "20.10.1.2"
},
{
"status": "affected",
"version": "20.6.5.1.9"
},
{
"status": "affected",
"version": "20.9.3.0.16"
},
{
"status": "affected",
"version": "20.6.3.0.45"
},
{
"status": "affected",
"version": "20.6.5.1.10"
},
{
"status": "affected",
"version": "20.9.3.0.17"
},
{
"status": "affected",
"version": "20.6.5.2.4"
},
{
"status": "affected",
"version": "20.6.4.0.21"
},
{
"status": "affected",
"version": "20.9.3.0.18"
},
{
"status": "affected",
"version": "20.6.3.0.46"
},
{
"status": "affected",
"version": "20.6.3.0.47"
},
{
"status": "affected",
"version": "20.9.2.3"
},
{
"status": "affected",
"version": "20.9.3.2_LI_Images"
},
{
"status": "affected",
"version": "20.9.3.0.21"
},
{
"status": "affected",
"version": "20.9.3.0.20"
},
{
"status": "affected",
"version": "20.9.4_LI_Images"
},
{
"status": "affected",
"version": "20.9.4"
},
{
"status": "affected",
"version": "20.6.5.1.11"
},
{
"status": "affected",
"version": "20.12.1"
},
{
"status": "affected",
"version": "20.12.1_LI_Images"
},
{
"status": "affected",
"version": "20.6.5.1.13"
},
{
"status": "affected",
"version": "20.9.3.0.23"
},
{
"status": "affected",
"version": "20.6.5.2.8"
},
{
"status": "affected",
"version": "20.9.4.1"
},
{
"status": "affected",
"version": "20.9.4.1_LI_Images"
},
{
"status": "affected",
"version": "20.9.3.0.25"
},
{
"status": "affected",
"version": "20.9.3.0.24"
},
{
"status": "affected",
"version": "20.6.5.1.14"
},
{
"status": "affected",
"version": "20.3.8"
},
{
"status": "affected",
"version": "20.6.6"
},
{
"status": "affected",
"version": "20.9.3.0.26"
},
{
"status": "affected",
"version": "20.6.3.0.51"
},
{
"status": "affected",
"version": "20.9.3.0.29"
},
{
"status": "affected",
"version": "20.12.2"
},
{
"status": "affected",
"version": "20.12.2_LI_Images"
},
{
"status": "affected",
"version": "20.6.6.0.1"
},
{
"status": "affected",
"version": "20.13.1_LI_Images"
},
{
"status": "affected",
"version": "20.9.4.0.4"
},
{
"status": "affected",
"version": "20.13.1"
},
{
"status": "affected",
"version": "20.9.4.1.1"
},
{
"status": "affected",
"version": "20.9.5"
},
{
"status": "affected",
"version": "20.9.5_LI_Images"
},
{
"status": "affected",
"version": "20.12.3_LI_Images"
},
{
"status": "affected",
"version": "20.12.3"
},
{
"status": "affected",
"version": "20.9.4.1.3"
},
{
"status": "affected",
"version": "20.6.7"
},
{
"status": "affected",
"version": "20.9.5.1"
},
{
"status": "affected",
"version": "20.9.5.1_LI_Images"
},
{
"status": "affected",
"version": "20.9.4.1.6"
},
{
"status": "affected",
"version": "20.14.1"
},
{
"status": "affected",
"version": "20.14.1_LI_Images"
},
{
"status": "affected",
"version": "20.9.5.2"
},
{
"status": "affected",
"version": "20.9.5.2.1"
},
{
"status": "affected",
"version": "20.9.5.2_LI_Images"
},
{
"status": "affected",
"version": "20.12.3.1"
},
{
"status": "affected",
"version": "20.12.4"
},
{
"status": "affected",
"version": "20.15.1_LI_Images"
},
{
"status": "affected",
"version": "20.15.1"
},
{
"status": "affected",
"version": "20.9.5.1.4"
},
{
"status": "affected",
"version": "20.9.5.2.7"
},
{
"status": "affected",
"version": "20.9.5.2.13"
},
{
"status": "affected",
"version": "20.9.6"
},
{
"status": "affected",
"version": "20.9.6_LI_Images"
},
{
"status": "affected",
"version": "20.9.5.2.14"
},
{
"status": "affected",
"version": "20.6.8"
},
{
"status": "affected",
"version": "20.12.4.0.03"
},
{
"status": "affected",
"version": "20.16.1"
},
{
"status": "affected",
"version": "20.16.1_LI_Images"
},
{
"status": "affected",
"version": "20.12.4_LI_Images"
},
{
"status": "affected",
"version": "20.9.5.2.16"
},
{
"status": "affected",
"version": "20.12.4.0.4"
},
{
"status": "affected",
"version": "20.12.401"
},
{
"status": "affected",
"version": "20.9.5.3"
},
{
"status": "affected",
"version": "20.9.5.3_LI_Images"
},
{
"status": "affected",
"version": "20.12.4.1_LI_Images"
},
{
"status": "affected",
"version": "20.12.4.1"
},
{
"status": "affected",
"version": "20.9.5.2.21"
},
{
"status": "affected",
"version": "20.9.6.0.3"
},
{
"status": "affected",
"version": "20.12.4.0.6"
},
{
"status": "affected",
"version": "20.15.2_LI_Images"
},
{
"status": "affected",
"version": "20.15.2"
},
{
"status": "affected",
"version": "20.12.4_Monthly_ES5"
},
{
"status": "affected",
"version": "20.12.5"
},
{
"status": "affected",
"version": "20.12.5_LI_Images"
},
{
"status": "affected",
"version": "20.9.7_LI _Images"
},
{
"status": "affected",
"version": "20.9.7"
},
{
"status": "affected",
"version": "20.15.3"
},
{
"status": "affected",
"version": "20.15.3_ LI _Images"
},
{
"status": "affected",
"version": "20.12.501"
},
{
"status": "affected",
"version": "20.12.5.1_LI_Images"
},
{
"status": "affected",
"version": "20.12.5.1"
},
{
"status": "affected",
"version": "20.12.5.2_LI_Images"
},
{
"status": "affected",
"version": "20.12.5.2"
},
{
"status": "affected",
"version": "20.15.3.1"
},
{
"status": "affected",
"version": "20.15.4_LI_Images"
},
{
"status": "affected",
"version": "20.15.4"
},
{
"status": "affected",
"version": "20.9.7.1_LI _Images"
},
{
"status": "affected",
"version": "20.9.7.1"
},
{
"status": "affected",
"version": "20.18.1"
},
{
"status": "affected",
"version": "20.18.1_LI_Images"
},
{
"status": "affected",
"version": "20.12.6_LI_Images"
},
{
"status": "affected",
"version": "20.12.6"
},
{
"status": "affected",
"version": "20.12.5.1.01"
},
{
"status": "affected",
"version": "20.9.8"
},
{
"status": "affected",
"version": "20.9.8_LI_Images"
},
{
"status": "affected",
"version": "20.18.2"
},
{
"status": "affected",
"version": "20.15.4.1_LI_Images"
},
{
"status": "affected",
"version": "20.15.4.1"
},
{
"status": "affected",
"version": "20.18.2_LI_Images"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the API user authentication of Cisco Catalyst SD-WAN Manager could allow an unauthenticated, remote attacker to gain access to an affected system as a user who has the\u0026nbsp;netadmin role.\r\n\r\nThe vulnerability is due to improper authentication for requests that are sent to the API. An attacker could exploit this vulnerability by sending a crafted request to the API of an affected system. A successful exploit could allow the attacker to execute commands with the privileges of the netadmin role.\r\nNote: Cisco Catalyst SD-WAN Manager releases 20.18 and later are not affected by this vulnerability.\u0026nbsp;"
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in CVE-2026-20133, CVE-2026-20126, and CVE-2026-20129.\r\n\r\nIn March 2026, the Cisco PSIRT became aware of active exploitation of the vulnerabilities that are described in CVE-2026-20128 and CVE-2026-20122 only. The vulnerabilities that are described in the other CVEs in this advisory are not known to have been compromised. Cisco strongly recommends that customers upgrade to a fixed software release to remediate these vulnerabilities."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "Improper Authentication",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-20T21:47:59.021Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-sdwan-authbp-qwCX8D4v",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-authbp-qwCX8D4v"
}
],
"source": {
"advisory": "cisco-sa-sdwan-authbp-qwCX8D4v",
"defects": [
"CSCws33587"
],
"discovery": "INTERNAL"
},
"title": "Cisco Catayst SD-WAN Authentication Bypass Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2026-20129",
"datePublished": "2026-02-25T16:14:09.046Z",
"dateReserved": "2025-10-08T11:59:15.379Z",
"dateUpdated": "2026-03-20T21:47:59.021Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-20127 (GCVE-0-2026-20127)
Vulnerability from cvelistv5 – Published: 2026-02-25 16:14 – Updated: 2026-02-26 14:44
VLAI?
EPSS
Title
Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability
Summary
A vulnerability in the peering authentication in Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, and Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an unauthenticated, remote attacker to bypass authentication and obtain administrative privileges on an affected system.
This vulnerability exists because the peering authentication mechanism in an affected system is not working properly. An attacker could exploit this vulnerability by sending crafted requests to an affected system. A successful exploit could allow the attacker to log in to an affected Cisco Catalyst SD-WAN Controller as an internal, high-privileged, non-root user account. Using this account, the attacker could access NETCONF, which would then allow the attacker to manipulate network configuration for the SD-WAN fabric.
Severity ?
10 (Critical)
CWE
- CWE-287 - Improper Authentication
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Catalyst SD-WAN Manager |
Affected:
20.1.12
Affected: 19.2.1 Affected: 18.4.4 Affected: 18.4.5 Affected: 20.1.1.1 Affected: 20.1.1 Affected: 19.3.0 Affected: 19.2.2 Affected: 19.2.099 Affected: 18.3.6 Affected: 18.3.7 Affected: 19.2.0 Affected: 18.3.8 Affected: 19.0.0 Affected: 19.1.0 Affected: 18.4.302 Affected: 18.4.303 Affected: 19.2.097 Affected: 19.2.098 Affected: 17.2.10 Affected: 18.3.6.1 Affected: 19.0.1a Affected: 18.2.0 Affected: 18.4.3 Affected: 18.4.1 Affected: 17.2.8 Affected: 18.3.3.1 Affected: 18.4.0 Affected: 18.3.1 Affected: 17.2.6 Affected: 17.2.9 Affected: 18.3.4 Affected: 17.2.5 Affected: 18.3.1.1 Affected: 18.3.5 Affected: 18.4.0.1 Affected: 18.3.3 Affected: 17.2.7 Affected: 17.2.4 Affected: 18.3.0 Affected: 19.2.3 Affected: 18.4.501_ES Affected: 20.3.1 Affected: 20.1.2 Affected: 19.2.929 Affected: 19.2.31 Affected: 20.3.2 Affected: 19.2.32 Affected: 20.3.2_925 Affected: 20.3.2.1 Affected: 20.3.2.1_927 Affected: 18.4.6 Affected: 20.1.2_937 Affected: 20.4.1 Affected: 20.3.2_928 Affected: 20.3.2_929 Affected: 20.4.1.0.1 Affected: 20.3.2.1_930 Affected: 19.2.4 Affected: 20.5.0.1.1 Affected: 20.4.1.1 Affected: 20.3.3 Affected: 19.2.4.0.1 Affected: 20.3.2_937 Affected: 20.3.3.1 Affected: 20.5.1 Affected: 20.1.3 Affected: 20.3.3.0.4 Affected: 20.3.3.1.2 Affected: 20.3.3.1.1 Affected: 20.4.1.2 Affected: 20.3.3.0.2 Affected: 20.4.1.1.5 Affected: 20.4.1.0.01 Affected: 20.4.1.0.02 Affected: 20.3.3.1.7 Affected: 20.3.3.1.5 Affected: 20.5.1.0.1 Affected: 20.3.3.1.10 Affected: 20.3.3.0.8 Affected: 20.4.2 Affected: 20.4.2.0.1 Affected: 20.3.4 Affected: 20.3.3.0.14 Affected: 19.2.4.0.8 Affected: 19.2.4.0.9 Affected: 20.3.4.0.1 Affected: 20.3.2.0.5 Affected: 20.6.1 Affected: 20.5.1.0.2 Affected: 20.3.3.0.17 Affected: 20.6.1.1 Affected: 20.6.0.18.3 Affected: 20.3.2.0.6 Affected: 20.6.0.18.4 Affected: 20.4.2.0.2 Affected: 20.3.3.0.16 Affected: 20.3.4.0.5 Affected: 20.6.1.0.1 Affected: 20.3.4.0.6 Affected: 20.6.2 Affected: 20.7.1EFT2 Affected: 20.3.4.0.9 Affected: 20.3.4.0.11 Affected: 20.4.2.0.4 Affected: 20.3.3.0.18 Affected: 20.7.1 Affected: 20.6.2.1 Affected: 20.3.4.1 Affected: 20.5.1.1 Affected: 20.4.2.1 Affected: 20.4.2.1.1 Affected: 20.3.4.1.1 Affected: 20.3.813 Affected: 20.3.4.0.19 Affected: 20.4.2.2.1 Affected: 20.5.1.2 Affected: 20.3.4.2 Affected: 20.3.814 Affected: 20.4.2.2 Affected: 20.6.2.2 Affected: 20.3.4.2.1 Affected: 20.7.1.1 Affected: 20.3.4.1.2 Affected: 20.6.2.2.2 Affected: 20.3.4.0.20 Affected: 20.6.2.2.3 Affected: 20.4.2.2.2 Affected: 20.3.5 Affected: 20.6.2.0.4 Affected: 20.4.2.2.3 Affected: 20.3.4.0.24 Affected: 20.6.2.2.7 Affected: 20.6.3 Affected: 20.3.4.2.2 Affected: 20.4.2.2.4 Affected: 20.7.1.0.2 Affected: 20.8.1 Affected: 20.3.5.0.8 Affected: 20.3.5.0.9 Affected: 20.4.2.2.8 Affected: 20.3.5.0.7 Affected: 20.6.3.0.7 Affected: 20.6.3.0.5 Affected: 20.6.3.0.10 Affected: 20.6.3.0.2 Affected: 20.7.2 Affected: 20.9.1EFT2 Affected: 20.6.3.0.11 Affected: 20.6.3.1 Affected: 20.6.3.0.14 Affected: 20.6.4 Affected: 20.9.1 Affected: 20.6.3.0.19 Affected: 20.6.3.0.18 Affected: 20.3.6 Affected: 20.9.1.1 Affected: 20.6.3.0.23 Affected: 20.6.4.0.4 Affected: 20.6.3.0.25 Affected: 20.6.5 Affected: 20.6.3.0.27 Affected: 20.9.2 Affected: 20.9.2.1 Affected: 20.6.3.0.29 Affected: 20.6.3.0.31 Affected: 20.6.3.0.32 Affected: 20.10.1 Affected: 20.6.3.0.33 Affected: 20.9.2.0.01 Affected: 20.9.1_LI_Images Affected: 20.10.1_LI_Images Affected: 20.9.2_LI_Images Affected: 20.3.7 Affected: 20.9.3 Affected: 20.6.5.1 Affected: 20.11.1 Affected: 20.11.1_LI_Images Affected: 20.9.3_LI_ Images Affected: 20.6.3.1.1 Affected: 20.9.3.0.2 Affected: 20.6.5.1.2 Affected: 20.9.3.0.3 Affected: 20.4.2.3 Affected: 20.6.3.2 Affected: 20.6.4.1 Affected: 20.6.3.0.38 Affected: 20.6.3.0.39 Affected: 20.3.5.1 Affected: 20.3.4.3 Affected: 20.9.3.1 Affected: 20.3.3.2 Affected: 20.6.5.2 Affected: 20.3.7.1 Affected: 20.10.1.1 Affected: 20.6.5.2.1 Affected: 20.3.4.0.25 Affected: 20.6.2.2.4 Affected: 20.6.1.2 Affected: 20.11.1.1 Affected: 20.9.3.0.5 Affected: 20.3.4.0.26 Affected: 20.6.5.1.3 Affected: 20.6.3.0.40 Affected: 20.1.3.1 Affected: 20.9.2.2 Affected: 20.6.5.2.3 Affected: 20.6.5.1.4 Affected: 20.6.5.3 Affected: 20.6.3.0.41 Affected: 20.9.3.0.7 Affected: 20.6.5.1.5 Affected: 20.9.3.0.4 Affected: 20.6.4.0.19 Affected: 20.6.5.1.6 Affected: 20.9.3.0.8 Affected: 20.6.3.3 Affected: 20.3.7.2 Affected: 20.6.5.4 Affected: 20.6.5.1.7 Affected: 20.9.3.0.12 Affected: 20.6.4.2 Affected: 20.6.5.5 Affected: 20.9.3.2 Affected: 20.11.1.2 Affected: 20.6.3.4 Affected: 20.10.1.2 Affected: 20.6.5.1.9 Affected: 20.9.3.0.16 Affected: 20.6.3.0.45 Affected: 20.6.5.1.10 Affected: 20.9.3.0.17 Affected: 20.6.5.2.4 Affected: 20.6.4.0.21 Affected: 20.9.3.0.18 Affected: 20.6.3.0.46 Affected: 20.6.3.0.47 Affected: 20.9.2.3 Affected: 20.9.3.2_LI_Images Affected: 20.9.3.0.21 Affected: 20.9.3.0.20 Affected: 20.9.4_LI_Images Affected: 20.9.4 Affected: 20.6.5.1.11 Affected: 20.12.1 Affected: 20.12.1_LI_Images Affected: 20.6.5.1.13 Affected: 20.9.3.0.23 Affected: 20.6.5.2.8 Affected: 20.9.4.1 Affected: 20.9.4.1_LI_Images Affected: 20.9.3.0.25 Affected: 20.9.3.0.24 Affected: 20.6.5.1.14 Affected: 20.3.8 Affected: 20.6.6 Affected: 20.9.3.0.26 Affected: 20.6.3.0.51 Affected: 20.9.3.0.29 Affected: 20.12.2 Affected: 20.12.2_LI_Images Affected: 20.6.6.0.1 Affected: 20.13.1_LI_Images Affected: 20.9.4.0.4 Affected: 20.13.1 Affected: 20.9.4.1.1 Affected: 20.9.5 Affected: 20.9.5_LI_Images Affected: 20.12.3_LI_Images Affected: 20.12.3 Affected: 20.9.4.1.3 Affected: 20.6.7 Affected: 20.9.5.1 Affected: 20.9.5.1_LI_Images Affected: 20.9.4.1.6 Affected: 20.14.1 Affected: 20.14.1_LI_Images Affected: 20.9.5.2 Affected: 20.9.5.2.1 Affected: 20.9.5.2_LI_Images Affected: 20.12.3.1 Affected: 20.12.4 Affected: 20.15.1_LI_Images Affected: 20.15.1 Affected: 20.9.5.1.4 Affected: 20.9.5.2.7 Affected: 20.9.5.2.13 Affected: 20.9.6 Affected: 20.9.6_LI_Images Affected: 20.9.5.2.14 Affected: 20.6.8 Affected: 20.12.4.0.03 Affected: 20.16.1 Affected: 20.16.1_LI_Images Affected: 20.12.4_LI_Images Affected: 20.9.5.2.16 Affected: 20.12.4.0.4 Affected: 20.12.401 Affected: 20.9.5.3 Affected: 20.9.5.3_LI_Images Affected: 20.12.4.1_LI_Images Affected: 20.12.4.1 Affected: 20.9.5.2.21 Affected: 20.9.6.0.3 Affected: 20.12.4.0.6 Affected: 20.15.2_LI_Images Affected: 20.15.2 Affected: 20.12.4_Monthly_ES5 Affected: 20.12.5 Affected: 20.12.5_LI_Images Affected: 20.9.7_LI _Images Affected: 20.9.7 Affected: 20.15.3 Affected: 20.15.3_ LI _Images Affected: 20.12.501 Affected: 20.12.5.1_LI_Images Affected: 20.12.5.1 Affected: 20.12.5.2_LI_Images Affected: 20.12.5.2 Affected: 20.15.3.1 Affected: 20.15.4_LI_Images Affected: 20.15.4 Affected: 20.9.7.1_LI _Images Affected: 20.9.7.1 Affected: 20.18.1 Affected: 20.18.1_LI_Images Affected: 20.12.6_LI_Images Affected: 20.12.6 Affected: 20.12.5.1.01 Affected: 20.9.8 Affected: 20.9.8_LI_Images Affected: 20.18.2 Affected: 20.15.4.1_LI_Images Affected: 20.15.4.1 Affected: 20.18.2_LI_Images |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-20127",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-26T04:55:54.782171Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2026-02-25",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-20127"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T14:44:06.050Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-20127"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco Catalyst SD-WAN Manager",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "20.1.12"
},
{
"status": "affected",
"version": "19.2.1"
},
{
"status": "affected",
"version": "18.4.4"
},
{
"status": "affected",
"version": "18.4.5"
},
{
"status": "affected",
"version": "20.1.1.1"
},
{
"status": "affected",
"version": "20.1.1"
},
{
"status": "affected",
"version": "19.3.0"
},
{
"status": "affected",
"version": "19.2.2"
},
{
"status": "affected",
"version": "19.2.099"
},
{
"status": "affected",
"version": "18.3.6"
},
{
"status": "affected",
"version": "18.3.7"
},
{
"status": "affected",
"version": "19.2.0"
},
{
"status": "affected",
"version": "18.3.8"
},
{
"status": "affected",
"version": "19.0.0"
},
{
"status": "affected",
"version": "19.1.0"
},
{
"status": "affected",
"version": "18.4.302"
},
{
"status": "affected",
"version": "18.4.303"
},
{
"status": "affected",
"version": "19.2.097"
},
{
"status": "affected",
"version": "19.2.098"
},
{
"status": "affected",
"version": "17.2.10"
},
{
"status": "affected",
"version": "18.3.6.1"
},
{
"status": "affected",
"version": "19.0.1a"
},
{
"status": "affected",
"version": "18.2.0"
},
{
"status": "affected",
"version": "18.4.3"
},
{
"status": "affected",
"version": "18.4.1"
},
{
"status": "affected",
"version": "17.2.8"
},
{
"status": "affected",
"version": "18.3.3.1"
},
{
"status": "affected",
"version": "18.4.0"
},
{
"status": "affected",
"version": "18.3.1"
},
{
"status": "affected",
"version": "17.2.6"
},
{
"status": "affected",
"version": "17.2.9"
},
{
"status": "affected",
"version": "18.3.4"
},
{
"status": "affected",
"version": "17.2.5"
},
{
"status": "affected",
"version": "18.3.1.1"
},
{
"status": "affected",
"version": "18.3.5"
},
{
"status": "affected",
"version": "18.4.0.1"
},
{
"status": "affected",
"version": "18.3.3"
},
{
"status": "affected",
"version": "17.2.7"
},
{
"status": "affected",
"version": "17.2.4"
},
{
"status": "affected",
"version": "18.3.0"
},
{
"status": "affected",
"version": "19.2.3"
},
{
"status": "affected",
"version": "18.4.501_ES"
},
{
"status": "affected",
"version": "20.3.1"
},
{
"status": "affected",
"version": "20.1.2"
},
{
"status": "affected",
"version": "19.2.929"
},
{
"status": "affected",
"version": "19.2.31"
},
{
"status": "affected",
"version": "20.3.2"
},
{
"status": "affected",
"version": "19.2.32"
},
{
"status": "affected",
"version": "20.3.2_925"
},
{
"status": "affected",
"version": "20.3.2.1"
},
{
"status": "affected",
"version": "20.3.2.1_927"
},
{
"status": "affected",
"version": "18.4.6"
},
{
"status": "affected",
"version": "20.1.2_937"
},
{
"status": "affected",
"version": "20.4.1"
},
{
"status": "affected",
"version": "20.3.2_928"
},
{
"status": "affected",
"version": "20.3.2_929"
},
{
"status": "affected",
"version": "20.4.1.0.1"
},
{
"status": "affected",
"version": "20.3.2.1_930"
},
{
"status": "affected",
"version": "19.2.4"
},
{
"status": "affected",
"version": "20.5.0.1.1"
},
{
"status": "affected",
"version": "20.4.1.1"
},
{
"status": "affected",
"version": "20.3.3"
},
{
"status": "affected",
"version": "19.2.4.0.1"
},
{
"status": "affected",
"version": "20.3.2_937"
},
{
"status": "affected",
"version": "20.3.3.1"
},
{
"status": "affected",
"version": "20.5.1"
},
{
"status": "affected",
"version": "20.1.3"
},
{
"status": "affected",
"version": "20.3.3.0.4"
},
{
"status": "affected",
"version": "20.3.3.1.2"
},
{
"status": "affected",
"version": "20.3.3.1.1"
},
{
"status": "affected",
"version": "20.4.1.2"
},
{
"status": "affected",
"version": "20.3.3.0.2"
},
{
"status": "affected",
"version": "20.4.1.1.5"
},
{
"status": "affected",
"version": "20.4.1.0.01"
},
{
"status": "affected",
"version": "20.4.1.0.02"
},
{
"status": "affected",
"version": "20.3.3.1.7"
},
{
"status": "affected",
"version": "20.3.3.1.5"
},
{
"status": "affected",
"version": "20.5.1.0.1"
},
{
"status": "affected",
"version": "20.3.3.1.10"
},
{
"status": "affected",
"version": "20.3.3.0.8"
},
{
"status": "affected",
"version": "20.4.2"
},
{
"status": "affected",
"version": "20.4.2.0.1"
},
{
"status": "affected",
"version": "20.3.4"
},
{
"status": "affected",
"version": "20.3.3.0.14"
},
{
"status": "affected",
"version": "19.2.4.0.8"
},
{
"status": "affected",
"version": "19.2.4.0.9"
},
{
"status": "affected",
"version": "20.3.4.0.1"
},
{
"status": "affected",
"version": "20.3.2.0.5"
},
{
"status": "affected",
"version": "20.6.1"
},
{
"status": "affected",
"version": "20.5.1.0.2"
},
{
"status": "affected",
"version": "20.3.3.0.17"
},
{
"status": "affected",
"version": "20.6.1.1"
},
{
"status": "affected",
"version": "20.6.0.18.3"
},
{
"status": "affected",
"version": "20.3.2.0.6"
},
{
"status": "affected",
"version": "20.6.0.18.4"
},
{
"status": "affected",
"version": "20.4.2.0.2"
},
{
"status": "affected",
"version": "20.3.3.0.16"
},
{
"status": "affected",
"version": "20.3.4.0.5"
},
{
"status": "affected",
"version": "20.6.1.0.1"
},
{
"status": "affected",
"version": "20.3.4.0.6"
},
{
"status": "affected",
"version": "20.6.2"
},
{
"status": "affected",
"version": "20.7.1EFT2"
},
{
"status": "affected",
"version": "20.3.4.0.9"
},
{
"status": "affected",
"version": "20.3.4.0.11"
},
{
"status": "affected",
"version": "20.4.2.0.4"
},
{
"status": "affected",
"version": "20.3.3.0.18"
},
{
"status": "affected",
"version": "20.7.1"
},
{
"status": "affected",
"version": "20.6.2.1"
},
{
"status": "affected",
"version": "20.3.4.1"
},
{
"status": "affected",
"version": "20.5.1.1"
},
{
"status": "affected",
"version": "20.4.2.1"
},
{
"status": "affected",
"version": "20.4.2.1.1"
},
{
"status": "affected",
"version": "20.3.4.1.1"
},
{
"status": "affected",
"version": "20.3.813"
},
{
"status": "affected",
"version": "20.3.4.0.19"
},
{
"status": "affected",
"version": "20.4.2.2.1"
},
{
"status": "affected",
"version": "20.5.1.2"
},
{
"status": "affected",
"version": "20.3.4.2"
},
{
"status": "affected",
"version": "20.3.814"
},
{
"status": "affected",
"version": "20.4.2.2"
},
{
"status": "affected",
"version": "20.6.2.2"
},
{
"status": "affected",
"version": "20.3.4.2.1"
},
{
"status": "affected",
"version": "20.7.1.1"
},
{
"status": "affected",
"version": "20.3.4.1.2"
},
{
"status": "affected",
"version": "20.6.2.2.2"
},
{
"status": "affected",
"version": "20.3.4.0.20"
},
{
"status": "affected",
"version": "20.6.2.2.3"
},
{
"status": "affected",
"version": "20.4.2.2.2"
},
{
"status": "affected",
"version": "20.3.5"
},
{
"status": "affected",
"version": "20.6.2.0.4"
},
{
"status": "affected",
"version": "20.4.2.2.3"
},
{
"status": "affected",
"version": "20.3.4.0.24"
},
{
"status": "affected",
"version": "20.6.2.2.7"
},
{
"status": "affected",
"version": "20.6.3"
},
{
"status": "affected",
"version": "20.3.4.2.2"
},
{
"status": "affected",
"version": "20.4.2.2.4"
},
{
"status": "affected",
"version": "20.7.1.0.2"
},
{
"status": "affected",
"version": "20.8.1"
},
{
"status": "affected",
"version": "20.3.5.0.8"
},
{
"status": "affected",
"version": "20.3.5.0.9"
},
{
"status": "affected",
"version": "20.4.2.2.8"
},
{
"status": "affected",
"version": "20.3.5.0.7"
},
{
"status": "affected",
"version": "20.6.3.0.7"
},
{
"status": "affected",
"version": "20.6.3.0.5"
},
{
"status": "affected",
"version": "20.6.3.0.10"
},
{
"status": "affected",
"version": "20.6.3.0.2"
},
{
"status": "affected",
"version": "20.7.2"
},
{
"status": "affected",
"version": "20.9.1EFT2"
},
{
"status": "affected",
"version": "20.6.3.0.11"
},
{
"status": "affected",
"version": "20.6.3.1"
},
{
"status": "affected",
"version": "20.6.3.0.14"
},
{
"status": "affected",
"version": "20.6.4"
},
{
"status": "affected",
"version": "20.9.1"
},
{
"status": "affected",
"version": "20.6.3.0.19"
},
{
"status": "affected",
"version": "20.6.3.0.18"
},
{
"status": "affected",
"version": "20.3.6"
},
{
"status": "affected",
"version": "20.9.1.1"
},
{
"status": "affected",
"version": "20.6.3.0.23"
},
{
"status": "affected",
"version": "20.6.4.0.4"
},
{
"status": "affected",
"version": "20.6.3.0.25"
},
{
"status": "affected",
"version": "20.6.5"
},
{
"status": "affected",
"version": "20.6.3.0.27"
},
{
"status": "affected",
"version": "20.9.2"
},
{
"status": "affected",
"version": "20.9.2.1"
},
{
"status": "affected",
"version": "20.6.3.0.29"
},
{
"status": "affected",
"version": "20.6.3.0.31"
},
{
"status": "affected",
"version": "20.6.3.0.32"
},
{
"status": "affected",
"version": "20.10.1"
},
{
"status": "affected",
"version": "20.6.3.0.33"
},
{
"status": "affected",
"version": "20.9.2.0.01"
},
{
"status": "affected",
"version": "20.9.1_LI_Images"
},
{
"status": "affected",
"version": "20.10.1_LI_Images"
},
{
"status": "affected",
"version": "20.9.2_LI_Images"
},
{
"status": "affected",
"version": "20.3.7"
},
{
"status": "affected",
"version": "20.9.3"
},
{
"status": "affected",
"version": "20.6.5.1"
},
{
"status": "affected",
"version": "20.11.1"
},
{
"status": "affected",
"version": "20.11.1_LI_Images"
},
{
"status": "affected",
"version": "20.9.3_LI_ Images"
},
{
"status": "affected",
"version": "20.6.3.1.1"
},
{
"status": "affected",
"version": "20.9.3.0.2"
},
{
"status": "affected",
"version": "20.6.5.1.2"
},
{
"status": "affected",
"version": "20.9.3.0.3"
},
{
"status": "affected",
"version": "20.4.2.3"
},
{
"status": "affected",
"version": "20.6.3.2"
},
{
"status": "affected",
"version": "20.6.4.1"
},
{
"status": "affected",
"version": "20.6.3.0.38"
},
{
"status": "affected",
"version": "20.6.3.0.39"
},
{
"status": "affected",
"version": "20.3.5.1"
},
{
"status": "affected",
"version": "20.3.4.3"
},
{
"status": "affected",
"version": "20.9.3.1"
},
{
"status": "affected",
"version": "20.3.3.2"
},
{
"status": "affected",
"version": "20.6.5.2"
},
{
"status": "affected",
"version": "20.3.7.1"
},
{
"status": "affected",
"version": "20.10.1.1"
},
{
"status": "affected",
"version": "20.6.5.2.1"
},
{
"status": "affected",
"version": "20.3.4.0.25"
},
{
"status": "affected",
"version": "20.6.2.2.4"
},
{
"status": "affected",
"version": "20.6.1.2"
},
{
"status": "affected",
"version": "20.11.1.1"
},
{
"status": "affected",
"version": "20.9.3.0.5"
},
{
"status": "affected",
"version": "20.3.4.0.26"
},
{
"status": "affected",
"version": "20.6.5.1.3"
},
{
"status": "affected",
"version": "20.6.3.0.40"
},
{
"status": "affected",
"version": "20.1.3.1"
},
{
"status": "affected",
"version": "20.9.2.2"
},
{
"status": "affected",
"version": "20.6.5.2.3"
},
{
"status": "affected",
"version": "20.6.5.1.4"
},
{
"status": "affected",
"version": "20.6.5.3"
},
{
"status": "affected",
"version": "20.6.3.0.41"
},
{
"status": "affected",
"version": "20.9.3.0.7"
},
{
"status": "affected",
"version": "20.6.5.1.5"
},
{
"status": "affected",
"version": "20.9.3.0.4"
},
{
"status": "affected",
"version": "20.6.4.0.19"
},
{
"status": "affected",
"version": "20.6.5.1.6"
},
{
"status": "affected",
"version": "20.9.3.0.8"
},
{
"status": "affected",
"version": "20.6.3.3"
},
{
"status": "affected",
"version": "20.3.7.2"
},
{
"status": "affected",
"version": "20.6.5.4"
},
{
"status": "affected",
"version": "20.6.5.1.7"
},
{
"status": "affected",
"version": "20.9.3.0.12"
},
{
"status": "affected",
"version": "20.6.4.2"
},
{
"status": "affected",
"version": "20.6.5.5"
},
{
"status": "affected",
"version": "20.9.3.2"
},
{
"status": "affected",
"version": "20.11.1.2"
},
{
"status": "affected",
"version": "20.6.3.4"
},
{
"status": "affected",
"version": "20.10.1.2"
},
{
"status": "affected",
"version": "20.6.5.1.9"
},
{
"status": "affected",
"version": "20.9.3.0.16"
},
{
"status": "affected",
"version": "20.6.3.0.45"
},
{
"status": "affected",
"version": "20.6.5.1.10"
},
{
"status": "affected",
"version": "20.9.3.0.17"
},
{
"status": "affected",
"version": "20.6.5.2.4"
},
{
"status": "affected",
"version": "20.6.4.0.21"
},
{
"status": "affected",
"version": "20.9.3.0.18"
},
{
"status": "affected",
"version": "20.6.3.0.46"
},
{
"status": "affected",
"version": "20.6.3.0.47"
},
{
"status": "affected",
"version": "20.9.2.3"
},
{
"status": "affected",
"version": "20.9.3.2_LI_Images"
},
{
"status": "affected",
"version": "20.9.3.0.21"
},
{
"status": "affected",
"version": "20.9.3.0.20"
},
{
"status": "affected",
"version": "20.9.4_LI_Images"
},
{
"status": "affected",
"version": "20.9.4"
},
{
"status": "affected",
"version": "20.6.5.1.11"
},
{
"status": "affected",
"version": "20.12.1"
},
{
"status": "affected",
"version": "20.12.1_LI_Images"
},
{
"status": "affected",
"version": "20.6.5.1.13"
},
{
"status": "affected",
"version": "20.9.3.0.23"
},
{
"status": "affected",
"version": "20.6.5.2.8"
},
{
"status": "affected",
"version": "20.9.4.1"
},
{
"status": "affected",
"version": "20.9.4.1_LI_Images"
},
{
"status": "affected",
"version": "20.9.3.0.25"
},
{
"status": "affected",
"version": "20.9.3.0.24"
},
{
"status": "affected",
"version": "20.6.5.1.14"
},
{
"status": "affected",
"version": "20.3.8"
},
{
"status": "affected",
"version": "20.6.6"
},
{
"status": "affected",
"version": "20.9.3.0.26"
},
{
"status": "affected",
"version": "20.6.3.0.51"
},
{
"status": "affected",
"version": "20.9.3.0.29"
},
{
"status": "affected",
"version": "20.12.2"
},
{
"status": "affected",
"version": "20.12.2_LI_Images"
},
{
"status": "affected",
"version": "20.6.6.0.1"
},
{
"status": "affected",
"version": "20.13.1_LI_Images"
},
{
"status": "affected",
"version": "20.9.4.0.4"
},
{
"status": "affected",
"version": "20.13.1"
},
{
"status": "affected",
"version": "20.9.4.1.1"
},
{
"status": "affected",
"version": "20.9.5"
},
{
"status": "affected",
"version": "20.9.5_LI_Images"
},
{
"status": "affected",
"version": "20.12.3_LI_Images"
},
{
"status": "affected",
"version": "20.12.3"
},
{
"status": "affected",
"version": "20.9.4.1.3"
},
{
"status": "affected",
"version": "20.6.7"
},
{
"status": "affected",
"version": "20.9.5.1"
},
{
"status": "affected",
"version": "20.9.5.1_LI_Images"
},
{
"status": "affected",
"version": "20.9.4.1.6"
},
{
"status": "affected",
"version": "20.14.1"
},
{
"status": "affected",
"version": "20.14.1_LI_Images"
},
{
"status": "affected",
"version": "20.9.5.2"
},
{
"status": "affected",
"version": "20.9.5.2.1"
},
{
"status": "affected",
"version": "20.9.5.2_LI_Images"
},
{
"status": "affected",
"version": "20.12.3.1"
},
{
"status": "affected",
"version": "20.12.4"
},
{
"status": "affected",
"version": "20.15.1_LI_Images"
},
{
"status": "affected",
"version": "20.15.1"
},
{
"status": "affected",
"version": "20.9.5.1.4"
},
{
"status": "affected",
"version": "20.9.5.2.7"
},
{
"status": "affected",
"version": "20.9.5.2.13"
},
{
"status": "affected",
"version": "20.9.6"
},
{
"status": "affected",
"version": "20.9.6_LI_Images"
},
{
"status": "affected",
"version": "20.9.5.2.14"
},
{
"status": "affected",
"version": "20.6.8"
},
{
"status": "affected",
"version": "20.12.4.0.03"
},
{
"status": "affected",
"version": "20.16.1"
},
{
"status": "affected",
"version": "20.16.1_LI_Images"
},
{
"status": "affected",
"version": "20.12.4_LI_Images"
},
{
"status": "affected",
"version": "20.9.5.2.16"
},
{
"status": "affected",
"version": "20.12.4.0.4"
},
{
"status": "affected",
"version": "20.12.401"
},
{
"status": "affected",
"version": "20.9.5.3"
},
{
"status": "affected",
"version": "20.9.5.3_LI_Images"
},
{
"status": "affected",
"version": "20.12.4.1_LI_Images"
},
{
"status": "affected",
"version": "20.12.4.1"
},
{
"status": "affected",
"version": "20.9.5.2.21"
},
{
"status": "affected",
"version": "20.9.6.0.3"
},
{
"status": "affected",
"version": "20.12.4.0.6"
},
{
"status": "affected",
"version": "20.15.2_LI_Images"
},
{
"status": "affected",
"version": "20.15.2"
},
{
"status": "affected",
"version": "20.12.4_Monthly_ES5"
},
{
"status": "affected",
"version": "20.12.5"
},
{
"status": "affected",
"version": "20.12.5_LI_Images"
},
{
"status": "affected",
"version": "20.9.7_LI _Images"
},
{
"status": "affected",
"version": "20.9.7"
},
{
"status": "affected",
"version": "20.15.3"
},
{
"status": "affected",
"version": "20.15.3_ LI _Images"
},
{
"status": "affected",
"version": "20.12.501"
},
{
"status": "affected",
"version": "20.12.5.1_LI_Images"
},
{
"status": "affected",
"version": "20.12.5.1"
},
{
"status": "affected",
"version": "20.12.5.2_LI_Images"
},
{
"status": "affected",
"version": "20.12.5.2"
},
{
"status": "affected",
"version": "20.15.3.1"
},
{
"status": "affected",
"version": "20.15.4_LI_Images"
},
{
"status": "affected",
"version": "20.15.4"
},
{
"status": "affected",
"version": "20.9.7.1_LI _Images"
},
{
"status": "affected",
"version": "20.9.7.1"
},
{
"status": "affected",
"version": "20.18.1"
},
{
"status": "affected",
"version": "20.18.1_LI_Images"
},
{
"status": "affected",
"version": "20.12.6_LI_Images"
},
{
"status": "affected",
"version": "20.12.6"
},
{
"status": "affected",
"version": "20.12.5.1.01"
},
{
"status": "affected",
"version": "20.9.8"
},
{
"status": "affected",
"version": "20.9.8_LI_Images"
},
{
"status": "affected",
"version": "20.18.2"
},
{
"status": "affected",
"version": "20.15.4.1_LI_Images"
},
{
"status": "affected",
"version": "20.15.4.1"
},
{
"status": "affected",
"version": "20.18.2_LI_Images"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the peering authentication in Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, and Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an unauthenticated, remote attacker to bypass authentication and obtain administrative privileges on an affected system.\r\n\r\nThis vulnerability exists because the peering authentication mechanism in an affected system is not working properly. An attacker could exploit this vulnerability by sending crafted requests to an affected system. A successful exploit could allow the attacker to log in to an affected Cisco Catalyst SD-WAN Controller as an internal, high-privileged, non-root\u0026nbsp;user account. Using this account, the attacker could access NETCONF, which would then allow the attacker to manipulate network configuration for the SD-WAN fabric.\u0026nbsp;"
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is aware of limited exploitation of this vulnerability. Cisco continues to strongly recommend that customers upgrade to a fixed software release to remediate this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "Improper Authentication",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-25T16:18:10.274Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-sdwan-rpa-EHchtZk",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-rpa-EHchtZk"
}
],
"source": {
"advisory": "cisco-sa-sdwan-rpa-EHchtZk",
"defects": [
"CSCws52722"
],
"discovery": "INTERNAL"
},
"title": "Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2026-20127",
"datePublished": "2026-02-25T16:14:20.137Z",
"dateReserved": "2025-10-08T11:59:15.379Z",
"dateUpdated": "2026-02-26T14:44:06.050Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-20122 (GCVE-0-2026-20122)
Vulnerability from cvelistv5 – Published: 2026-02-25 16:14 – Updated: 2026-03-20 21:47
VLAI?
EPSS
Title
Cisco Catalyst SD-WAN Manager Arbitrary File Overwrite Vulnerability
Summary
A vulnerability in the API of Cisco Catalyst SD-WAN Manager could allow an authenticated, remote attacker to overwrite arbitrary files on the local file system. To exploit this vulnerability, the attacker must have valid read-only credentials with API access on the affected system.
This vulnerability is due to improper file handling on the API interface of an affected system. An attacker could exploit this vulnerability by uploading a malicious file on the local file system. A successful exploit could allow the attacker to overwrite arbitrary files on the affected system and gain vmanage user privileges.
Severity ?
5.4 (Medium)
CWE
- CWE-648 - Incorrect Use of Privileged APIs
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Catalyst SD-WAN Manager |
Affected:
20.1.12
Affected: 19.2.1 Affected: 18.4.4 Affected: 18.4.5 Affected: 20.1.1.1 Affected: 20.1.1 Affected: 19.3.0 Affected: 19.2.2 Affected: 19.2.099 Affected: 18.3.6 Affected: 18.3.7 Affected: 19.2.0 Affected: 18.3.8 Affected: 19.0.0 Affected: 19.1.0 Affected: 18.4.302 Affected: 18.4.303 Affected: 19.2.097 Affected: 19.2.098 Affected: 17.2.10 Affected: 18.3.6.1 Affected: 19.0.1a Affected: 18.2.0 Affected: 18.4.3 Affected: 18.4.1 Affected: 17.2.8 Affected: 18.3.3.1 Affected: 18.4.0 Affected: 18.3.1 Affected: 17.2.6 Affected: 17.2.9 Affected: 18.3.4 Affected: 17.2.5 Affected: 18.3.1.1 Affected: 18.3.5 Affected: 18.4.0.1 Affected: 18.3.3 Affected: 17.2.7 Affected: 17.2.4 Affected: 18.3.0 Affected: 19.2.3 Affected: 18.4.501_ES Affected: 20.3.1 Affected: 20.1.2 Affected: 19.2.929 Affected: 19.2.31 Affected: 20.3.2 Affected: 19.2.32 Affected: 20.3.2_925 Affected: 20.3.2.1 Affected: 20.3.2.1_927 Affected: 18.4.6 Affected: 20.1.2_937 Affected: 20.4.1 Affected: 20.3.2_928 Affected: 20.3.2_929 Affected: 20.4.1.0.1 Affected: 20.3.2.1_930 Affected: 19.2.4 Affected: 20.5.0.1.1 Affected: 20.4.1.1 Affected: 20.3.3 Affected: 19.2.4.0.1 Affected: 20.3.2_937 Affected: 20.3.3.1 Affected: 20.5.1 Affected: 20.1.3 Affected: 20.3.3.0.4 Affected: 20.3.3.1.2 Affected: 20.3.3.1.1 Affected: 20.4.1.2 Affected: 20.3.3.0.2 Affected: 20.4.1.1.5 Affected: 20.4.1.0.01 Affected: 20.4.1.0.02 Affected: 20.3.3.1.7 Affected: 20.3.3.1.5 Affected: 20.5.1.0.1 Affected: 20.3.3.1.10 Affected: 20.3.3.0.8 Affected: 20.4.2 Affected: 20.4.2.0.1 Affected: 20.3.4 Affected: 20.3.3.0.14 Affected: 19.2.4.0.8 Affected: 19.2.4.0.9 Affected: 20.3.4.0.1 Affected: 20.3.2.0.5 Affected: 20.6.1 Affected: 20.5.1.0.2 Affected: 20.3.3.0.17 Affected: 20.6.1.1 Affected: 20.6.0.18.3 Affected: 20.3.2.0.6 Affected: 20.6.0.18.4 Affected: 20.4.2.0.2 Affected: 20.3.3.0.16 Affected: 20.3.4.0.5 Affected: 20.6.1.0.1 Affected: 20.3.4.0.6 Affected: 20.6.2 Affected: 20.7.1EFT2 Affected: 20.3.4.0.9 Affected: 20.3.4.0.11 Affected: 20.4.2.0.4 Affected: 20.3.3.0.18 Affected: 20.7.1 Affected: 20.6.2.1 Affected: 20.3.4.1 Affected: 20.5.1.1 Affected: 20.4.2.1 Affected: 20.4.2.1.1 Affected: 20.3.4.1.1 Affected: 20.3.813 Affected: 20.3.4.0.19 Affected: 20.4.2.2.1 Affected: 20.5.1.2 Affected: 20.3.4.2 Affected: 20.3.814 Affected: 20.4.2.2 Affected: 20.6.2.2 Affected: 20.3.4.2.1 Affected: 20.7.1.1 Affected: 20.3.4.1.2 Affected: 20.6.2.2.2 Affected: 20.3.4.0.20 Affected: 20.6.2.2.3 Affected: 20.4.2.2.2 Affected: 20.3.5 Affected: 20.6.2.0.4 Affected: 20.4.2.2.3 Affected: 20.3.4.0.24 Affected: 20.6.2.2.7 Affected: 20.6.3 Affected: 20.3.4.2.2 Affected: 20.4.2.2.4 Affected: 20.7.1.0.2 Affected: 20.8.1 Affected: 20.3.5.0.8 Affected: 20.3.5.0.9 Affected: 20.4.2.2.8 Affected: 20.3.5.0.7 Affected: 20.6.3.0.7 Affected: 20.6.3.0.5 Affected: 20.6.3.0.10 Affected: 20.6.3.0.2 Affected: 20.7.2 Affected: 20.9.1EFT2 Affected: 20.6.3.0.11 Affected: 20.6.3.1 Affected: 20.6.3.0.14 Affected: 20.6.4 Affected: 20.9.1 Affected: 20.6.3.0.19 Affected: 20.6.3.0.18 Affected: 20.3.6 Affected: 20.9.1.1 Affected: 20.6.3.0.23 Affected: 20.6.4.0.4 Affected: 20.6.3.0.25 Affected: 20.6.5 Affected: 20.6.3.0.27 Affected: 20.9.2 Affected: 20.9.2.1 Affected: 20.6.3.0.29 Affected: 20.6.3.0.31 Affected: 20.6.3.0.32 Affected: 20.10.1 Affected: 20.6.3.0.33 Affected: 20.9.2.0.01 Affected: 20.9.1_LI_Images Affected: 20.10.1_LI_Images Affected: 20.9.2_LI_Images Affected: 20.3.7 Affected: 20.9.3 Affected: 20.6.5.1 Affected: 20.11.1 Affected: 20.11.1_LI_Images Affected: 20.9.3_LI_ Images Affected: 20.6.3.1.1 Affected: 20.9.3.0.2 Affected: 20.6.5.1.2 Affected: 20.9.3.0.3 Affected: 20.4.2.3 Affected: 20.6.3.2 Affected: 20.6.4.1 Affected: 20.6.3.0.38 Affected: 20.6.3.0.39 Affected: 20.3.5.1 Affected: 20.3.4.3 Affected: 20.9.3.1 Affected: 20.3.3.2 Affected: 20.6.5.2 Affected: 20.3.7.1 Affected: 20.10.1.1 Affected: 20.6.5.2.1 Affected: 20.3.4.0.25 Affected: 20.6.2.2.4 Affected: 20.6.1.2 Affected: 20.11.1.1 Affected: 20.9.3.0.5 Affected: 20.3.4.0.26 Affected: 20.6.5.1.3 Affected: 20.6.3.0.40 Affected: 20.1.3.1 Affected: 20.9.2.2 Affected: 20.6.5.2.3 Affected: 20.6.5.1.4 Affected: 20.6.5.3 Affected: 20.6.3.0.41 Affected: 20.9.3.0.7 Affected: 20.6.5.1.5 Affected: 20.9.3.0.4 Affected: 20.6.4.0.19 Affected: 20.6.5.1.6 Affected: 20.9.3.0.8 Affected: 20.6.3.3 Affected: 20.3.7.2 Affected: 20.6.5.4 Affected: 20.6.5.1.7 Affected: 20.9.3.0.12 Affected: 20.6.4.2 Affected: 20.6.5.5 Affected: 20.9.3.2 Affected: 20.11.1.2 Affected: 20.6.3.4 Affected: 20.10.1.2 Affected: 20.6.5.1.9 Affected: 20.9.3.0.16 Affected: 20.6.3.0.45 Affected: 20.6.5.1.10 Affected: 20.9.3.0.17 Affected: 20.6.5.2.4 Affected: 20.6.4.0.21 Affected: 20.9.3.0.18 Affected: 20.6.3.0.46 Affected: 20.6.3.0.47 Affected: 20.9.2.3 Affected: 20.9.3.2_LI_Images Affected: 20.9.3.0.21 Affected: 20.9.3.0.20 Affected: 20.9.4_LI_Images Affected: 20.9.4 Affected: 20.6.5.1.11 Affected: 20.12.1 Affected: 20.12.1_LI_Images Affected: 20.6.5.1.13 Affected: 20.9.3.0.23 Affected: 20.6.5.2.8 Affected: 20.9.4.1 Affected: 20.9.4.1_LI_Images Affected: 20.9.3.0.25 Affected: 20.9.3.0.24 Affected: 20.6.5.1.14 Affected: 20.3.8 Affected: 20.6.6 Affected: 20.9.3.0.26 Affected: 20.6.3.0.51 Affected: 20.9.3.0.29 Affected: 20.12.2 Affected: 20.12.2_LI_Images Affected: 20.6.6.0.1 Affected: 20.13.1_LI_Images Affected: 20.9.4.0.4 Affected: 20.13.1 Affected: 20.9.4.1.1 Affected: 20.9.5 Affected: 20.9.5_LI_Images Affected: 20.12.3_LI_Images Affected: 20.12.3 Affected: 20.9.4.1.3 Affected: 20.6.7 Affected: 20.9.5.1 Affected: 20.9.5.1_LI_Images Affected: 20.9.4.1.6 Affected: 20.14.1 Affected: 20.14.1_LI_Images Affected: 20.9.5.2 Affected: 20.9.5.2.1 Affected: 20.9.5.2_LI_Images Affected: 20.12.3.1 Affected: 20.12.4 Affected: 20.15.1_LI_Images Affected: 20.15.1 Affected: 20.9.5.1.4 Affected: 20.9.5.2.7 Affected: 20.9.5.2.13 Affected: 20.9.6 Affected: 20.9.6_LI_Images Affected: 20.9.5.2.14 Affected: 20.6.8 Affected: 20.12.4.0.03 Affected: 20.16.1 Affected: 20.16.1_LI_Images Affected: 20.12.4_LI_Images Affected: 20.9.5.2.16 Affected: 20.12.4.0.4 Affected: 20.12.401 Affected: 20.9.5.3 Affected: 20.9.5.3_LI_Images Affected: 20.12.4.1_LI_Images Affected: 20.12.4.1 Affected: 20.9.5.2.21 Affected: 20.9.6.0.3 Affected: 20.12.4.0.6 Affected: 20.15.2_LI_Images Affected: 20.15.2 Affected: 20.12.4_Monthly_ES5 Affected: 20.12.5 Affected: 20.12.5_LI_Images Affected: 20.9.7_LI _Images Affected: 20.9.7 Affected: 20.15.3 Affected: 20.15.3_ LI _Images Affected: 20.12.501 Affected: 20.12.5.1_LI_Images Affected: 20.12.5.1 Affected: 20.12.5.2_LI_Images Affected: 20.12.5.2 Affected: 20.15.3.1 Affected: 20.15.4_LI_Images Affected: 20.15.4 Affected: 20.9.7.1_LI _Images Affected: 20.9.7.1 Affected: 20.18.1 Affected: 20.18.1_LI_Images Affected: 20.12.6_LI_Images Affected: 20.12.6 Affected: 20.12.5.1.01 Affected: 20.9.8 Affected: 20.9.8_LI_Images Affected: 20.18.2 Affected: 20.15.4.1_LI_Images Affected: 20.15.4.1 Affected: 20.18.2_LI_Images |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-20122",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-06T05:01:17.292143Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-09T13:50:12.729Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco Catalyst SD-WAN Manager",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "20.1.12"
},
{
"status": "affected",
"version": "19.2.1"
},
{
"status": "affected",
"version": "18.4.4"
},
{
"status": "affected",
"version": "18.4.5"
},
{
"status": "affected",
"version": "20.1.1.1"
},
{
"status": "affected",
"version": "20.1.1"
},
{
"status": "affected",
"version": "19.3.0"
},
{
"status": "affected",
"version": "19.2.2"
},
{
"status": "affected",
"version": "19.2.099"
},
{
"status": "affected",
"version": "18.3.6"
},
{
"status": "affected",
"version": "18.3.7"
},
{
"status": "affected",
"version": "19.2.0"
},
{
"status": "affected",
"version": "18.3.8"
},
{
"status": "affected",
"version": "19.0.0"
},
{
"status": "affected",
"version": "19.1.0"
},
{
"status": "affected",
"version": "18.4.302"
},
{
"status": "affected",
"version": "18.4.303"
},
{
"status": "affected",
"version": "19.2.097"
},
{
"status": "affected",
"version": "19.2.098"
},
{
"status": "affected",
"version": "17.2.10"
},
{
"status": "affected",
"version": "18.3.6.1"
},
{
"status": "affected",
"version": "19.0.1a"
},
{
"status": "affected",
"version": "18.2.0"
},
{
"status": "affected",
"version": "18.4.3"
},
{
"status": "affected",
"version": "18.4.1"
},
{
"status": "affected",
"version": "17.2.8"
},
{
"status": "affected",
"version": "18.3.3.1"
},
{
"status": "affected",
"version": "18.4.0"
},
{
"status": "affected",
"version": "18.3.1"
},
{
"status": "affected",
"version": "17.2.6"
},
{
"status": "affected",
"version": "17.2.9"
},
{
"status": "affected",
"version": "18.3.4"
},
{
"status": "affected",
"version": "17.2.5"
},
{
"status": "affected",
"version": "18.3.1.1"
},
{
"status": "affected",
"version": "18.3.5"
},
{
"status": "affected",
"version": "18.4.0.1"
},
{
"status": "affected",
"version": "18.3.3"
},
{
"status": "affected",
"version": "17.2.7"
},
{
"status": "affected",
"version": "17.2.4"
},
{
"status": "affected",
"version": "18.3.0"
},
{
"status": "affected",
"version": "19.2.3"
},
{
"status": "affected",
"version": "18.4.501_ES"
},
{
"status": "affected",
"version": "20.3.1"
},
{
"status": "affected",
"version": "20.1.2"
},
{
"status": "affected",
"version": "19.2.929"
},
{
"status": "affected",
"version": "19.2.31"
},
{
"status": "affected",
"version": "20.3.2"
},
{
"status": "affected",
"version": "19.2.32"
},
{
"status": "affected",
"version": "20.3.2_925"
},
{
"status": "affected",
"version": "20.3.2.1"
},
{
"status": "affected",
"version": "20.3.2.1_927"
},
{
"status": "affected",
"version": "18.4.6"
},
{
"status": "affected",
"version": "20.1.2_937"
},
{
"status": "affected",
"version": "20.4.1"
},
{
"status": "affected",
"version": "20.3.2_928"
},
{
"status": "affected",
"version": "20.3.2_929"
},
{
"status": "affected",
"version": "20.4.1.0.1"
},
{
"status": "affected",
"version": "20.3.2.1_930"
},
{
"status": "affected",
"version": "19.2.4"
},
{
"status": "affected",
"version": "20.5.0.1.1"
},
{
"status": "affected",
"version": "20.4.1.1"
},
{
"status": "affected",
"version": "20.3.3"
},
{
"status": "affected",
"version": "19.2.4.0.1"
},
{
"status": "affected",
"version": "20.3.2_937"
},
{
"status": "affected",
"version": "20.3.3.1"
},
{
"status": "affected",
"version": "20.5.1"
},
{
"status": "affected",
"version": "20.1.3"
},
{
"status": "affected",
"version": "20.3.3.0.4"
},
{
"status": "affected",
"version": "20.3.3.1.2"
},
{
"status": "affected",
"version": "20.3.3.1.1"
},
{
"status": "affected",
"version": "20.4.1.2"
},
{
"status": "affected",
"version": "20.3.3.0.2"
},
{
"status": "affected",
"version": "20.4.1.1.5"
},
{
"status": "affected",
"version": "20.4.1.0.01"
},
{
"status": "affected",
"version": "20.4.1.0.02"
},
{
"status": "affected",
"version": "20.3.3.1.7"
},
{
"status": "affected",
"version": "20.3.3.1.5"
},
{
"status": "affected",
"version": "20.5.1.0.1"
},
{
"status": "affected",
"version": "20.3.3.1.10"
},
{
"status": "affected",
"version": "20.3.3.0.8"
},
{
"status": "affected",
"version": "20.4.2"
},
{
"status": "affected",
"version": "20.4.2.0.1"
},
{
"status": "affected",
"version": "20.3.4"
},
{
"status": "affected",
"version": "20.3.3.0.14"
},
{
"status": "affected",
"version": "19.2.4.0.8"
},
{
"status": "affected",
"version": "19.2.4.0.9"
},
{
"status": "affected",
"version": "20.3.4.0.1"
},
{
"status": "affected",
"version": "20.3.2.0.5"
},
{
"status": "affected",
"version": "20.6.1"
},
{
"status": "affected",
"version": "20.5.1.0.2"
},
{
"status": "affected",
"version": "20.3.3.0.17"
},
{
"status": "affected",
"version": "20.6.1.1"
},
{
"status": "affected",
"version": "20.6.0.18.3"
},
{
"status": "affected",
"version": "20.3.2.0.6"
},
{
"status": "affected",
"version": "20.6.0.18.4"
},
{
"status": "affected",
"version": "20.4.2.0.2"
},
{
"status": "affected",
"version": "20.3.3.0.16"
},
{
"status": "affected",
"version": "20.3.4.0.5"
},
{
"status": "affected",
"version": "20.6.1.0.1"
},
{
"status": "affected",
"version": "20.3.4.0.6"
},
{
"status": "affected",
"version": "20.6.2"
},
{
"status": "affected",
"version": "20.7.1EFT2"
},
{
"status": "affected",
"version": "20.3.4.0.9"
},
{
"status": "affected",
"version": "20.3.4.0.11"
},
{
"status": "affected",
"version": "20.4.2.0.4"
},
{
"status": "affected",
"version": "20.3.3.0.18"
},
{
"status": "affected",
"version": "20.7.1"
},
{
"status": "affected",
"version": "20.6.2.1"
},
{
"status": "affected",
"version": "20.3.4.1"
},
{
"status": "affected",
"version": "20.5.1.1"
},
{
"status": "affected",
"version": "20.4.2.1"
},
{
"status": "affected",
"version": "20.4.2.1.1"
},
{
"status": "affected",
"version": "20.3.4.1.1"
},
{
"status": "affected",
"version": "20.3.813"
},
{
"status": "affected",
"version": "20.3.4.0.19"
},
{
"status": "affected",
"version": "20.4.2.2.1"
},
{
"status": "affected",
"version": "20.5.1.2"
},
{
"status": "affected",
"version": "20.3.4.2"
},
{
"status": "affected",
"version": "20.3.814"
},
{
"status": "affected",
"version": "20.4.2.2"
},
{
"status": "affected",
"version": "20.6.2.2"
},
{
"status": "affected",
"version": "20.3.4.2.1"
},
{
"status": "affected",
"version": "20.7.1.1"
},
{
"status": "affected",
"version": "20.3.4.1.2"
},
{
"status": "affected",
"version": "20.6.2.2.2"
},
{
"status": "affected",
"version": "20.3.4.0.20"
},
{
"status": "affected",
"version": "20.6.2.2.3"
},
{
"status": "affected",
"version": "20.4.2.2.2"
},
{
"status": "affected",
"version": "20.3.5"
},
{
"status": "affected",
"version": "20.6.2.0.4"
},
{
"status": "affected",
"version": "20.4.2.2.3"
},
{
"status": "affected",
"version": "20.3.4.0.24"
},
{
"status": "affected",
"version": "20.6.2.2.7"
},
{
"status": "affected",
"version": "20.6.3"
},
{
"status": "affected",
"version": "20.3.4.2.2"
},
{
"status": "affected",
"version": "20.4.2.2.4"
},
{
"status": "affected",
"version": "20.7.1.0.2"
},
{
"status": "affected",
"version": "20.8.1"
},
{
"status": "affected",
"version": "20.3.5.0.8"
},
{
"status": "affected",
"version": "20.3.5.0.9"
},
{
"status": "affected",
"version": "20.4.2.2.8"
},
{
"status": "affected",
"version": "20.3.5.0.7"
},
{
"status": "affected",
"version": "20.6.3.0.7"
},
{
"status": "affected",
"version": "20.6.3.0.5"
},
{
"status": "affected",
"version": "20.6.3.0.10"
},
{
"status": "affected",
"version": "20.6.3.0.2"
},
{
"status": "affected",
"version": "20.7.2"
},
{
"status": "affected",
"version": "20.9.1EFT2"
},
{
"status": "affected",
"version": "20.6.3.0.11"
},
{
"status": "affected",
"version": "20.6.3.1"
},
{
"status": "affected",
"version": "20.6.3.0.14"
},
{
"status": "affected",
"version": "20.6.4"
},
{
"status": "affected",
"version": "20.9.1"
},
{
"status": "affected",
"version": "20.6.3.0.19"
},
{
"status": "affected",
"version": "20.6.3.0.18"
},
{
"status": "affected",
"version": "20.3.6"
},
{
"status": "affected",
"version": "20.9.1.1"
},
{
"status": "affected",
"version": "20.6.3.0.23"
},
{
"status": "affected",
"version": "20.6.4.0.4"
},
{
"status": "affected",
"version": "20.6.3.0.25"
},
{
"status": "affected",
"version": "20.6.5"
},
{
"status": "affected",
"version": "20.6.3.0.27"
},
{
"status": "affected",
"version": "20.9.2"
},
{
"status": "affected",
"version": "20.9.2.1"
},
{
"status": "affected",
"version": "20.6.3.0.29"
},
{
"status": "affected",
"version": "20.6.3.0.31"
},
{
"status": "affected",
"version": "20.6.3.0.32"
},
{
"status": "affected",
"version": "20.10.1"
},
{
"status": "affected",
"version": "20.6.3.0.33"
},
{
"status": "affected",
"version": "20.9.2.0.01"
},
{
"status": "affected",
"version": "20.9.1_LI_Images"
},
{
"status": "affected",
"version": "20.10.1_LI_Images"
},
{
"status": "affected",
"version": "20.9.2_LI_Images"
},
{
"status": "affected",
"version": "20.3.7"
},
{
"status": "affected",
"version": "20.9.3"
},
{
"status": "affected",
"version": "20.6.5.1"
},
{
"status": "affected",
"version": "20.11.1"
},
{
"status": "affected",
"version": "20.11.1_LI_Images"
},
{
"status": "affected",
"version": "20.9.3_LI_ Images"
},
{
"status": "affected",
"version": "20.6.3.1.1"
},
{
"status": "affected",
"version": "20.9.3.0.2"
},
{
"status": "affected",
"version": "20.6.5.1.2"
},
{
"status": "affected",
"version": "20.9.3.0.3"
},
{
"status": "affected",
"version": "20.4.2.3"
},
{
"status": "affected",
"version": "20.6.3.2"
},
{
"status": "affected",
"version": "20.6.4.1"
},
{
"status": "affected",
"version": "20.6.3.0.38"
},
{
"status": "affected",
"version": "20.6.3.0.39"
},
{
"status": "affected",
"version": "20.3.5.1"
},
{
"status": "affected",
"version": "20.3.4.3"
},
{
"status": "affected",
"version": "20.9.3.1"
},
{
"status": "affected",
"version": "20.3.3.2"
},
{
"status": "affected",
"version": "20.6.5.2"
},
{
"status": "affected",
"version": "20.3.7.1"
},
{
"status": "affected",
"version": "20.10.1.1"
},
{
"status": "affected",
"version": "20.6.5.2.1"
},
{
"status": "affected",
"version": "20.3.4.0.25"
},
{
"status": "affected",
"version": "20.6.2.2.4"
},
{
"status": "affected",
"version": "20.6.1.2"
},
{
"status": "affected",
"version": "20.11.1.1"
},
{
"status": "affected",
"version": "20.9.3.0.5"
},
{
"status": "affected",
"version": "20.3.4.0.26"
},
{
"status": "affected",
"version": "20.6.5.1.3"
},
{
"status": "affected",
"version": "20.6.3.0.40"
},
{
"status": "affected",
"version": "20.1.3.1"
},
{
"status": "affected",
"version": "20.9.2.2"
},
{
"status": "affected",
"version": "20.6.5.2.3"
},
{
"status": "affected",
"version": "20.6.5.1.4"
},
{
"status": "affected",
"version": "20.6.5.3"
},
{
"status": "affected",
"version": "20.6.3.0.41"
},
{
"status": "affected",
"version": "20.9.3.0.7"
},
{
"status": "affected",
"version": "20.6.5.1.5"
},
{
"status": "affected",
"version": "20.9.3.0.4"
},
{
"status": "affected",
"version": "20.6.4.0.19"
},
{
"status": "affected",
"version": "20.6.5.1.6"
},
{
"status": "affected",
"version": "20.9.3.0.8"
},
{
"status": "affected",
"version": "20.6.3.3"
},
{
"status": "affected",
"version": "20.3.7.2"
},
{
"status": "affected",
"version": "20.6.5.4"
},
{
"status": "affected",
"version": "20.6.5.1.7"
},
{
"status": "affected",
"version": "20.9.3.0.12"
},
{
"status": "affected",
"version": "20.6.4.2"
},
{
"status": "affected",
"version": "20.6.5.5"
},
{
"status": "affected",
"version": "20.9.3.2"
},
{
"status": "affected",
"version": "20.11.1.2"
},
{
"status": "affected",
"version": "20.6.3.4"
},
{
"status": "affected",
"version": "20.10.1.2"
},
{
"status": "affected",
"version": "20.6.5.1.9"
},
{
"status": "affected",
"version": "20.9.3.0.16"
},
{
"status": "affected",
"version": "20.6.3.0.45"
},
{
"status": "affected",
"version": "20.6.5.1.10"
},
{
"status": "affected",
"version": "20.9.3.0.17"
},
{
"status": "affected",
"version": "20.6.5.2.4"
},
{
"status": "affected",
"version": "20.6.4.0.21"
},
{
"status": "affected",
"version": "20.9.3.0.18"
},
{
"status": "affected",
"version": "20.6.3.0.46"
},
{
"status": "affected",
"version": "20.6.3.0.47"
},
{
"status": "affected",
"version": "20.9.2.3"
},
{
"status": "affected",
"version": "20.9.3.2_LI_Images"
},
{
"status": "affected",
"version": "20.9.3.0.21"
},
{
"status": "affected",
"version": "20.9.3.0.20"
},
{
"status": "affected",
"version": "20.9.4_LI_Images"
},
{
"status": "affected",
"version": "20.9.4"
},
{
"status": "affected",
"version": "20.6.5.1.11"
},
{
"status": "affected",
"version": "20.12.1"
},
{
"status": "affected",
"version": "20.12.1_LI_Images"
},
{
"status": "affected",
"version": "20.6.5.1.13"
},
{
"status": "affected",
"version": "20.9.3.0.23"
},
{
"status": "affected",
"version": "20.6.5.2.8"
},
{
"status": "affected",
"version": "20.9.4.1"
},
{
"status": "affected",
"version": "20.9.4.1_LI_Images"
},
{
"status": "affected",
"version": "20.9.3.0.25"
},
{
"status": "affected",
"version": "20.9.3.0.24"
},
{
"status": "affected",
"version": "20.6.5.1.14"
},
{
"status": "affected",
"version": "20.3.8"
},
{
"status": "affected",
"version": "20.6.6"
},
{
"status": "affected",
"version": "20.9.3.0.26"
},
{
"status": "affected",
"version": "20.6.3.0.51"
},
{
"status": "affected",
"version": "20.9.3.0.29"
},
{
"status": "affected",
"version": "20.12.2"
},
{
"status": "affected",
"version": "20.12.2_LI_Images"
},
{
"status": "affected",
"version": "20.6.6.0.1"
},
{
"status": "affected",
"version": "20.13.1_LI_Images"
},
{
"status": "affected",
"version": "20.9.4.0.4"
},
{
"status": "affected",
"version": "20.13.1"
},
{
"status": "affected",
"version": "20.9.4.1.1"
},
{
"status": "affected",
"version": "20.9.5"
},
{
"status": "affected",
"version": "20.9.5_LI_Images"
},
{
"status": "affected",
"version": "20.12.3_LI_Images"
},
{
"status": "affected",
"version": "20.12.3"
},
{
"status": "affected",
"version": "20.9.4.1.3"
},
{
"status": "affected",
"version": "20.6.7"
},
{
"status": "affected",
"version": "20.9.5.1"
},
{
"status": "affected",
"version": "20.9.5.1_LI_Images"
},
{
"status": "affected",
"version": "20.9.4.1.6"
},
{
"status": "affected",
"version": "20.14.1"
},
{
"status": "affected",
"version": "20.14.1_LI_Images"
},
{
"status": "affected",
"version": "20.9.5.2"
},
{
"status": "affected",
"version": "20.9.5.2.1"
},
{
"status": "affected",
"version": "20.9.5.2_LI_Images"
},
{
"status": "affected",
"version": "20.12.3.1"
},
{
"status": "affected",
"version": "20.12.4"
},
{
"status": "affected",
"version": "20.15.1_LI_Images"
},
{
"status": "affected",
"version": "20.15.1"
},
{
"status": "affected",
"version": "20.9.5.1.4"
},
{
"status": "affected",
"version": "20.9.5.2.7"
},
{
"status": "affected",
"version": "20.9.5.2.13"
},
{
"status": "affected",
"version": "20.9.6"
},
{
"status": "affected",
"version": "20.9.6_LI_Images"
},
{
"status": "affected",
"version": "20.9.5.2.14"
},
{
"status": "affected",
"version": "20.6.8"
},
{
"status": "affected",
"version": "20.12.4.0.03"
},
{
"status": "affected",
"version": "20.16.1"
},
{
"status": "affected",
"version": "20.16.1_LI_Images"
},
{
"status": "affected",
"version": "20.12.4_LI_Images"
},
{
"status": "affected",
"version": "20.9.5.2.16"
},
{
"status": "affected",
"version": "20.12.4.0.4"
},
{
"status": "affected",
"version": "20.12.401"
},
{
"status": "affected",
"version": "20.9.5.3"
},
{
"status": "affected",
"version": "20.9.5.3_LI_Images"
},
{
"status": "affected",
"version": "20.12.4.1_LI_Images"
},
{
"status": "affected",
"version": "20.12.4.1"
},
{
"status": "affected",
"version": "20.9.5.2.21"
},
{
"status": "affected",
"version": "20.9.6.0.3"
},
{
"status": "affected",
"version": "20.12.4.0.6"
},
{
"status": "affected",
"version": "20.15.2_LI_Images"
},
{
"status": "affected",
"version": "20.15.2"
},
{
"status": "affected",
"version": "20.12.4_Monthly_ES5"
},
{
"status": "affected",
"version": "20.12.5"
},
{
"status": "affected",
"version": "20.12.5_LI_Images"
},
{
"status": "affected",
"version": "20.9.7_LI _Images"
},
{
"status": "affected",
"version": "20.9.7"
},
{
"status": "affected",
"version": "20.15.3"
},
{
"status": "affected",
"version": "20.15.3_ LI _Images"
},
{
"status": "affected",
"version": "20.12.501"
},
{
"status": "affected",
"version": "20.12.5.1_LI_Images"
},
{
"status": "affected",
"version": "20.12.5.1"
},
{
"status": "affected",
"version": "20.12.5.2_LI_Images"
},
{
"status": "affected",
"version": "20.12.5.2"
},
{
"status": "affected",
"version": "20.15.3.1"
},
{
"status": "affected",
"version": "20.15.4_LI_Images"
},
{
"status": "affected",
"version": "20.15.4"
},
{
"status": "affected",
"version": "20.9.7.1_LI _Images"
},
{
"status": "affected",
"version": "20.9.7.1"
},
{
"status": "affected",
"version": "20.18.1"
},
{
"status": "affected",
"version": "20.18.1_LI_Images"
},
{
"status": "affected",
"version": "20.12.6_LI_Images"
},
{
"status": "affected",
"version": "20.12.6"
},
{
"status": "affected",
"version": "20.12.5.1.01"
},
{
"status": "affected",
"version": "20.9.8"
},
{
"status": "affected",
"version": "20.9.8_LI_Images"
},
{
"status": "affected",
"version": "20.18.2"
},
{
"status": "affected",
"version": "20.15.4.1_LI_Images"
},
{
"status": "affected",
"version": "20.15.4.1"
},
{
"status": "affected",
"version": "20.18.2_LI_Images"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the API of Cisco Catalyst SD-WAN Manager could allow an authenticated, remote attacker to overwrite arbitrary files on the local file system. To exploit this vulnerability, the attacker must have valid read-only credentials with API access on the affected system.\r\n\r\nThis vulnerability is due to improper file handling on the API interface of an affected system. An attacker could exploit this vulnerability by uploading a malicious file on the local file system. A successful exploit could allow the attacker to overwrite arbitrary files on the affected system\u0026nbsp;and gain vmanage user privileges."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in CVE-2026-20133, CVE-2026-20126, and CVE-2026-20129.\r\n\r\nIn March 2026, the Cisco PSIRT became aware of active exploitation of the vulnerabilities that are described in CVE-2026-20128 and CVE-2026-20122 only. The vulnerabilities that are described in the other CVEs in this advisory are not known to have been compromised. Cisco strongly recommends that customers upgrade to a fixed software release to remediate these vulnerabilities."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-648",
"description": "Incorrect Use of Privileged APIs",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-20T21:47:05.503Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-sdwan-authbp-qwCX8D4v",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-authbp-qwCX8D4v"
}
],
"source": {
"advisory": "cisco-sa-sdwan-authbp-qwCX8D4v",
"defects": [
"CSCws33584"
],
"discovery": "INTERNAL"
},
"title": "Cisco Catalyst SD-WAN Manager Arbitrary File Overwrite Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2026-20122",
"datePublished": "2026-02-25T16:14:21.256Z",
"dateReserved": "2025-10-08T11:59:15.377Z",
"dateUpdated": "2026-03-20T21:47:05.503Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-20133 (GCVE-0-2026-20133)
Vulnerability from cvelistv5 – Published: 2026-02-25 16:13 – Updated: 2026-03-20 21:48
VLAI?
EPSS
Title
Cisco Catalyst SD-WAN Manager Information Disclosure Vulnerability
Summary
A vulnerability in Cisco Catalyst SD-WAN Manager could allow an unauthenticated, remote attacker to view sensitive information on an affected system.
This vulnerability is due to insufficient file system access restrictions. An attacker could exploit this vulnerability by accessing the API of an affected system. A successful exploit could allow the attacker to read sensitive information on the underlying operating system.
Severity ?
6.5 (Medium)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Catalyst SD-WAN Manager |
Affected:
20.1.12
Affected: 19.2.1 Affected: 18.4.4 Affected: 18.4.5 Affected: 20.1.1.1 Affected: 20.1.1 Affected: 19.3.0 Affected: 19.2.2 Affected: 19.2.099 Affected: 18.3.6 Affected: 18.3.7 Affected: 19.2.0 Affected: 18.3.8 Affected: 19.0.0 Affected: 19.1.0 Affected: 18.4.302 Affected: 18.4.303 Affected: 19.2.097 Affected: 19.2.098 Affected: 17.2.10 Affected: 18.3.6.1 Affected: 19.0.1a Affected: 18.2.0 Affected: 18.4.3 Affected: 18.4.1 Affected: 17.2.8 Affected: 18.3.3.1 Affected: 18.4.0 Affected: 18.3.1 Affected: 17.2.6 Affected: 17.2.9 Affected: 18.3.4 Affected: 17.2.5 Affected: 18.3.1.1 Affected: 18.3.5 Affected: 18.4.0.1 Affected: 18.3.3 Affected: 17.2.7 Affected: 17.2.4 Affected: 18.3.0 Affected: 19.2.3 Affected: 18.4.501_ES Affected: 20.3.1 Affected: 20.1.2 Affected: 19.2.929 Affected: 19.2.31 Affected: 20.3.2 Affected: 19.2.32 Affected: 20.3.2_925 Affected: 20.3.2.1 Affected: 20.3.2.1_927 Affected: 18.4.6 Affected: 20.1.2_937 Affected: 20.4.1 Affected: 20.3.2_928 Affected: 20.3.2_929 Affected: 20.4.1.0.1 Affected: 20.3.2.1_930 Affected: 19.2.4 Affected: 20.5.0.1.1 Affected: 20.4.1.1 Affected: 20.3.3 Affected: 19.2.4.0.1 Affected: 20.3.2_937 Affected: 20.3.3.1 Affected: 20.5.1 Affected: 20.1.3 Affected: 20.3.3.0.4 Affected: 20.3.3.1.2 Affected: 20.3.3.1.1 Affected: 20.4.1.2 Affected: 20.3.3.0.2 Affected: 20.4.1.1.5 Affected: 20.4.1.0.01 Affected: 20.4.1.0.02 Affected: 20.3.3.1.7 Affected: 20.3.3.1.5 Affected: 20.5.1.0.1 Affected: 20.3.3.1.10 Affected: 20.3.3.0.8 Affected: 20.4.2 Affected: 20.4.2.0.1 Affected: 20.3.4 Affected: 20.3.3.0.14 Affected: 19.2.4.0.8 Affected: 19.2.4.0.9 Affected: 20.3.4.0.1 Affected: 20.3.2.0.5 Affected: 20.6.1 Affected: 20.5.1.0.2 Affected: 20.3.3.0.17 Affected: 20.6.1.1 Affected: 20.6.0.18.3 Affected: 20.3.2.0.6 Affected: 20.6.0.18.4 Affected: 20.4.2.0.2 Affected: 20.3.3.0.16 Affected: 20.3.4.0.5 Affected: 20.6.1.0.1 Affected: 20.3.4.0.6 Affected: 20.6.2 Affected: 20.7.1EFT2 Affected: 20.3.4.0.9 Affected: 20.3.4.0.11 Affected: 20.4.2.0.4 Affected: 20.3.3.0.18 Affected: 20.7.1 Affected: 20.6.2.1 Affected: 20.3.4.1 Affected: 20.5.1.1 Affected: 20.4.2.1 Affected: 20.4.2.1.1 Affected: 20.3.4.1.1 Affected: 20.3.813 Affected: 20.3.4.0.19 Affected: 20.4.2.2.1 Affected: 20.5.1.2 Affected: 20.3.4.2 Affected: 20.3.814 Affected: 20.4.2.2 Affected: 20.6.2.2 Affected: 20.3.4.2.1 Affected: 20.7.1.1 Affected: 20.3.4.1.2 Affected: 20.6.2.2.2 Affected: 20.3.4.0.20 Affected: 20.6.2.2.3 Affected: 20.4.2.2.2 Affected: 20.3.5 Affected: 20.6.2.0.4 Affected: 20.4.2.2.3 Affected: 20.3.4.0.24 Affected: 20.6.2.2.7 Affected: 20.6.3 Affected: 20.3.4.2.2 Affected: 20.4.2.2.4 Affected: 20.7.1.0.2 Affected: 20.8.1 Affected: 20.3.5.0.8 Affected: 20.3.5.0.9 Affected: 20.4.2.2.8 Affected: 20.3.5.0.7 Affected: 20.6.3.0.7 Affected: 20.6.3.0.5 Affected: 20.6.3.0.10 Affected: 20.6.3.0.2 Affected: 20.7.2 Affected: 20.9.1EFT2 Affected: 20.6.3.0.11 Affected: 20.6.3.1 Affected: 20.6.3.0.14 Affected: 20.6.4 Affected: 20.9.1 Affected: 20.6.3.0.19 Affected: 20.6.3.0.18 Affected: 20.3.6 Affected: 20.9.1.1 Affected: 20.6.3.0.23 Affected: 20.6.4.0.4 Affected: 20.6.3.0.25 Affected: 20.6.5 Affected: 20.6.3.0.27 Affected: 20.9.2 Affected: 20.9.2.1 Affected: 20.6.3.0.29 Affected: 20.6.3.0.31 Affected: 20.6.3.0.32 Affected: 20.10.1 Affected: 20.6.3.0.33 Affected: 20.9.2.0.01 Affected: 20.9.1_LI_Images Affected: 20.10.1_LI_Images Affected: 20.9.2_LI_Images Affected: 20.3.7 Affected: 20.9.3 Affected: 20.6.5.1 Affected: 20.11.1 Affected: 20.11.1_LI_Images Affected: 20.9.3_LI_ Images Affected: 20.6.3.1.1 Affected: 20.9.3.0.2 Affected: 20.6.5.1.2 Affected: 20.9.3.0.3 Affected: 20.4.2.3 Affected: 20.6.3.2 Affected: 20.6.4.1 Affected: 20.6.3.0.38 Affected: 20.6.3.0.39 Affected: 20.3.5.1 Affected: 20.3.4.3 Affected: 20.9.3.1 Affected: 20.3.3.2 Affected: 20.6.5.2 Affected: 20.3.7.1 Affected: 20.10.1.1 Affected: 20.6.5.2.1 Affected: 20.3.4.0.25 Affected: 20.6.2.2.4 Affected: 20.6.1.2 Affected: 20.11.1.1 Affected: 20.9.3.0.5 Affected: 20.3.4.0.26 Affected: 20.6.5.1.3 Affected: 20.6.3.0.40 Affected: 20.1.3.1 Affected: 20.9.2.2 Affected: 20.6.5.2.3 Affected: 20.6.5.1.4 Affected: 20.6.5.3 Affected: 20.6.3.0.41 Affected: 20.9.3.0.7 Affected: 20.6.5.1.5 Affected: 20.9.3.0.4 Affected: 20.6.4.0.19 Affected: 20.6.5.1.6 Affected: 20.9.3.0.8 Affected: 20.6.3.3 Affected: 20.3.7.2 Affected: 20.6.5.4 Affected: 20.6.5.1.7 Affected: 20.9.3.0.12 Affected: 20.6.4.2 Affected: 20.6.5.5 Affected: 20.9.3.2 Affected: 20.11.1.2 Affected: 20.6.3.4 Affected: 20.10.1.2 Affected: 20.6.5.1.9 Affected: 20.9.3.0.16 Affected: 20.6.3.0.45 Affected: 20.6.5.1.10 Affected: 20.9.3.0.17 Affected: 20.6.5.2.4 Affected: 20.6.4.0.21 Affected: 20.9.3.0.18 Affected: 20.6.3.0.46 Affected: 20.6.3.0.47 Affected: 20.9.2.3 Affected: 20.9.3.2_LI_Images Affected: 20.9.3.0.21 Affected: 20.9.3.0.20 Affected: 20.9.4_LI_Images Affected: 20.9.4 Affected: 20.6.5.1.11 Affected: 20.12.1 Affected: 20.12.1_LI_Images Affected: 20.6.5.1.13 Affected: 20.9.3.0.23 Affected: 20.6.5.2.8 Affected: 20.9.4.1 Affected: 20.9.4.1_LI_Images Affected: 20.9.3.0.25 Affected: 20.9.3.0.24 Affected: 20.6.5.1.14 Affected: 20.3.8 Affected: 20.6.6 Affected: 20.9.3.0.26 Affected: 20.6.3.0.51 Affected: 20.9.3.0.29 Affected: 20.12.2 Affected: 20.12.2_LI_Images Affected: 20.6.6.0.1 Affected: 20.13.1_LI_Images Affected: 20.9.4.0.4 Affected: 20.13.1 Affected: 20.9.4.1.1 Affected: 20.9.5 Affected: 20.9.5_LI_Images Affected: 20.12.3_LI_Images Affected: 20.12.3 Affected: 20.9.4.1.3 Affected: 20.6.7 Affected: 20.9.5.1 Affected: 20.9.5.1_LI_Images Affected: 20.9.4.1.6 Affected: 20.14.1 Affected: 20.14.1_LI_Images Affected: 20.9.5.2 Affected: 20.9.5.2.1 Affected: 20.9.5.2_LI_Images Affected: 20.12.3.1 Affected: 20.12.4 Affected: 20.15.1_LI_Images Affected: 20.15.1 Affected: 20.9.5.1.4 Affected: 20.9.5.2.7 Affected: 20.9.5.2.13 Affected: 20.9.6 Affected: 20.9.6_LI_Images Affected: 20.9.5.2.14 Affected: 20.6.8 Affected: 20.12.4.0.03 Affected: 20.16.1 Affected: 20.16.1_LI_Images Affected: 20.12.4_LI_Images Affected: 20.9.5.2.16 Affected: 20.12.4.0.4 Affected: 20.12.401 Affected: 20.9.5.3 Affected: 20.9.5.3_LI_Images Affected: 20.12.4.1_LI_Images Affected: 20.12.4.1 Affected: 20.9.5.2.21 Affected: 20.9.6.0.3 Affected: 20.12.4.0.6 Affected: 20.15.2_LI_Images Affected: 20.15.2 Affected: 20.12.4_Monthly_ES5 Affected: 20.12.5 Affected: 20.12.5_LI_Images Affected: 20.9.7_LI _Images Affected: 20.9.7 Affected: 20.15.3 Affected: 20.15.3_ LI _Images Affected: 20.12.501 Affected: 20.12.5.1_LI_Images Affected: 20.12.5.1 Affected: 20.12.5.2_LI_Images Affected: 20.12.5.2 Affected: 20.15.3.1 Affected: 20.15.4_LI_Images Affected: 20.15.4 Affected: 20.9.7.1_LI _Images Affected: 20.9.7.1 Affected: 20.18.1 Affected: 20.18.1_LI_Images Affected: 20.12.6_LI_Images Affected: 20.12.6 Affected: 20.12.5.1.01 Affected: 20.9.8 Affected: 20.9.8_LI_Images Affected: 20.18.2 Affected: 20.15.4.1_LI_Images Affected: 20.15.4.1 Affected: 20.18.2_LI_Images |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-20133",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-25T18:19:48.904068Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-25T19:05:52.915Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco Catalyst SD-WAN Manager",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "20.1.12"
},
{
"status": "affected",
"version": "19.2.1"
},
{
"status": "affected",
"version": "18.4.4"
},
{
"status": "affected",
"version": "18.4.5"
},
{
"status": "affected",
"version": "20.1.1.1"
},
{
"status": "affected",
"version": "20.1.1"
},
{
"status": "affected",
"version": "19.3.0"
},
{
"status": "affected",
"version": "19.2.2"
},
{
"status": "affected",
"version": "19.2.099"
},
{
"status": "affected",
"version": "18.3.6"
},
{
"status": "affected",
"version": "18.3.7"
},
{
"status": "affected",
"version": "19.2.0"
},
{
"status": "affected",
"version": "18.3.8"
},
{
"status": "affected",
"version": "19.0.0"
},
{
"status": "affected",
"version": "19.1.0"
},
{
"status": "affected",
"version": "18.4.302"
},
{
"status": "affected",
"version": "18.4.303"
},
{
"status": "affected",
"version": "19.2.097"
},
{
"status": "affected",
"version": "19.2.098"
},
{
"status": "affected",
"version": "17.2.10"
},
{
"status": "affected",
"version": "18.3.6.1"
},
{
"status": "affected",
"version": "19.0.1a"
},
{
"status": "affected",
"version": "18.2.0"
},
{
"status": "affected",
"version": "18.4.3"
},
{
"status": "affected",
"version": "18.4.1"
},
{
"status": "affected",
"version": "17.2.8"
},
{
"status": "affected",
"version": "18.3.3.1"
},
{
"status": "affected",
"version": "18.4.0"
},
{
"status": "affected",
"version": "18.3.1"
},
{
"status": "affected",
"version": "17.2.6"
},
{
"status": "affected",
"version": "17.2.9"
},
{
"status": "affected",
"version": "18.3.4"
},
{
"status": "affected",
"version": "17.2.5"
},
{
"status": "affected",
"version": "18.3.1.1"
},
{
"status": "affected",
"version": "18.3.5"
},
{
"status": "affected",
"version": "18.4.0.1"
},
{
"status": "affected",
"version": "18.3.3"
},
{
"status": "affected",
"version": "17.2.7"
},
{
"status": "affected",
"version": "17.2.4"
},
{
"status": "affected",
"version": "18.3.0"
},
{
"status": "affected",
"version": "19.2.3"
},
{
"status": "affected",
"version": "18.4.501_ES"
},
{
"status": "affected",
"version": "20.3.1"
},
{
"status": "affected",
"version": "20.1.2"
},
{
"status": "affected",
"version": "19.2.929"
},
{
"status": "affected",
"version": "19.2.31"
},
{
"status": "affected",
"version": "20.3.2"
},
{
"status": "affected",
"version": "19.2.32"
},
{
"status": "affected",
"version": "20.3.2_925"
},
{
"status": "affected",
"version": "20.3.2.1"
},
{
"status": "affected",
"version": "20.3.2.1_927"
},
{
"status": "affected",
"version": "18.4.6"
},
{
"status": "affected",
"version": "20.1.2_937"
},
{
"status": "affected",
"version": "20.4.1"
},
{
"status": "affected",
"version": "20.3.2_928"
},
{
"status": "affected",
"version": "20.3.2_929"
},
{
"status": "affected",
"version": "20.4.1.0.1"
},
{
"status": "affected",
"version": "20.3.2.1_930"
},
{
"status": "affected",
"version": "19.2.4"
},
{
"status": "affected",
"version": "20.5.0.1.1"
},
{
"status": "affected",
"version": "20.4.1.1"
},
{
"status": "affected",
"version": "20.3.3"
},
{
"status": "affected",
"version": "19.2.4.0.1"
},
{
"status": "affected",
"version": "20.3.2_937"
},
{
"status": "affected",
"version": "20.3.3.1"
},
{
"status": "affected",
"version": "20.5.1"
},
{
"status": "affected",
"version": "20.1.3"
},
{
"status": "affected",
"version": "20.3.3.0.4"
},
{
"status": "affected",
"version": "20.3.3.1.2"
},
{
"status": "affected",
"version": "20.3.3.1.1"
},
{
"status": "affected",
"version": "20.4.1.2"
},
{
"status": "affected",
"version": "20.3.3.0.2"
},
{
"status": "affected",
"version": "20.4.1.1.5"
},
{
"status": "affected",
"version": "20.4.1.0.01"
},
{
"status": "affected",
"version": "20.4.1.0.02"
},
{
"status": "affected",
"version": "20.3.3.1.7"
},
{
"status": "affected",
"version": "20.3.3.1.5"
},
{
"status": "affected",
"version": "20.5.1.0.1"
},
{
"status": "affected",
"version": "20.3.3.1.10"
},
{
"status": "affected",
"version": "20.3.3.0.8"
},
{
"status": "affected",
"version": "20.4.2"
},
{
"status": "affected",
"version": "20.4.2.0.1"
},
{
"status": "affected",
"version": "20.3.4"
},
{
"status": "affected",
"version": "20.3.3.0.14"
},
{
"status": "affected",
"version": "19.2.4.0.8"
},
{
"status": "affected",
"version": "19.2.4.0.9"
},
{
"status": "affected",
"version": "20.3.4.0.1"
},
{
"status": "affected",
"version": "20.3.2.0.5"
},
{
"status": "affected",
"version": "20.6.1"
},
{
"status": "affected",
"version": "20.5.1.0.2"
},
{
"status": "affected",
"version": "20.3.3.0.17"
},
{
"status": "affected",
"version": "20.6.1.1"
},
{
"status": "affected",
"version": "20.6.0.18.3"
},
{
"status": "affected",
"version": "20.3.2.0.6"
},
{
"status": "affected",
"version": "20.6.0.18.4"
},
{
"status": "affected",
"version": "20.4.2.0.2"
},
{
"status": "affected",
"version": "20.3.3.0.16"
},
{
"status": "affected",
"version": "20.3.4.0.5"
},
{
"status": "affected",
"version": "20.6.1.0.1"
},
{
"status": "affected",
"version": "20.3.4.0.6"
},
{
"status": "affected",
"version": "20.6.2"
},
{
"status": "affected",
"version": "20.7.1EFT2"
},
{
"status": "affected",
"version": "20.3.4.0.9"
},
{
"status": "affected",
"version": "20.3.4.0.11"
},
{
"status": "affected",
"version": "20.4.2.0.4"
},
{
"status": "affected",
"version": "20.3.3.0.18"
},
{
"status": "affected",
"version": "20.7.1"
},
{
"status": "affected",
"version": "20.6.2.1"
},
{
"status": "affected",
"version": "20.3.4.1"
},
{
"status": "affected",
"version": "20.5.1.1"
},
{
"status": "affected",
"version": "20.4.2.1"
},
{
"status": "affected",
"version": "20.4.2.1.1"
},
{
"status": "affected",
"version": "20.3.4.1.1"
},
{
"status": "affected",
"version": "20.3.813"
},
{
"status": "affected",
"version": "20.3.4.0.19"
},
{
"status": "affected",
"version": "20.4.2.2.1"
},
{
"status": "affected",
"version": "20.5.1.2"
},
{
"status": "affected",
"version": "20.3.4.2"
},
{
"status": "affected",
"version": "20.3.814"
},
{
"status": "affected",
"version": "20.4.2.2"
},
{
"status": "affected",
"version": "20.6.2.2"
},
{
"status": "affected",
"version": "20.3.4.2.1"
},
{
"status": "affected",
"version": "20.7.1.1"
},
{
"status": "affected",
"version": "20.3.4.1.2"
},
{
"status": "affected",
"version": "20.6.2.2.2"
},
{
"status": "affected",
"version": "20.3.4.0.20"
},
{
"status": "affected",
"version": "20.6.2.2.3"
},
{
"status": "affected",
"version": "20.4.2.2.2"
},
{
"status": "affected",
"version": "20.3.5"
},
{
"status": "affected",
"version": "20.6.2.0.4"
},
{
"status": "affected",
"version": "20.4.2.2.3"
},
{
"status": "affected",
"version": "20.3.4.0.24"
},
{
"status": "affected",
"version": "20.6.2.2.7"
},
{
"status": "affected",
"version": "20.6.3"
},
{
"status": "affected",
"version": "20.3.4.2.2"
},
{
"status": "affected",
"version": "20.4.2.2.4"
},
{
"status": "affected",
"version": "20.7.1.0.2"
},
{
"status": "affected",
"version": "20.8.1"
},
{
"status": "affected",
"version": "20.3.5.0.8"
},
{
"status": "affected",
"version": "20.3.5.0.9"
},
{
"status": "affected",
"version": "20.4.2.2.8"
},
{
"status": "affected",
"version": "20.3.5.0.7"
},
{
"status": "affected",
"version": "20.6.3.0.7"
},
{
"status": "affected",
"version": "20.6.3.0.5"
},
{
"status": "affected",
"version": "20.6.3.0.10"
},
{
"status": "affected",
"version": "20.6.3.0.2"
},
{
"status": "affected",
"version": "20.7.2"
},
{
"status": "affected",
"version": "20.9.1EFT2"
},
{
"status": "affected",
"version": "20.6.3.0.11"
},
{
"status": "affected",
"version": "20.6.3.1"
},
{
"status": "affected",
"version": "20.6.3.0.14"
},
{
"status": "affected",
"version": "20.6.4"
},
{
"status": "affected",
"version": "20.9.1"
},
{
"status": "affected",
"version": "20.6.3.0.19"
},
{
"status": "affected",
"version": "20.6.3.0.18"
},
{
"status": "affected",
"version": "20.3.6"
},
{
"status": "affected",
"version": "20.9.1.1"
},
{
"status": "affected",
"version": "20.6.3.0.23"
},
{
"status": "affected",
"version": "20.6.4.0.4"
},
{
"status": "affected",
"version": "20.6.3.0.25"
},
{
"status": "affected",
"version": "20.6.5"
},
{
"status": "affected",
"version": "20.6.3.0.27"
},
{
"status": "affected",
"version": "20.9.2"
},
{
"status": "affected",
"version": "20.9.2.1"
},
{
"status": "affected",
"version": "20.6.3.0.29"
},
{
"status": "affected",
"version": "20.6.3.0.31"
},
{
"status": "affected",
"version": "20.6.3.0.32"
},
{
"status": "affected",
"version": "20.10.1"
},
{
"status": "affected",
"version": "20.6.3.0.33"
},
{
"status": "affected",
"version": "20.9.2.0.01"
},
{
"status": "affected",
"version": "20.9.1_LI_Images"
},
{
"status": "affected",
"version": "20.10.1_LI_Images"
},
{
"status": "affected",
"version": "20.9.2_LI_Images"
},
{
"status": "affected",
"version": "20.3.7"
},
{
"status": "affected",
"version": "20.9.3"
},
{
"status": "affected",
"version": "20.6.5.1"
},
{
"status": "affected",
"version": "20.11.1"
},
{
"status": "affected",
"version": "20.11.1_LI_Images"
},
{
"status": "affected",
"version": "20.9.3_LI_ Images"
},
{
"status": "affected",
"version": "20.6.3.1.1"
},
{
"status": "affected",
"version": "20.9.3.0.2"
},
{
"status": "affected",
"version": "20.6.5.1.2"
},
{
"status": "affected",
"version": "20.9.3.0.3"
},
{
"status": "affected",
"version": "20.4.2.3"
},
{
"status": "affected",
"version": "20.6.3.2"
},
{
"status": "affected",
"version": "20.6.4.1"
},
{
"status": "affected",
"version": "20.6.3.0.38"
},
{
"status": "affected",
"version": "20.6.3.0.39"
},
{
"status": "affected",
"version": "20.3.5.1"
},
{
"status": "affected",
"version": "20.3.4.3"
},
{
"status": "affected",
"version": "20.9.3.1"
},
{
"status": "affected",
"version": "20.3.3.2"
},
{
"status": "affected",
"version": "20.6.5.2"
},
{
"status": "affected",
"version": "20.3.7.1"
},
{
"status": "affected",
"version": "20.10.1.1"
},
{
"status": "affected",
"version": "20.6.5.2.1"
},
{
"status": "affected",
"version": "20.3.4.0.25"
},
{
"status": "affected",
"version": "20.6.2.2.4"
},
{
"status": "affected",
"version": "20.6.1.2"
},
{
"status": "affected",
"version": "20.11.1.1"
},
{
"status": "affected",
"version": "20.9.3.0.5"
},
{
"status": "affected",
"version": "20.3.4.0.26"
},
{
"status": "affected",
"version": "20.6.5.1.3"
},
{
"status": "affected",
"version": "20.6.3.0.40"
},
{
"status": "affected",
"version": "20.1.3.1"
},
{
"status": "affected",
"version": "20.9.2.2"
},
{
"status": "affected",
"version": "20.6.5.2.3"
},
{
"status": "affected",
"version": "20.6.5.1.4"
},
{
"status": "affected",
"version": "20.6.5.3"
},
{
"status": "affected",
"version": "20.6.3.0.41"
},
{
"status": "affected",
"version": "20.9.3.0.7"
},
{
"status": "affected",
"version": "20.6.5.1.5"
},
{
"status": "affected",
"version": "20.9.3.0.4"
},
{
"status": "affected",
"version": "20.6.4.0.19"
},
{
"status": "affected",
"version": "20.6.5.1.6"
},
{
"status": "affected",
"version": "20.9.3.0.8"
},
{
"status": "affected",
"version": "20.6.3.3"
},
{
"status": "affected",
"version": "20.3.7.2"
},
{
"status": "affected",
"version": "20.6.5.4"
},
{
"status": "affected",
"version": "20.6.5.1.7"
},
{
"status": "affected",
"version": "20.9.3.0.12"
},
{
"status": "affected",
"version": "20.6.4.2"
},
{
"status": "affected",
"version": "20.6.5.5"
},
{
"status": "affected",
"version": "20.9.3.2"
},
{
"status": "affected",
"version": "20.11.1.2"
},
{
"status": "affected",
"version": "20.6.3.4"
},
{
"status": "affected",
"version": "20.10.1.2"
},
{
"status": "affected",
"version": "20.6.5.1.9"
},
{
"status": "affected",
"version": "20.9.3.0.16"
},
{
"status": "affected",
"version": "20.6.3.0.45"
},
{
"status": "affected",
"version": "20.6.5.1.10"
},
{
"status": "affected",
"version": "20.9.3.0.17"
},
{
"status": "affected",
"version": "20.6.5.2.4"
},
{
"status": "affected",
"version": "20.6.4.0.21"
},
{
"status": "affected",
"version": "20.9.3.0.18"
},
{
"status": "affected",
"version": "20.6.3.0.46"
},
{
"status": "affected",
"version": "20.6.3.0.47"
},
{
"status": "affected",
"version": "20.9.2.3"
},
{
"status": "affected",
"version": "20.9.3.2_LI_Images"
},
{
"status": "affected",
"version": "20.9.3.0.21"
},
{
"status": "affected",
"version": "20.9.3.0.20"
},
{
"status": "affected",
"version": "20.9.4_LI_Images"
},
{
"status": "affected",
"version": "20.9.4"
},
{
"status": "affected",
"version": "20.6.5.1.11"
},
{
"status": "affected",
"version": "20.12.1"
},
{
"status": "affected",
"version": "20.12.1_LI_Images"
},
{
"status": "affected",
"version": "20.6.5.1.13"
},
{
"status": "affected",
"version": "20.9.3.0.23"
},
{
"status": "affected",
"version": "20.6.5.2.8"
},
{
"status": "affected",
"version": "20.9.4.1"
},
{
"status": "affected",
"version": "20.9.4.1_LI_Images"
},
{
"status": "affected",
"version": "20.9.3.0.25"
},
{
"status": "affected",
"version": "20.9.3.0.24"
},
{
"status": "affected",
"version": "20.6.5.1.14"
},
{
"status": "affected",
"version": "20.3.8"
},
{
"status": "affected",
"version": "20.6.6"
},
{
"status": "affected",
"version": "20.9.3.0.26"
},
{
"status": "affected",
"version": "20.6.3.0.51"
},
{
"status": "affected",
"version": "20.9.3.0.29"
},
{
"status": "affected",
"version": "20.12.2"
},
{
"status": "affected",
"version": "20.12.2_LI_Images"
},
{
"status": "affected",
"version": "20.6.6.0.1"
},
{
"status": "affected",
"version": "20.13.1_LI_Images"
},
{
"status": "affected",
"version": "20.9.4.0.4"
},
{
"status": "affected",
"version": "20.13.1"
},
{
"status": "affected",
"version": "20.9.4.1.1"
},
{
"status": "affected",
"version": "20.9.5"
},
{
"status": "affected",
"version": "20.9.5_LI_Images"
},
{
"status": "affected",
"version": "20.12.3_LI_Images"
},
{
"status": "affected",
"version": "20.12.3"
},
{
"status": "affected",
"version": "20.9.4.1.3"
},
{
"status": "affected",
"version": "20.6.7"
},
{
"status": "affected",
"version": "20.9.5.1"
},
{
"status": "affected",
"version": "20.9.5.1_LI_Images"
},
{
"status": "affected",
"version": "20.9.4.1.6"
},
{
"status": "affected",
"version": "20.14.1"
},
{
"status": "affected",
"version": "20.14.1_LI_Images"
},
{
"status": "affected",
"version": "20.9.5.2"
},
{
"status": "affected",
"version": "20.9.5.2.1"
},
{
"status": "affected",
"version": "20.9.5.2_LI_Images"
},
{
"status": "affected",
"version": "20.12.3.1"
},
{
"status": "affected",
"version": "20.12.4"
},
{
"status": "affected",
"version": "20.15.1_LI_Images"
},
{
"status": "affected",
"version": "20.15.1"
},
{
"status": "affected",
"version": "20.9.5.1.4"
},
{
"status": "affected",
"version": "20.9.5.2.7"
},
{
"status": "affected",
"version": "20.9.5.2.13"
},
{
"status": "affected",
"version": "20.9.6"
},
{
"status": "affected",
"version": "20.9.6_LI_Images"
},
{
"status": "affected",
"version": "20.9.5.2.14"
},
{
"status": "affected",
"version": "20.6.8"
},
{
"status": "affected",
"version": "20.12.4.0.03"
},
{
"status": "affected",
"version": "20.16.1"
},
{
"status": "affected",
"version": "20.16.1_LI_Images"
},
{
"status": "affected",
"version": "20.12.4_LI_Images"
},
{
"status": "affected",
"version": "20.9.5.2.16"
},
{
"status": "affected",
"version": "20.12.4.0.4"
},
{
"status": "affected",
"version": "20.12.401"
},
{
"status": "affected",
"version": "20.9.5.3"
},
{
"status": "affected",
"version": "20.9.5.3_LI_Images"
},
{
"status": "affected",
"version": "20.12.4.1_LI_Images"
},
{
"status": "affected",
"version": "20.12.4.1"
},
{
"status": "affected",
"version": "20.9.5.2.21"
},
{
"status": "affected",
"version": "20.9.6.0.3"
},
{
"status": "affected",
"version": "20.12.4.0.6"
},
{
"status": "affected",
"version": "20.15.2_LI_Images"
},
{
"status": "affected",
"version": "20.15.2"
},
{
"status": "affected",
"version": "20.12.4_Monthly_ES5"
},
{
"status": "affected",
"version": "20.12.5"
},
{
"status": "affected",
"version": "20.12.5_LI_Images"
},
{
"status": "affected",
"version": "20.9.7_LI _Images"
},
{
"status": "affected",
"version": "20.9.7"
},
{
"status": "affected",
"version": "20.15.3"
},
{
"status": "affected",
"version": "20.15.3_ LI _Images"
},
{
"status": "affected",
"version": "20.12.501"
},
{
"status": "affected",
"version": "20.12.5.1_LI_Images"
},
{
"status": "affected",
"version": "20.12.5.1"
},
{
"status": "affected",
"version": "20.12.5.2_LI_Images"
},
{
"status": "affected",
"version": "20.12.5.2"
},
{
"status": "affected",
"version": "20.15.3.1"
},
{
"status": "affected",
"version": "20.15.4_LI_Images"
},
{
"status": "affected",
"version": "20.15.4"
},
{
"status": "affected",
"version": "20.9.7.1_LI _Images"
},
{
"status": "affected",
"version": "20.9.7.1"
},
{
"status": "affected",
"version": "20.18.1"
},
{
"status": "affected",
"version": "20.18.1_LI_Images"
},
{
"status": "affected",
"version": "20.12.6_LI_Images"
},
{
"status": "affected",
"version": "20.12.6"
},
{
"status": "affected",
"version": "20.12.5.1.01"
},
{
"status": "affected",
"version": "20.9.8"
},
{
"status": "affected",
"version": "20.9.8_LI_Images"
},
{
"status": "affected",
"version": "20.18.2"
},
{
"status": "affected",
"version": "20.15.4.1_LI_Images"
},
{
"status": "affected",
"version": "20.15.4.1"
},
{
"status": "affected",
"version": "20.18.2_LI_Images"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in Cisco Catalyst SD-WAN Manager could allow an unauthenticated, remote attacker to view sensitive information on an affected system.\r\n\r\nThis vulnerability is due to insufficient file system access restrictions. An attacker could exploit this vulnerability by accessing the API of an affected system. A successful exploit could allow the attacker to read sensitive information on the underlying operating system."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in CVE-2026-20133, CVE-2026-20126, and CVE-2026-20129.\r\n\r\nIn March 2026, the Cisco PSIRT became aware of active exploitation of the vulnerabilities that are described in CVE-2026-20128 and CVE-2026-20122 only. The vulnerabilities that are described in the other CVEs in this advisory are not known to have been compromised. Cisco strongly recommends that customers upgrade to a fixed software release to remediate these vulnerabilities."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-20T21:48:45.809Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-sdwan-authbp-qwCX8D4v",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-authbp-qwCX8D4v"
}
],
"source": {
"advisory": "cisco-sa-sdwan-authbp-qwCX8D4v",
"defects": [
"CSCws33583"
],
"discovery": "INTERNAL"
},
"title": "Cisco Catalyst SD-WAN Manager Information Disclosure Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2026-20133",
"datePublished": "2026-02-25T16:13:56.017Z",
"dateReserved": "2025-10-08T11:59:15.380Z",
"dateUpdated": "2026-03-20T21:48:45.809Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-20128 (GCVE-0-2026-20128)
Vulnerability from cvelistv5 – Published: 2026-02-25 16:14 – Updated: 2026-03-20 21:47
VLAI?
EPSS
Title
Cisco Catalyst SD-WAN Manager Information Disclosure Vulnerability
Summary
A vulnerability in the Data Collection Agent (DCA) feature of Cisco Catalyst SD-WAN Manager could allow an unauthenticated, remote attacker to gain DCA user privileges on an affected system.
This vulnerability is due to the presence of a credential file for the DCA user on an affected system. An attacker could exploit this vulnerability by sending a crafted HTTP request and reading the file that contains the DCA password from that affected system. A successful exploit could allow the attacker to access another affected system and gain DCA user privileges.
Note: Cisco Catalyst SD-WAN Manager releases 20.18 and later are not affected by this vulnerability.
Severity ?
7.5 (High)
CWE
- CWE-257 - Storing Passwords in a Recoverable Format
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Catalyst SD-WAN Manager |
Affected:
20.1.12
Affected: 19.2.1 Affected: 18.4.4 Affected: 18.4.5 Affected: 20.1.1.1 Affected: 20.1.1 Affected: 19.3.0 Affected: 19.2.2 Affected: 19.2.099 Affected: 18.3.6 Affected: 18.3.7 Affected: 19.2.0 Affected: 18.3.8 Affected: 19.0.0 Affected: 19.1.0 Affected: 18.4.302 Affected: 18.4.303 Affected: 19.2.097 Affected: 19.2.098 Affected: 17.2.10 Affected: 18.3.6.1 Affected: 19.0.1a Affected: 18.2.0 Affected: 18.4.3 Affected: 18.4.1 Affected: 17.2.8 Affected: 18.3.3.1 Affected: 18.4.0 Affected: 18.3.1 Affected: 17.2.6 Affected: 17.2.9 Affected: 18.3.4 Affected: 17.2.5 Affected: 18.3.1.1 Affected: 18.3.5 Affected: 18.4.0.1 Affected: 18.3.3 Affected: 17.2.7 Affected: 18.3.0 Affected: 19.2.3 Affected: 18.4.501_ES Affected: 20.3.1 Affected: 20.1.2 Affected: 19.2.929 Affected: 19.2.31 Affected: 20.3.2 Affected: 19.2.32 Affected: 20.3.2.1 Affected: 20.3.2.1_927 Affected: 18.4.6 Affected: 20.3.2_928 Affected: 20.3.2_929 Affected: 20.4.1.0.1 Affected: 20.3.2.1_930 Affected: 19.2.4 Affected: 20.5.0.1.1 Affected: 20.4.1.1 Affected: 20.3.3 Affected: 19.2.4.0.1 Affected: 20.3.2_937 Affected: 20.5.1 Affected: 20.1.3 Affected: 20.3.3.0.4 Affected: 20.3.3.1.2 Affected: 20.3.3.1.1 Affected: 20.4.1.2 Affected: 20.3.3.0.2 Affected: 20.4.1.1.5 Affected: 20.4.1.0.02 Affected: 20.3.3.1.7 Affected: 20.3.3.1.5 Affected: 20.5.1.0.1 Affected: 20.3.3.1.10 Affected: 20.3.3.0.8 Affected: 20.4.2 Affected: 20.3.4 Affected: 20.3.3.0.14 Affected: 19.2.4.0.8 Affected: 19.2.4.0.9 Affected: 20.3.4.0.1 Affected: 20.3.2.0.5 Affected: 20.5.1.0.2 Affected: 20.6.1.1 Affected: 20.6.0.18.3 Affected: 20.3.2.0.6 Affected: 20.6.0.18.4 Affected: 20.4.2.0.2 Affected: 20.3.3.0.16 Affected: 20.6.1.0.1 Affected: 20.3.4.0.6 Affected: 20.7.1EFT2 Affected: 20.3.4.0.9 Affected: 20.3.4.0.11 Affected: 20.3.3.0.18 Affected: 20.6.2.1 Affected: 20.3.4.1 Affected: 20.4.2.1 Affected: 20.4.2.1.1 Affected: 20.3.4.1.1 Affected: 20.3.813 Affected: 20.3.4.0.19 Affected: 20.4.2.2.1 Affected: 20.5.1.2 Affected: 20.3.814 Affected: 20.4.2.2 Affected: 20.6.2.2 Affected: 20.3.4.2.1 Affected: 20.3.4.1.2 Affected: 20.3.4.0.20 Affected: 20.6.2.2.3 Affected: 20.4.2.2.2 Affected: 20.6.2.0.4 Affected: 20.3.4.0.24 Affected: 20.6.2.2.7 Affected: 20.3.4.2.2 Affected: 20.4.2.2.4 Affected: 20.3.5.0.8 Affected: 20.3.5.0.9 Affected: 20.3.5.0.7 Affected: 20.6.3.0.2 Affected: 20.9.1EFT2 Affected: 20.3.6 Affected: 20.3.7 Affected: 20.4.2.3 Affected: 20.3.5.1 Affected: 20.3.4.3 Affected: 20.3.3.2 Affected: 20.3.7.1 Affected: 20.3.4.0.25 Affected: 20.6.2.2.4 Affected: 20.6.1.2 Affected: 20.1.3.1 Affected: 20.6.5.1.4 Affected: 20.3.8 Affected: 20.12.501 Affected: 26.1.1 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-20128",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-06T05:01:16.162532Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-09T13:50:28.015Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco Catalyst SD-WAN Manager",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "20.1.12"
},
{
"status": "affected",
"version": "19.2.1"
},
{
"status": "affected",
"version": "18.4.4"
},
{
"status": "affected",
"version": "18.4.5"
},
{
"status": "affected",
"version": "20.1.1.1"
},
{
"status": "affected",
"version": "20.1.1"
},
{
"status": "affected",
"version": "19.3.0"
},
{
"status": "affected",
"version": "19.2.2"
},
{
"status": "affected",
"version": "19.2.099"
},
{
"status": "affected",
"version": "18.3.6"
},
{
"status": "affected",
"version": "18.3.7"
},
{
"status": "affected",
"version": "19.2.0"
},
{
"status": "affected",
"version": "18.3.8"
},
{
"status": "affected",
"version": "19.0.0"
},
{
"status": "affected",
"version": "19.1.0"
},
{
"status": "affected",
"version": "18.4.302"
},
{
"status": "affected",
"version": "18.4.303"
},
{
"status": "affected",
"version": "19.2.097"
},
{
"status": "affected",
"version": "19.2.098"
},
{
"status": "affected",
"version": "17.2.10"
},
{
"status": "affected",
"version": "18.3.6.1"
},
{
"status": "affected",
"version": "19.0.1a"
},
{
"status": "affected",
"version": "18.2.0"
},
{
"status": "affected",
"version": "18.4.3"
},
{
"status": "affected",
"version": "18.4.1"
},
{
"status": "affected",
"version": "17.2.8"
},
{
"status": "affected",
"version": "18.3.3.1"
},
{
"status": "affected",
"version": "18.4.0"
},
{
"status": "affected",
"version": "18.3.1"
},
{
"status": "affected",
"version": "17.2.6"
},
{
"status": "affected",
"version": "17.2.9"
},
{
"status": "affected",
"version": "18.3.4"
},
{
"status": "affected",
"version": "17.2.5"
},
{
"status": "affected",
"version": "18.3.1.1"
},
{
"status": "affected",
"version": "18.3.5"
},
{
"status": "affected",
"version": "18.4.0.1"
},
{
"status": "affected",
"version": "18.3.3"
},
{
"status": "affected",
"version": "17.2.7"
},
{
"status": "affected",
"version": "18.3.0"
},
{
"status": "affected",
"version": "19.2.3"
},
{
"status": "affected",
"version": "18.4.501_ES"
},
{
"status": "affected",
"version": "20.3.1"
},
{
"status": "affected",
"version": "20.1.2"
},
{
"status": "affected",
"version": "19.2.929"
},
{
"status": "affected",
"version": "19.2.31"
},
{
"status": "affected",
"version": "20.3.2"
},
{
"status": "affected",
"version": "19.2.32"
},
{
"status": "affected",
"version": "20.3.2.1"
},
{
"status": "affected",
"version": "20.3.2.1_927"
},
{
"status": "affected",
"version": "18.4.6"
},
{
"status": "affected",
"version": "20.3.2_928"
},
{
"status": "affected",
"version": "20.3.2_929"
},
{
"status": "affected",
"version": "20.4.1.0.1"
},
{
"status": "affected",
"version": "20.3.2.1_930"
},
{
"status": "affected",
"version": "19.2.4"
},
{
"status": "affected",
"version": "20.5.0.1.1"
},
{
"status": "affected",
"version": "20.4.1.1"
},
{
"status": "affected",
"version": "20.3.3"
},
{
"status": "affected",
"version": "19.2.4.0.1"
},
{
"status": "affected",
"version": "20.3.2_937"
},
{
"status": "affected",
"version": "20.5.1"
},
{
"status": "affected",
"version": "20.1.3"
},
{
"status": "affected",
"version": "20.3.3.0.4"
},
{
"status": "affected",
"version": "20.3.3.1.2"
},
{
"status": "affected",
"version": "20.3.3.1.1"
},
{
"status": "affected",
"version": "20.4.1.2"
},
{
"status": "affected",
"version": "20.3.3.0.2"
},
{
"status": "affected",
"version": "20.4.1.1.5"
},
{
"status": "affected",
"version": "20.4.1.0.02"
},
{
"status": "affected",
"version": "20.3.3.1.7"
},
{
"status": "affected",
"version": "20.3.3.1.5"
},
{
"status": "affected",
"version": "20.5.1.0.1"
},
{
"status": "affected",
"version": "20.3.3.1.10"
},
{
"status": "affected",
"version": "20.3.3.0.8"
},
{
"status": "affected",
"version": "20.4.2"
},
{
"status": "affected",
"version": "20.3.4"
},
{
"status": "affected",
"version": "20.3.3.0.14"
},
{
"status": "affected",
"version": "19.2.4.0.8"
},
{
"status": "affected",
"version": "19.2.4.0.9"
},
{
"status": "affected",
"version": "20.3.4.0.1"
},
{
"status": "affected",
"version": "20.3.2.0.5"
},
{
"status": "affected",
"version": "20.5.1.0.2"
},
{
"status": "affected",
"version": "20.6.1.1"
},
{
"status": "affected",
"version": "20.6.0.18.3"
},
{
"status": "affected",
"version": "20.3.2.0.6"
},
{
"status": "affected",
"version": "20.6.0.18.4"
},
{
"status": "affected",
"version": "20.4.2.0.2"
},
{
"status": "affected",
"version": "20.3.3.0.16"
},
{
"status": "affected",
"version": "20.6.1.0.1"
},
{
"status": "affected",
"version": "20.3.4.0.6"
},
{
"status": "affected",
"version": "20.7.1EFT2"
},
{
"status": "affected",
"version": "20.3.4.0.9"
},
{
"status": "affected",
"version": "20.3.4.0.11"
},
{
"status": "affected",
"version": "20.3.3.0.18"
},
{
"status": "affected",
"version": "20.6.2.1"
},
{
"status": "affected",
"version": "20.3.4.1"
},
{
"status": "affected",
"version": "20.4.2.1"
},
{
"status": "affected",
"version": "20.4.2.1.1"
},
{
"status": "affected",
"version": "20.3.4.1.1"
},
{
"status": "affected",
"version": "20.3.813"
},
{
"status": "affected",
"version": "20.3.4.0.19"
},
{
"status": "affected",
"version": "20.4.2.2.1"
},
{
"status": "affected",
"version": "20.5.1.2"
},
{
"status": "affected",
"version": "20.3.814"
},
{
"status": "affected",
"version": "20.4.2.2"
},
{
"status": "affected",
"version": "20.6.2.2"
},
{
"status": "affected",
"version": "20.3.4.2.1"
},
{
"status": "affected",
"version": "20.3.4.1.2"
},
{
"status": "affected",
"version": "20.3.4.0.20"
},
{
"status": "affected",
"version": "20.6.2.2.3"
},
{
"status": "affected",
"version": "20.4.2.2.2"
},
{
"status": "affected",
"version": "20.6.2.0.4"
},
{
"status": "affected",
"version": "20.3.4.0.24"
},
{
"status": "affected",
"version": "20.6.2.2.7"
},
{
"status": "affected",
"version": "20.3.4.2.2"
},
{
"status": "affected",
"version": "20.4.2.2.4"
},
{
"status": "affected",
"version": "20.3.5.0.8"
},
{
"status": "affected",
"version": "20.3.5.0.9"
},
{
"status": "affected",
"version": "20.3.5.0.7"
},
{
"status": "affected",
"version": "20.6.3.0.2"
},
{
"status": "affected",
"version": "20.9.1EFT2"
},
{
"status": "affected",
"version": "20.3.6"
},
{
"status": "affected",
"version": "20.3.7"
},
{
"status": "affected",
"version": "20.4.2.3"
},
{
"status": "affected",
"version": "20.3.5.1"
},
{
"status": "affected",
"version": "20.3.4.3"
},
{
"status": "affected",
"version": "20.3.3.2"
},
{
"status": "affected",
"version": "20.3.7.1"
},
{
"status": "affected",
"version": "20.3.4.0.25"
},
{
"status": "affected",
"version": "20.6.2.2.4"
},
{
"status": "affected",
"version": "20.6.1.2"
},
{
"status": "affected",
"version": "20.1.3.1"
},
{
"status": "affected",
"version": "20.6.5.1.4"
},
{
"status": "affected",
"version": "20.3.8"
},
{
"status": "affected",
"version": "20.12.501"
},
{
"status": "affected",
"version": "26.1.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Data Collection Agent (DCA) feature of Cisco Catalyst SD-WAN Manager could allow an unauthenticated, remote attacker to gain DCA user privileges on an affected system.\r\n\r\nThis vulnerability is due to the presence of a credential file for the DCA user on an affected system. An attacker could exploit this vulnerability by sending a crafted HTTP request and reading the file that contains the DCA password from that affected system. A successful exploit could allow the attacker to access another affected system and gain DCA user privileges.\r\nNote: Cisco Catalyst SD-WAN Manager releases 20.18 and later are not affected by this vulnerability."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in CVE-2026-20133, CVE-2026-20126, and CVE-2026-20129.\r\n\r\nIn March 2026, the Cisco PSIRT became aware of active exploitation of the vulnerabilities that are described in CVE-2026-20128 and CVE-2026-20122 only. The vulnerabilities that are described in the other CVEs in this advisory are not known to have been compromised. Cisco strongly recommends that customers upgrade to a fixed software release to remediate these vulnerabilities."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-257",
"description": "Storing Passwords in a Recoverable Format",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-20T21:47:33.415Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-sdwan-authbp-qwCX8D4v",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-authbp-qwCX8D4v"
}
],
"source": {
"advisory": "cisco-sa-sdwan-authbp-qwCX8D4v",
"defects": [
"CSCws33585"
],
"discovery": "INTERNAL"
},
"title": "Cisco Catalyst SD-WAN Manager Information Disclosure Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2026-20128",
"datePublished": "2026-02-25T16:14:12.353Z",
"dateReserved": "2025-10-08T11:59:15.379Z",
"dateUpdated": "2026-03-20T21:47:33.415Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-20126 (GCVE-0-2026-20126)
Vulnerability from cvelistv5 – Published: 2026-02-25 16:13 – Updated: 2026-03-20 21:48
VLAI?
EPSS
Title
Cisco Catalyst SD-WAN Manager Privilege Escalation Vulnerability
Summary
A vulnerability in Cisco Catalyst SD-WAN Manager could allow an authenticated, local attacker with low privileges to gain root privileges on the underlying operating system.
This vulnerability is due to an insufficient user authentication mechanism in the REST API. An attacker could exploit this vulnerability by sending a request to the REST API of the affected system. A successful exploit could allow the attacker to gain root privileges on the underlying operating system.
Severity ?
8.8 (High)
CWE
- CWE-648 - Incorrect Use of Privileged APIs
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Catalyst SD-WAN Manager |
Affected:
20.1.12
Affected: 19.2.1 Affected: 18.4.4 Affected: 18.4.5 Affected: 20.1.1.1 Affected: 20.1.1 Affected: 19.3.0 Affected: 19.2.2 Affected: 19.2.099 Affected: 18.3.6 Affected: 18.3.7 Affected: 19.2.0 Affected: 18.3.8 Affected: 19.0.0 Affected: 19.1.0 Affected: 18.4.302 Affected: 18.4.303 Affected: 19.2.097 Affected: 19.2.098 Affected: 17.2.10 Affected: 18.3.6.1 Affected: 19.0.1a Affected: 18.2.0 Affected: 18.4.3 Affected: 18.4.1 Affected: 17.2.8 Affected: 18.3.3.1 Affected: 18.4.0 Affected: 18.3.1 Affected: 17.2.6 Affected: 17.2.9 Affected: 18.3.4 Affected: 17.2.5 Affected: 18.3.1.1 Affected: 18.3.5 Affected: 18.4.0.1 Affected: 18.3.3 Affected: 17.2.7 Affected: 17.2.4 Affected: 18.3.0 Affected: 19.2.3 Affected: 18.4.501_ES Affected: 20.3.1 Affected: 20.1.2 Affected: 19.2.929 Affected: 19.2.31 Affected: 20.3.2 Affected: 19.2.32 Affected: 20.3.2_925 Affected: 20.3.2.1 Affected: 20.3.2.1_927 Affected: 18.4.6 Affected: 20.1.2_937 Affected: 20.4.1 Affected: 20.3.2_928 Affected: 20.3.2_929 Affected: 20.4.1.0.1 Affected: 20.3.2.1_930 Affected: 19.2.4 Affected: 20.5.0.1.1 Affected: 20.4.1.1 Affected: 20.3.3 Affected: 19.2.4.0.1 Affected: 20.3.2_937 Affected: 20.3.3.1 Affected: 20.5.1 Affected: 20.1.3 Affected: 20.3.3.0.4 Affected: 20.3.3.1.2 Affected: 20.3.3.1.1 Affected: 20.4.1.2 Affected: 20.3.3.0.2 Affected: 20.4.1.1.5 Affected: 20.4.1.0.01 Affected: 20.4.1.0.02 Affected: 20.3.3.1.7 Affected: 20.3.3.1.5 Affected: 20.5.1.0.1 Affected: 20.3.3.1.10 Affected: 20.3.3.0.8 Affected: 20.4.2 Affected: 20.4.2.0.1 Affected: 20.3.4 Affected: 20.3.3.0.14 Affected: 19.2.4.0.8 Affected: 19.2.4.0.9 Affected: 20.3.4.0.1 Affected: 20.3.2.0.5 Affected: 20.6.1 Affected: 20.5.1.0.2 Affected: 20.3.3.0.17 Affected: 20.6.1.1 Affected: 20.6.0.18.3 Affected: 20.3.2.0.6 Affected: 20.6.0.18.4 Affected: 20.4.2.0.2 Affected: 20.3.3.0.16 Affected: 20.3.4.0.5 Affected: 20.6.1.0.1 Affected: 20.3.4.0.6 Affected: 20.6.2 Affected: 20.7.1EFT2 Affected: 20.3.4.0.9 Affected: 20.3.4.0.11 Affected: 20.4.2.0.4 Affected: 20.3.3.0.18 Affected: 20.7.1 Affected: 20.6.2.1 Affected: 20.3.4.1 Affected: 20.5.1.1 Affected: 20.4.2.1 Affected: 20.4.2.1.1 Affected: 20.3.4.1.1 Affected: 20.3.813 Affected: 20.3.4.0.19 Affected: 20.4.2.2.1 Affected: 20.5.1.2 Affected: 20.3.4.2 Affected: 20.3.814 Affected: 20.4.2.2 Affected: 20.6.2.2 Affected: 20.3.4.2.1 Affected: 20.7.1.1 Affected: 20.3.4.1.2 Affected: 20.6.2.2.2 Affected: 20.3.4.0.20 Affected: 20.6.2.2.3 Affected: 20.4.2.2.2 Affected: 20.3.5 Affected: 20.6.2.0.4 Affected: 20.4.2.2.3 Affected: 20.3.4.0.24 Affected: 20.6.2.2.7 Affected: 20.6.3 Affected: 20.3.4.2.2 Affected: 20.4.2.2.4 Affected: 20.7.1.0.2 Affected: 20.8.1 Affected: 20.3.5.0.8 Affected: 20.3.5.0.9 Affected: 20.4.2.2.8 Affected: 20.3.5.0.7 Affected: 20.6.3.0.7 Affected: 20.6.3.0.5 Affected: 20.6.3.0.10 Affected: 20.6.3.0.2 Affected: 20.7.2 Affected: 20.9.1EFT2 Affected: 20.6.3.0.11 Affected: 20.6.3.1 Affected: 20.6.3.0.14 Affected: 20.6.4 Affected: 20.9.1 Affected: 20.6.3.0.19 Affected: 20.6.3.0.18 Affected: 20.3.6 Affected: 20.9.1.1 Affected: 20.6.3.0.23 Affected: 20.6.4.0.4 Affected: 20.6.3.0.25 Affected: 20.6.5 Affected: 20.6.3.0.27 Affected: 20.9.2 Affected: 20.9.2.1 Affected: 20.6.3.0.29 Affected: 20.6.3.0.31 Affected: 20.6.3.0.32 Affected: 20.10.1 Affected: 20.6.3.0.33 Affected: 20.9.2.0.01 Affected: 20.9.1_LI_Images Affected: 20.10.1_LI_Images Affected: 20.9.2_LI_Images Affected: 20.3.7 Affected: 20.9.3 Affected: 20.6.5.1 Affected: 20.11.1 Affected: 20.11.1_LI_Images Affected: 20.9.3_LI_ Images Affected: 20.6.3.1.1 Affected: 20.9.3.0.2 Affected: 20.6.5.1.2 Affected: 20.9.3.0.3 Affected: 20.4.2.3 Affected: 20.6.3.2 Affected: 20.6.4.1 Affected: 20.6.3.0.38 Affected: 20.6.3.0.39 Affected: 20.3.5.1 Affected: 20.3.4.3 Affected: 20.9.3.1 Affected: 20.3.3.2 Affected: 20.6.5.2 Affected: 20.3.7.1 Affected: 20.10.1.1 Affected: 20.6.5.2.1 Affected: 20.3.4.0.25 Affected: 20.6.2.2.4 Affected: 20.6.1.2 Affected: 20.11.1.1 Affected: 20.9.3.0.5 Affected: 20.3.4.0.26 Affected: 20.6.5.1.3 Affected: 20.6.3.0.40 Affected: 20.1.3.1 Affected: 20.9.2.2 Affected: 20.6.5.2.3 Affected: 20.6.5.1.4 Affected: 20.6.5.3 Affected: 20.6.3.0.41 Affected: 20.9.3.0.7 Affected: 20.6.5.1.5 Affected: 20.9.3.0.4 Affected: 20.6.4.0.19 Affected: 20.6.5.1.6 Affected: 20.9.3.0.8 Affected: 20.6.3.3 Affected: 20.3.7.2 Affected: 20.6.5.4 Affected: 20.6.5.1.7 Affected: 20.9.3.0.12 Affected: 20.6.4.2 Affected: 20.6.5.5 Affected: 20.9.3.2 Affected: 20.11.1.2 Affected: 20.6.3.4 Affected: 20.10.1.2 Affected: 20.6.5.1.9 Affected: 20.9.3.0.16 Affected: 20.6.3.0.45 Affected: 20.6.5.1.10 Affected: 20.9.3.0.17 Affected: 20.6.5.2.4 Affected: 20.6.4.0.21 Affected: 20.9.3.0.18 Affected: 20.6.3.0.46 Affected: 20.6.3.0.47 Affected: 20.9.2.3 Affected: 20.9.3.2_LI_Images Affected: 20.9.3.0.21 Affected: 20.9.3.0.20 Affected: 20.9.4_LI_Images Affected: 20.9.4 Affected: 20.6.5.1.11 Affected: 20.12.1 Affected: 20.12.1_LI_Images Affected: 20.6.5.1.13 Affected: 20.9.3.0.23 Affected: 20.6.5.2.8 Affected: 20.9.4.1 Affected: 20.9.4.1_LI_Images Affected: 20.9.3.0.25 Affected: 20.9.3.0.24 Affected: 20.6.5.1.14 Affected: 20.3.8 Affected: 20.6.6 Affected: 20.9.3.0.26 Affected: 20.6.3.0.51 Affected: 20.9.3.0.29 Affected: 20.12.2 Affected: 20.12.2_LI_Images Affected: 20.6.6.0.1 Affected: 20.13.1_LI_Images Affected: 20.9.4.0.4 Affected: 20.13.1 Affected: 20.9.4.1.1 Affected: 20.9.5 Affected: 20.9.5_LI_Images Affected: 20.12.3_LI_Images Affected: 20.12.3 Affected: 20.9.4.1.3 Affected: 20.6.7 Affected: 20.9.5.1 Affected: 20.9.5.1_LI_Images Affected: 20.9.4.1.6 Affected: 20.14.1 Affected: 20.14.1_LI_Images Affected: 20.9.5.2 Affected: 20.9.5.2.1 Affected: 20.9.5.2_LI_Images Affected: 20.12.3.1 Affected: 20.12.4 Affected: 20.15.1_LI_Images Affected: 20.15.1 Affected: 20.9.5.1.4 Affected: 20.9.5.2.7 Affected: 20.9.5.2.13 Affected: 20.9.6 Affected: 20.9.6_LI_Images Affected: 20.9.5.2.14 Affected: 20.6.8 Affected: 20.12.4.0.03 Affected: 20.16.1 Affected: 20.16.1_LI_Images Affected: 20.12.4_LI_Images Affected: 20.9.5.2.16 Affected: 20.12.4.0.4 Affected: 20.12.401 Affected: 20.9.5.3 Affected: 20.9.5.3_LI_Images Affected: 20.12.4.1_LI_Images Affected: 20.12.4.1 Affected: 20.9.5.2.21 Affected: 20.9.6.0.3 Affected: 20.12.4.0.6 Affected: 20.15.2_LI_Images Affected: 20.15.2 Affected: 20.12.4_Monthly_ES5 Affected: 20.12.5 Affected: 20.12.5_LI_Images Affected: 20.9.7_LI _Images Affected: 20.9.7 Affected: 20.15.3 Affected: 20.15.3_ LI _Images Affected: 20.12.501 Affected: 20.12.5.1_LI_Images Affected: 20.12.5.1 Affected: 20.12.5.2_LI_Images Affected: 20.12.5.2 Affected: 20.15.3.1 Affected: 20.15.4_LI_Images Affected: 20.15.4 Affected: 20.9.7.1_LI _Images Affected: 20.9.7.1 Affected: 20.18.1 Affected: 20.18.1_LI_Images Affected: 20.12.6_LI_Images Affected: 20.12.6 Affected: 20.12.5.1.01 Affected: 20.9.8 Affected: 20.9.8_LI_Images Affected: 20.18.2 Affected: 20.15.4.1_LI_Images Affected: 20.15.4.1 Affected: 20.18.2_LI_Images |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-20126",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-26T04:56:09.308176Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T14:44:06.591Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco Catalyst SD-WAN Manager",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "20.1.12"
},
{
"status": "affected",
"version": "19.2.1"
},
{
"status": "affected",
"version": "18.4.4"
},
{
"status": "affected",
"version": "18.4.5"
},
{
"status": "affected",
"version": "20.1.1.1"
},
{
"status": "affected",
"version": "20.1.1"
},
{
"status": "affected",
"version": "19.3.0"
},
{
"status": "affected",
"version": "19.2.2"
},
{
"status": "affected",
"version": "19.2.099"
},
{
"status": "affected",
"version": "18.3.6"
},
{
"status": "affected",
"version": "18.3.7"
},
{
"status": "affected",
"version": "19.2.0"
},
{
"status": "affected",
"version": "18.3.8"
},
{
"status": "affected",
"version": "19.0.0"
},
{
"status": "affected",
"version": "19.1.0"
},
{
"status": "affected",
"version": "18.4.302"
},
{
"status": "affected",
"version": "18.4.303"
},
{
"status": "affected",
"version": "19.2.097"
},
{
"status": "affected",
"version": "19.2.098"
},
{
"status": "affected",
"version": "17.2.10"
},
{
"status": "affected",
"version": "18.3.6.1"
},
{
"status": "affected",
"version": "19.0.1a"
},
{
"status": "affected",
"version": "18.2.0"
},
{
"status": "affected",
"version": "18.4.3"
},
{
"status": "affected",
"version": "18.4.1"
},
{
"status": "affected",
"version": "17.2.8"
},
{
"status": "affected",
"version": "18.3.3.1"
},
{
"status": "affected",
"version": "18.4.0"
},
{
"status": "affected",
"version": "18.3.1"
},
{
"status": "affected",
"version": "17.2.6"
},
{
"status": "affected",
"version": "17.2.9"
},
{
"status": "affected",
"version": "18.3.4"
},
{
"status": "affected",
"version": "17.2.5"
},
{
"status": "affected",
"version": "18.3.1.1"
},
{
"status": "affected",
"version": "18.3.5"
},
{
"status": "affected",
"version": "18.4.0.1"
},
{
"status": "affected",
"version": "18.3.3"
},
{
"status": "affected",
"version": "17.2.7"
},
{
"status": "affected",
"version": "17.2.4"
},
{
"status": "affected",
"version": "18.3.0"
},
{
"status": "affected",
"version": "19.2.3"
},
{
"status": "affected",
"version": "18.4.501_ES"
},
{
"status": "affected",
"version": "20.3.1"
},
{
"status": "affected",
"version": "20.1.2"
},
{
"status": "affected",
"version": "19.2.929"
},
{
"status": "affected",
"version": "19.2.31"
},
{
"status": "affected",
"version": "20.3.2"
},
{
"status": "affected",
"version": "19.2.32"
},
{
"status": "affected",
"version": "20.3.2_925"
},
{
"status": "affected",
"version": "20.3.2.1"
},
{
"status": "affected",
"version": "20.3.2.1_927"
},
{
"status": "affected",
"version": "18.4.6"
},
{
"status": "affected",
"version": "20.1.2_937"
},
{
"status": "affected",
"version": "20.4.1"
},
{
"status": "affected",
"version": "20.3.2_928"
},
{
"status": "affected",
"version": "20.3.2_929"
},
{
"status": "affected",
"version": "20.4.1.0.1"
},
{
"status": "affected",
"version": "20.3.2.1_930"
},
{
"status": "affected",
"version": "19.2.4"
},
{
"status": "affected",
"version": "20.5.0.1.1"
},
{
"status": "affected",
"version": "20.4.1.1"
},
{
"status": "affected",
"version": "20.3.3"
},
{
"status": "affected",
"version": "19.2.4.0.1"
},
{
"status": "affected",
"version": "20.3.2_937"
},
{
"status": "affected",
"version": "20.3.3.1"
},
{
"status": "affected",
"version": "20.5.1"
},
{
"status": "affected",
"version": "20.1.3"
},
{
"status": "affected",
"version": "20.3.3.0.4"
},
{
"status": "affected",
"version": "20.3.3.1.2"
},
{
"status": "affected",
"version": "20.3.3.1.1"
},
{
"status": "affected",
"version": "20.4.1.2"
},
{
"status": "affected",
"version": "20.3.3.0.2"
},
{
"status": "affected",
"version": "20.4.1.1.5"
},
{
"status": "affected",
"version": "20.4.1.0.01"
},
{
"status": "affected",
"version": "20.4.1.0.02"
},
{
"status": "affected",
"version": "20.3.3.1.7"
},
{
"status": "affected",
"version": "20.3.3.1.5"
},
{
"status": "affected",
"version": "20.5.1.0.1"
},
{
"status": "affected",
"version": "20.3.3.1.10"
},
{
"status": "affected",
"version": "20.3.3.0.8"
},
{
"status": "affected",
"version": "20.4.2"
},
{
"status": "affected",
"version": "20.4.2.0.1"
},
{
"status": "affected",
"version": "20.3.4"
},
{
"status": "affected",
"version": "20.3.3.0.14"
},
{
"status": "affected",
"version": "19.2.4.0.8"
},
{
"status": "affected",
"version": "19.2.4.0.9"
},
{
"status": "affected",
"version": "20.3.4.0.1"
},
{
"status": "affected",
"version": "20.3.2.0.5"
},
{
"status": "affected",
"version": "20.6.1"
},
{
"status": "affected",
"version": "20.5.1.0.2"
},
{
"status": "affected",
"version": "20.3.3.0.17"
},
{
"status": "affected",
"version": "20.6.1.1"
},
{
"status": "affected",
"version": "20.6.0.18.3"
},
{
"status": "affected",
"version": "20.3.2.0.6"
},
{
"status": "affected",
"version": "20.6.0.18.4"
},
{
"status": "affected",
"version": "20.4.2.0.2"
},
{
"status": "affected",
"version": "20.3.3.0.16"
},
{
"status": "affected",
"version": "20.3.4.0.5"
},
{
"status": "affected",
"version": "20.6.1.0.1"
},
{
"status": "affected",
"version": "20.3.4.0.6"
},
{
"status": "affected",
"version": "20.6.2"
},
{
"status": "affected",
"version": "20.7.1EFT2"
},
{
"status": "affected",
"version": "20.3.4.0.9"
},
{
"status": "affected",
"version": "20.3.4.0.11"
},
{
"status": "affected",
"version": "20.4.2.0.4"
},
{
"status": "affected",
"version": "20.3.3.0.18"
},
{
"status": "affected",
"version": "20.7.1"
},
{
"status": "affected",
"version": "20.6.2.1"
},
{
"status": "affected",
"version": "20.3.4.1"
},
{
"status": "affected",
"version": "20.5.1.1"
},
{
"status": "affected",
"version": "20.4.2.1"
},
{
"status": "affected",
"version": "20.4.2.1.1"
},
{
"status": "affected",
"version": "20.3.4.1.1"
},
{
"status": "affected",
"version": "20.3.813"
},
{
"status": "affected",
"version": "20.3.4.0.19"
},
{
"status": "affected",
"version": "20.4.2.2.1"
},
{
"status": "affected",
"version": "20.5.1.2"
},
{
"status": "affected",
"version": "20.3.4.2"
},
{
"status": "affected",
"version": "20.3.814"
},
{
"status": "affected",
"version": "20.4.2.2"
},
{
"status": "affected",
"version": "20.6.2.2"
},
{
"status": "affected",
"version": "20.3.4.2.1"
},
{
"status": "affected",
"version": "20.7.1.1"
},
{
"status": "affected",
"version": "20.3.4.1.2"
},
{
"status": "affected",
"version": "20.6.2.2.2"
},
{
"status": "affected",
"version": "20.3.4.0.20"
},
{
"status": "affected",
"version": "20.6.2.2.3"
},
{
"status": "affected",
"version": "20.4.2.2.2"
},
{
"status": "affected",
"version": "20.3.5"
},
{
"status": "affected",
"version": "20.6.2.0.4"
},
{
"status": "affected",
"version": "20.4.2.2.3"
},
{
"status": "affected",
"version": "20.3.4.0.24"
},
{
"status": "affected",
"version": "20.6.2.2.7"
},
{
"status": "affected",
"version": "20.6.3"
},
{
"status": "affected",
"version": "20.3.4.2.2"
},
{
"status": "affected",
"version": "20.4.2.2.4"
},
{
"status": "affected",
"version": "20.7.1.0.2"
},
{
"status": "affected",
"version": "20.8.1"
},
{
"status": "affected",
"version": "20.3.5.0.8"
},
{
"status": "affected",
"version": "20.3.5.0.9"
},
{
"status": "affected",
"version": "20.4.2.2.8"
},
{
"status": "affected",
"version": "20.3.5.0.7"
},
{
"status": "affected",
"version": "20.6.3.0.7"
},
{
"status": "affected",
"version": "20.6.3.0.5"
},
{
"status": "affected",
"version": "20.6.3.0.10"
},
{
"status": "affected",
"version": "20.6.3.0.2"
},
{
"status": "affected",
"version": "20.7.2"
},
{
"status": "affected",
"version": "20.9.1EFT2"
},
{
"status": "affected",
"version": "20.6.3.0.11"
},
{
"status": "affected",
"version": "20.6.3.1"
},
{
"status": "affected",
"version": "20.6.3.0.14"
},
{
"status": "affected",
"version": "20.6.4"
},
{
"status": "affected",
"version": "20.9.1"
},
{
"status": "affected",
"version": "20.6.3.0.19"
},
{
"status": "affected",
"version": "20.6.3.0.18"
},
{
"status": "affected",
"version": "20.3.6"
},
{
"status": "affected",
"version": "20.9.1.1"
},
{
"status": "affected",
"version": "20.6.3.0.23"
},
{
"status": "affected",
"version": "20.6.4.0.4"
},
{
"status": "affected",
"version": "20.6.3.0.25"
},
{
"status": "affected",
"version": "20.6.5"
},
{
"status": "affected",
"version": "20.6.3.0.27"
},
{
"status": "affected",
"version": "20.9.2"
},
{
"status": "affected",
"version": "20.9.2.1"
},
{
"status": "affected",
"version": "20.6.3.0.29"
},
{
"status": "affected",
"version": "20.6.3.0.31"
},
{
"status": "affected",
"version": "20.6.3.0.32"
},
{
"status": "affected",
"version": "20.10.1"
},
{
"status": "affected",
"version": "20.6.3.0.33"
},
{
"status": "affected",
"version": "20.9.2.0.01"
},
{
"status": "affected",
"version": "20.9.1_LI_Images"
},
{
"status": "affected",
"version": "20.10.1_LI_Images"
},
{
"status": "affected",
"version": "20.9.2_LI_Images"
},
{
"status": "affected",
"version": "20.3.7"
},
{
"status": "affected",
"version": "20.9.3"
},
{
"status": "affected",
"version": "20.6.5.1"
},
{
"status": "affected",
"version": "20.11.1"
},
{
"status": "affected",
"version": "20.11.1_LI_Images"
},
{
"status": "affected",
"version": "20.9.3_LI_ Images"
},
{
"status": "affected",
"version": "20.6.3.1.1"
},
{
"status": "affected",
"version": "20.9.3.0.2"
},
{
"status": "affected",
"version": "20.6.5.1.2"
},
{
"status": "affected",
"version": "20.9.3.0.3"
},
{
"status": "affected",
"version": "20.4.2.3"
},
{
"status": "affected",
"version": "20.6.3.2"
},
{
"status": "affected",
"version": "20.6.4.1"
},
{
"status": "affected",
"version": "20.6.3.0.38"
},
{
"status": "affected",
"version": "20.6.3.0.39"
},
{
"status": "affected",
"version": "20.3.5.1"
},
{
"status": "affected",
"version": "20.3.4.3"
},
{
"status": "affected",
"version": "20.9.3.1"
},
{
"status": "affected",
"version": "20.3.3.2"
},
{
"status": "affected",
"version": "20.6.5.2"
},
{
"status": "affected",
"version": "20.3.7.1"
},
{
"status": "affected",
"version": "20.10.1.1"
},
{
"status": "affected",
"version": "20.6.5.2.1"
},
{
"status": "affected",
"version": "20.3.4.0.25"
},
{
"status": "affected",
"version": "20.6.2.2.4"
},
{
"status": "affected",
"version": "20.6.1.2"
},
{
"status": "affected",
"version": "20.11.1.1"
},
{
"status": "affected",
"version": "20.9.3.0.5"
},
{
"status": "affected",
"version": "20.3.4.0.26"
},
{
"status": "affected",
"version": "20.6.5.1.3"
},
{
"status": "affected",
"version": "20.6.3.0.40"
},
{
"status": "affected",
"version": "20.1.3.1"
},
{
"status": "affected",
"version": "20.9.2.2"
},
{
"status": "affected",
"version": "20.6.5.2.3"
},
{
"status": "affected",
"version": "20.6.5.1.4"
},
{
"status": "affected",
"version": "20.6.5.3"
},
{
"status": "affected",
"version": "20.6.3.0.41"
},
{
"status": "affected",
"version": "20.9.3.0.7"
},
{
"status": "affected",
"version": "20.6.5.1.5"
},
{
"status": "affected",
"version": "20.9.3.0.4"
},
{
"status": "affected",
"version": "20.6.4.0.19"
},
{
"status": "affected",
"version": "20.6.5.1.6"
},
{
"status": "affected",
"version": "20.9.3.0.8"
},
{
"status": "affected",
"version": "20.6.3.3"
},
{
"status": "affected",
"version": "20.3.7.2"
},
{
"status": "affected",
"version": "20.6.5.4"
},
{
"status": "affected",
"version": "20.6.5.1.7"
},
{
"status": "affected",
"version": "20.9.3.0.12"
},
{
"status": "affected",
"version": "20.6.4.2"
},
{
"status": "affected",
"version": "20.6.5.5"
},
{
"status": "affected",
"version": "20.9.3.2"
},
{
"status": "affected",
"version": "20.11.1.2"
},
{
"status": "affected",
"version": "20.6.3.4"
},
{
"status": "affected",
"version": "20.10.1.2"
},
{
"status": "affected",
"version": "20.6.5.1.9"
},
{
"status": "affected",
"version": "20.9.3.0.16"
},
{
"status": "affected",
"version": "20.6.3.0.45"
},
{
"status": "affected",
"version": "20.6.5.1.10"
},
{
"status": "affected",
"version": "20.9.3.0.17"
},
{
"status": "affected",
"version": "20.6.5.2.4"
},
{
"status": "affected",
"version": "20.6.4.0.21"
},
{
"status": "affected",
"version": "20.9.3.0.18"
},
{
"status": "affected",
"version": "20.6.3.0.46"
},
{
"status": "affected",
"version": "20.6.3.0.47"
},
{
"status": "affected",
"version": "20.9.2.3"
},
{
"status": "affected",
"version": "20.9.3.2_LI_Images"
},
{
"status": "affected",
"version": "20.9.3.0.21"
},
{
"status": "affected",
"version": "20.9.3.0.20"
},
{
"status": "affected",
"version": "20.9.4_LI_Images"
},
{
"status": "affected",
"version": "20.9.4"
},
{
"status": "affected",
"version": "20.6.5.1.11"
},
{
"status": "affected",
"version": "20.12.1"
},
{
"status": "affected",
"version": "20.12.1_LI_Images"
},
{
"status": "affected",
"version": "20.6.5.1.13"
},
{
"status": "affected",
"version": "20.9.3.0.23"
},
{
"status": "affected",
"version": "20.6.5.2.8"
},
{
"status": "affected",
"version": "20.9.4.1"
},
{
"status": "affected",
"version": "20.9.4.1_LI_Images"
},
{
"status": "affected",
"version": "20.9.3.0.25"
},
{
"status": "affected",
"version": "20.9.3.0.24"
},
{
"status": "affected",
"version": "20.6.5.1.14"
},
{
"status": "affected",
"version": "20.3.8"
},
{
"status": "affected",
"version": "20.6.6"
},
{
"status": "affected",
"version": "20.9.3.0.26"
},
{
"status": "affected",
"version": "20.6.3.0.51"
},
{
"status": "affected",
"version": "20.9.3.0.29"
},
{
"status": "affected",
"version": "20.12.2"
},
{
"status": "affected",
"version": "20.12.2_LI_Images"
},
{
"status": "affected",
"version": "20.6.6.0.1"
},
{
"status": "affected",
"version": "20.13.1_LI_Images"
},
{
"status": "affected",
"version": "20.9.4.0.4"
},
{
"status": "affected",
"version": "20.13.1"
},
{
"status": "affected",
"version": "20.9.4.1.1"
},
{
"status": "affected",
"version": "20.9.5"
},
{
"status": "affected",
"version": "20.9.5_LI_Images"
},
{
"status": "affected",
"version": "20.12.3_LI_Images"
},
{
"status": "affected",
"version": "20.12.3"
},
{
"status": "affected",
"version": "20.9.4.1.3"
},
{
"status": "affected",
"version": "20.6.7"
},
{
"status": "affected",
"version": "20.9.5.1"
},
{
"status": "affected",
"version": "20.9.5.1_LI_Images"
},
{
"status": "affected",
"version": "20.9.4.1.6"
},
{
"status": "affected",
"version": "20.14.1"
},
{
"status": "affected",
"version": "20.14.1_LI_Images"
},
{
"status": "affected",
"version": "20.9.5.2"
},
{
"status": "affected",
"version": "20.9.5.2.1"
},
{
"status": "affected",
"version": "20.9.5.2_LI_Images"
},
{
"status": "affected",
"version": "20.12.3.1"
},
{
"status": "affected",
"version": "20.12.4"
},
{
"status": "affected",
"version": "20.15.1_LI_Images"
},
{
"status": "affected",
"version": "20.15.1"
},
{
"status": "affected",
"version": "20.9.5.1.4"
},
{
"status": "affected",
"version": "20.9.5.2.7"
},
{
"status": "affected",
"version": "20.9.5.2.13"
},
{
"status": "affected",
"version": "20.9.6"
},
{
"status": "affected",
"version": "20.9.6_LI_Images"
},
{
"status": "affected",
"version": "20.9.5.2.14"
},
{
"status": "affected",
"version": "20.6.8"
},
{
"status": "affected",
"version": "20.12.4.0.03"
},
{
"status": "affected",
"version": "20.16.1"
},
{
"status": "affected",
"version": "20.16.1_LI_Images"
},
{
"status": "affected",
"version": "20.12.4_LI_Images"
},
{
"status": "affected",
"version": "20.9.5.2.16"
},
{
"status": "affected",
"version": "20.12.4.0.4"
},
{
"status": "affected",
"version": "20.12.401"
},
{
"status": "affected",
"version": "20.9.5.3"
},
{
"status": "affected",
"version": "20.9.5.3_LI_Images"
},
{
"status": "affected",
"version": "20.12.4.1_LI_Images"
},
{
"status": "affected",
"version": "20.12.4.1"
},
{
"status": "affected",
"version": "20.9.5.2.21"
},
{
"status": "affected",
"version": "20.9.6.0.3"
},
{
"status": "affected",
"version": "20.12.4.0.6"
},
{
"status": "affected",
"version": "20.15.2_LI_Images"
},
{
"status": "affected",
"version": "20.15.2"
},
{
"status": "affected",
"version": "20.12.4_Monthly_ES5"
},
{
"status": "affected",
"version": "20.12.5"
},
{
"status": "affected",
"version": "20.12.5_LI_Images"
},
{
"status": "affected",
"version": "20.9.7_LI _Images"
},
{
"status": "affected",
"version": "20.9.7"
},
{
"status": "affected",
"version": "20.15.3"
},
{
"status": "affected",
"version": "20.15.3_ LI _Images"
},
{
"status": "affected",
"version": "20.12.501"
},
{
"status": "affected",
"version": "20.12.5.1_LI_Images"
},
{
"status": "affected",
"version": "20.12.5.1"
},
{
"status": "affected",
"version": "20.12.5.2_LI_Images"
},
{
"status": "affected",
"version": "20.12.5.2"
},
{
"status": "affected",
"version": "20.15.3.1"
},
{
"status": "affected",
"version": "20.15.4_LI_Images"
},
{
"status": "affected",
"version": "20.15.4"
},
{
"status": "affected",
"version": "20.9.7.1_LI _Images"
},
{
"status": "affected",
"version": "20.9.7.1"
},
{
"status": "affected",
"version": "20.18.1"
},
{
"status": "affected",
"version": "20.18.1_LI_Images"
},
{
"status": "affected",
"version": "20.12.6_LI_Images"
},
{
"status": "affected",
"version": "20.12.6"
},
{
"status": "affected",
"version": "20.12.5.1.01"
},
{
"status": "affected",
"version": "20.9.8"
},
{
"status": "affected",
"version": "20.9.8_LI_Images"
},
{
"status": "affected",
"version": "20.18.2"
},
{
"status": "affected",
"version": "20.15.4.1_LI_Images"
},
{
"status": "affected",
"version": "20.15.4.1"
},
{
"status": "affected",
"version": "20.18.2_LI_Images"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in Cisco Catalyst SD-WAN Manager could allow an authenticated, local attacker with low privileges to gain root privileges on the underlying operating system.\r\n\r\nThis vulnerability is due to an insufficient user authentication mechanism in the REST API. An attacker could exploit this vulnerability by sending a request to the REST API of the affected system. A successful exploit could allow the attacker to\u0026nbsp;gain root privileges on the underlying operating system."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in CVE-2026-20133, CVE-2026-20126, and CVE-2026-20129.\r\n\r\nIn March 2026, the Cisco PSIRT became aware of active exploitation of the vulnerabilities that are described in CVE-2026-20128 and CVE-2026-20122 only. The vulnerabilities that are described in the other CVEs in this advisory are not known to have been compromised. Cisco strongly recommends that customers upgrade to a fixed software release to remediate these vulnerabilities."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-648",
"description": "Incorrect Use of Privileged APIs",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-20T21:48:28.435Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-sdwan-authbp-qwCX8D4v",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-authbp-qwCX8D4v"
}
],
"source": {
"advisory": "cisco-sa-sdwan-authbp-qwCX8D4v",
"defects": [
"CSCws93470"
],
"discovery": "INTERNAL"
},
"title": "Cisco Catalyst SD-WAN Manager Privilege Escalation Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2026-20126",
"datePublished": "2026-02-25T16:13:58.856Z",
"dateReserved": "2025-10-08T11:59:15.378Z",
"dateUpdated": "2026-03-20T21:48:28.435Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Loading…
Show additional events:
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…