CVE-2026-20122

Warnung

Medienbericht

EPSS 1.74%
Veröffentlicht 25.02.2026 16:14:21
Zuletzt bearbeitet 21.04.2026 11:59:56
Quelle psirt@cisco.com
CVE-Watchlists
Login
Unerledigt
Login

Cisco Catalyst SD-WAN Manager Arbitrary File Overwrite Vulnerability

A vulnerability in the API of Cisco Catalyst SD-WAN Manager could allow an authenticated, remote attacker to overwrite arbitrary files on the local file system. To exploit this vulnerability, the attacker must have valid read-only credentials with API access on the affected system.

This vulnerability is due to improper file handling on the API interface of an affected system. An attacker could exploit this vulnerability by uploading a malicious file on the local file system. A successful exploit could allow the attacker to overwrite arbitrary files on the affected system and gain vmanage user privileges.

Betroffene Produkte Warnungen 3 Metriken 3 CWE 1 Referenzen 10

NVD 5 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Cisco ≫ Catalyst Sd-wan Manager Version < 20.9.8.2

Cisco ≫ Catalyst Sd-wan Manager Version >= 20.10 < 20.12.5.3

Cisco ≫ Catalyst Sd-wan Manager Version >= 20.13 < 20.15.4.2

Cisco ≫ Catalyst Sd-wan Manager Version >= 20.16 < 20.18.2.1

Cisco ≫ Catalyst Sd-wan Manager Version20.12.6

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

20.04.2026: CISA Known Exploited Vulnerabilities (KEV) Catalog

Cisco Catalyst SD-WAN Manager Incorrect Use of Privileged APIs Vulnerability

Schwachstelle

Cisco Catalyst SD-WAN Manager contains an incorrect use of privileged APIs vulnerability due to improper file handling on the API interface of an affected system. An attacker could exploit this vulnerability by uploading a malicious file on the local file system. A successful exploit could allow the attacker to overwrite arbitrary files on the affected system and gain vmanage user privileges.

Beschreibung

Please adhere to CISA’s guidelines to assess exposure and mitigate risks associated with Cisco SD-WAN devices as outlines in CISA’s Emergency Directive 26-03 (URL listed below in Notes) and CISA’s “Hunt & Hardening Guidance for Cisco SD-WAN Devices (URL listed below in Notes). Adhere to the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available.

Erforderliche Maßnahmen

26.02.2026:

https://cert.europa.eu/publications/security-advisories/2026-002/

26.02.2026:

https://www.cert.at/de/warnungen/2026/2/kritische-sicherheitslucken-in-cisco-catalyst-sd-wan-aktiv-ausgenutzt-updates-verfugbar

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.74%	0.827

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.4	2.8	2.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
psirt@cisco.com	5.4	2.8	2.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

CWE-648 Incorrect Use of Privileged APIs

The product does not conform to the API requirements for a function call that requires extra privileges. This could allow attackers to gain privileges by causing the function to be called incorrectly.

https://thehackernews.com/2026/05/cisa-adds-cisco-sd-wan-cve-2026-20182.html

Media Report

https://www.bleepingcomputer.com/news/security/cisa-flags-new-sd-wan-flaw-as-actively-exploited-in-attacks/

Media Report

https://www.heise.de/news/Angriffe-auf-Cisco-SD-WAN-Zimbra-TeamCity-PaperCut-und-mehr-beobachtet-11265225.html

Media Report

https://thehackernews.com/2026/04/cisa-adds-8-exploited-flaws-to-kev-sets.html

Media Report

https://www.heise.de/news/Cisco-Angreifer-dringen-seit-drei-Jahren-ueber-Sicherheitsluecke-in-Netzwerke-ein-11190480.html

Media Report

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-authbp-qwCX8D4v

Vendor Advisory