9.8
CVE-2026-20129
- EPSS 0.07%
- Veröffentlicht 25.02.2026 16:14:09
- Zuletzt bearbeitet 04.03.2026 21:16:28
- Quelle psirt@cisco.com
- CVE-Watchlists
- Unerledigt
Cisco Catayst SD-WAN Authentication Bypass Vulnerability
A vulnerability in the API user authentication of Cisco Catalyst SD-WAN Manager could allow an unauthenticated, remote attacker to gain access to an affected system as a user who has the netadmin role. The vulnerability is due to improper authentication for requests that are sent to the API. An attacker could exploit this vulnerability by sending a crafted request to the API of an affected system. A successful exploit could allow the attacker to execute commands with the privileges of the netadmin role. Note: Cisco Catalyst SD-WAN Manager releases 20.18 and later are not affected by this vulnerability.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Cisco ≫ Catalyst Sd-wan Manager Version < 20.9.8.2
Cisco ≫ Catalyst Sd-wan Manager Version >= 20.11 < 20.12.5.3
Cisco ≫ Catalyst Sd-wan Manager Version >= 20.13 < 20.15.4.2
Cisco ≫ Catalyst Sd-wan Manager Version >= 20.16 < 20.18
Cisco ≫ Catalyst Sd-wan Manager Version20.12.6
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.07% | 0.219 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| psirt@cisco.com | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-287 Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.