CVE-2026-20209

Medienbericht

EPSS 0.03%
Veröffentlicht 14.05.2026 16:08:26
Zuletzt bearbeitet 14.05.2026 17:19:57
Quelle psirt@cisco.com
CVE-Watchlists
Login
Unerledigt
Login

Cisco Catalyst SD-WAN Manager Privilege Escalation Vulnerability

A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, remote attacker with read-only permissions to elevate their privileges from low to high and perform actions as a high-privileged user.

This vulnerability exists because sensitive session information is recorded in audit logs. An attacker could exploit this vulnerability by elevating their read-only permissions in Cisco Catalyst SD-WAN Manager to those of a high-privileged user. A successful exploit could allow the attacker to perform actions as a high-privileged user.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 6

CNA 1 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerCisco

≫

Produkt Cisco Catalyst SD-WAN Manager

Default Statusunknown

Version 20.1.12

Status affected

Version 19.2.1

Status affected

Version 18.4.4

Status affected

Version 18.4.5

Status affected

Version 20.1.1.1

Status affected

Version 20.1.1

Status affected

Version 19.3.0

Status affected

Version 19.2.2

Status affected

Version 19.2.099

Status affected

Version 18.3.6

Status affected

Version 18.3.7

Status affected

Version 19.2.0

Status affected

Version 18.3.8

Status affected

Version 19.0.0

Status affected

Version 19.1.0

Status affected

Version 18.4.302

Status affected

Version 18.4.303

Status affected

Version 19.2.097

Status affected

Version 19.2.098

Status affected

Version 17.2.10

Status affected

Version 18.3.6.1

Status affected

Version 19.0.1a

Status affected

Version 18.2.0

Status affected

Version 18.4.3

Status affected

Version 18.4.1

Status affected

Version 17.2.8

Status affected

Version 18.3.3.1

Status affected

Version 18.4.0

Status affected

Version 18.3.1

Status affected

Version 17.2.6

Status affected

Version 17.2.9

Status affected

Version 18.3.4

Status affected

Version 17.2.5

Status affected

Version 18.3.1.1

Status affected

Version 18.3.5

Status affected

Version 18.4.0.1

Status affected

Version 18.3.3

Status affected

Version 17.2.7

Status affected

Version 17.2.4

Status affected

Version 18.3.0

Status affected

Version 19.2.3

Status affected

Version 18.4.501_ES

Status affected

Version 20.3.1

Status affected

Version 20.1.2

Status affected

Version 19.2.929

Status affected

Version 19.2.31

Status affected

Version 20.3.2

Status affected

Version 19.2.32

Status affected

Version 20.3.2_925

Status affected

Version 20.3.2.1

Status affected

Version 20.3.2.1_927

Status affected

Version 18.4.6

Status affected

Version 20.1.2_937

Status affected

Version 20.4.1

Status affected

Version 20.3.2_928

Status affected

Version 20.3.2_929

Status affected

Version 20.4.1.0.1

Status affected

Version 20.3.2.1_930

Status affected

Version 19.2.4

Status affected

Version 20.5.0.1.1

Status affected

Version 20.4.1.1

Status affected

Version 20.3.3

Status affected

Version 19.2.4.0.1

Status affected

Version 20.3.2_937

Status affected

Version 20.3.3.1

Status affected

Version 20.5.1

Status affected

Version 20.1.3

Status affected

Version 20.3.3.0.4

Status affected

Version 20.3.3.1.2

Status affected

Version 20.3.3.1.1

Status affected

Version 20.4.1.2

Status affected

Version 20.3.3.0.2

Status affected

Version 20.4.1.1.5

Status affected

Version 20.4.1.0.01

Status affected

Version 20.4.1.0.02

Status affected

Version 20.3.3.1.7

Status affected

Version 20.3.3.1.5

Status affected

Version 20.5.1.0.1

Status affected

Version 20.3.3.1.10

Status affected

Version 20.3.3.0.8

Status affected

Version 20.4.2

Status affected

Version 20.4.2.0.1

Status affected

Version 20.3.4

Status affected

Version 20.3.3.0.14

Status affected

Version 19.2.4.0.8

Status affected

Version 19.2.4.0.9

Status affected

Version 20.3.4.0.1

Status affected

Version 20.3.2.0.5

Status affected

Version 20.6.1

Status affected

Version 20.5.1.0.2

Status affected

Version 20.3.3.0.17

Status affected

Version 20.6.1.1

Status affected

Version 20.6.0.18.3

Status affected

Version 20.3.2.0.6

Status affected

Version 20.6.0.18.4

Status affected

Version 20.4.2.0.2

Status affected

Version 20.3.3.0.16

Status affected

Version 20.3.4.0.5

Status affected

Version 20.6.1.0.1

Status affected

Version 20.3.4.0.6

Status affected

Version 20.6.2

Status affected

Version 20.7.1EFT2

Status affected

Version 20.3.4.0.9

Status affected

Version 20.3.4.0.11

Status affected

Version 20.4.2.0.4

Status affected

Version 20.3.3.0.18

Status affected

Version 20.7.1

Status affected

Version 20.6.2.1

Status affected

Version 20.3.4.1

Status affected

Version 20.5.1.1

Status affected

Version 20.4.2.1

Status affected

Version 20.4.2.1.1

Status affected

Version 20.3.4.1.1

Status affected

Version 20.3.813

Status affected

Version 20.3.4.0.19

Status affected

Version 20.4.2.2.1

Status affected

Version 20.5.1.2

Status affected

Version 20.3.4.2

Status affected

Version 20.3.814

Status affected

Version 20.4.2.2

Status affected

Version 20.6.2.2

Status affected

Version 20.3.4.2.1

Status affected

Version 20.7.1.1

Status affected

Version 20.3.4.1.2

Status affected

Version 20.6.2.2.2

Status affected

Version 20.3.4.0.20

Status affected

Version 20.6.2.2.3

Status affected

Version 20.4.2.2.2

Status affected

Version 20.3.5

Status affected

Version 20.6.2.0.4

Status affected

Version 20.4.2.2.3

Status affected

Version 20.3.4.0.24

Status affected

Version 20.6.2.2.7

Status affected

Version 20.6.3

Status affected

Version 20.3.4.2.2

Status affected

Version 20.4.2.2.4

Status affected

Version 20.7.1.0.2

Status affected

Version 20.8.1

Status affected

Version 20.3.5.0.8

Status affected

Version 20.3.5.0.9

Status affected

Version 20.4.2.2.8

Status affected

Version 20.3.5.0.7

Status affected

Version 20.6.3.0.7

Status affected

Version 20.6.3.0.5

Status affected

Version 20.6.3.0.10

Status affected

Version 20.6.3.0.2

Status affected

Version 20.7.2

Status affected

Version 20.9.1EFT2

Status affected

Version 20.6.3.0.11

Status affected

Version 20.6.3.1

Status affected

Version 20.6.3.0.14

Status affected

Version 20.6.4

Status affected

Version 20.9.1

Status affected

Version 20.6.3.0.19

Status affected

Version 20.6.3.0.18

Status affected

Version 20.3.6

Status affected

Version 20.9.1.1

Status affected

Version 20.6.3.0.23

Status affected

Version 20.6.4.0.4

Status affected

Version 20.6.3.0.25

Status affected

Version 20.6.5

Status affected

Version 20.6.3.0.27

Status affected

Version 20.9.2

Status affected

Version 20.9.2.1

Status affected

Version 20.6.3.0.29

Status affected

Version 20.6.3.0.31

Status affected

Version 20.6.3.0.32

Status affected

Version 20.10.1

Status affected

Version 20.6.3.0.33

Status affected

Version 20.9.2.0.01

Status affected

Version 20.9.1_LI_Images

Status affected

Version 20.10.1_LI_Images

Status affected

Version 20.9.2_LI_Images

Status affected

Version 20.3.7

Status affected

Version 20.9.3

Status affected

Version 20.6.5.1

Status affected

Version 20.11.1

Status affected

Version 20.11.1_LI_Images

Status affected

Version 20.9.3_LI_ Images

Status affected

Version 20.6.3.1.1

Status affected

Version 20.9.3.0.2

Status affected

Version 20.6.5.1.2

Status affected

Version 20.9.3.0.3

Status affected

Version 20.4.2.3

Status affected

Version 20.6.3.2

Status affected

Version 20.6.4.1

Status affected

Version 20.6.3.0.38

Status affected

Version 20.6.3.0.39

Status affected

Version 20.3.5.1

Status affected

Version 20.3.4.3

Status affected

Version 20.9.3.1

Status affected

Version 20.3.3.2

Status affected

Version 20.6.5.2

Status affected

Version 20.3.7.1

Status affected

Version 20.10.1.1

Status affected

Version 20.6.5.2.1

Status affected

Version 20.3.4.0.25

Status affected

Version 20.6.2.2.4

Status affected

Version 20.6.1.2

Status affected

Version 20.11.1.1

Status affected

Version 20.9.3.0.5

Status affected

Version 20.3.4.0.26

Status affected

Version 20.6.5.1.3

Status affected

Version 20.6.3.0.40

Status affected

Version 20.1.3.1

Status affected

Version 20.9.2.2

Status affected

Version 20.6.5.2.3

Status affected

Version 20.6.5.1.4

Status affected

Version 20.6.5.3

Status affected

Version 20.6.3.0.41

Status affected

Version 20.9.3.0.7

Status affected

Version 20.6.5.1.5

Status affected

Version 20.9.3.0.4

Status affected

Version 20.6.4.0.19

Status affected

Version 20.6.5.1.6

Status affected

Version 20.9.3.0.8

Status affected

Version 20.6.3.3

Status affected

Version 20.3.7.2

Status affected

Version 20.6.5.4

Status affected

Version 20.6.5.1.7

Status affected

Version 20.9.3.0.12

Status affected

Version 20.6.4.2

Status affected

Version 20.6.5.5

Status affected

Version 20.9.3.2

Status affected

Version 20.11.1.2

Status affected

Version 20.6.3.4

Status affected

Version 20.10.1.2

Status affected

Version 20.6.5.1.9

Status affected

Version 20.9.3.0.16

Status affected

Version 20.6.3.0.45

Status affected

Version 20.6.5.1.10

Status affected

Version 20.9.3.0.17

Status affected

Version 20.6.5.2.4

Status affected

Version 20.6.4.0.21

Status affected

Version 20.9.3.0.18

Status affected

Version 20.6.3.0.46

Status affected

Version 20.6.3.0.47

Status affected

Version 20.9.2.3

Status affected

Version 20.9.3.2_LI_Images

Status affected

Version 20.9.3.0.21

Status affected

Version 20.9.3.0.20

Status affected

Version 20.9.4_LI_Images

Status affected

Version 20.9.4

Status affected

Version 20.6.5.1.11

Status affected

Version 20.12.1

Status affected

Version 20.12.1_LI_Images

Status affected

Version 20.6.5.1.13

Status affected

Version 20.9.3.0.23

Status affected

Version 20.6.5.2.8

Status affected

Version 20.9.4.1

Status affected

Version 20.9.4.1_LI_Images

Status affected

Version 20.9.3.0.25

Status affected

Version 20.9.3.0.24

Status affected

Version 20.6.5.1.14

Status affected

Version 20.3.8

Status affected

Version 20.6.6

Status affected

Version 20.9.3.0.26

Status affected

Version 20.6.3.0.51

Status affected

Version 20.9.3.0.29

Status affected

Version 20.12.2

Status affected

Version 20.12.2_LI_Images

Status affected

Version 20.6.6.0.1

Status affected

Version 20.13.1_LI_Images

Status affected

Version 20.9.4.0.4

Status affected

Version 20.13.1

Status affected

Version 20.9.4.1.1

Status affected

Version 20.9.5

Status affected

Version 20.9.5_LI_Images

Status affected

Version 20.12.3_LI_Images

Status affected

Version 20.12.3

Status affected

Version 20.9.4.1.3

Status affected

Version 20.6.7

Status affected

Version 20.9.5.1

Status affected

Version 20.9.5.1_LI_Images

Status affected

Version 20.9.4.1.6

Status affected

Version 20.14.1

Status affected

Version 20.14.1_LI_Images

Status affected

Version 20.9.5.2

Status affected

Version 20.9.5.2.1

Status affected

Version 20.9.5.2_LI_Images

Status affected

Version 20.12.3.1

Status affected

Version 20.12.4

Status affected

Version 20.15.1_LI_Images

Status affected

Version 20.15.1

Status affected

Version 20.9.5.1.4

Status affected

Version 20.9.5.2.7

Status affected

Version 20.9.5.2.13

Status affected

Version 20.9.6

Status affected

Version 20.9.6_LI_Images

Status affected

Version 20.9.5.2.14

Status affected

Version 20.6.8

Status affected

Version 20.12.4.0.03

Status affected

Version 20.16.1

Status affected

Version 20.16.1_LI_Images

Status affected

Version 20.12.4_LI_Images

Status affected

Version 20.9.5.2.16

Status affected

Version 20.12.4.0.4

Status affected

Version 20.12.401

Status affected

Version 20.9.5.3

Status affected

Version 20.9.5.3_LI_Images

Status affected

Version 20.12.4.1_LI_Images

Status affected

Version 20.12.4.1

Status affected

Version 20.9.5.2.21

Status affected

Version 20.9.6.0.3

Status affected

Version 20.12.4.0.6

Status affected

Version 20.15.2_LI_Images

Status affected

Version 20.15.2

Status affected

Version 20.12.4_Monthly_ES5

Status affected

Version 20.12.5

Status affected

Version 20.12.5_LI_Images

Status affected

Version 20.9.7_LI _Images

Status affected

Version 20.9.7

Status affected

Version 20.15.3

Status affected

Version 20.15.3_ LI _Images

Status affected

Version 20.12.501

Status affected

Version 20.12.5.1_LI_Images

Status affected

Version 20.12.5.1

Status affected

Version 20.12.5.2_LI_Images

Status affected

Version 20.12.5.2

Status affected

Version 20.15.3.1

Status affected

Version 20.15.4_LI_Images

Status affected

Version 20.15.4

Status affected

Version 20.9.7.1_LI _Images

Status affected

Version 20.9.7.1

Status affected

Version 20.18.1

Status affected

Version 20.18.1_LI_Images

Status affected

Version 20.12.6_LI_Images

Status affected

Version 20.12.6

Status affected

Version 20.12.5.1.01

Status affected

Version 26.0.1

Status affected

Version 20.9.8

Status affected

Version 20.9.8_LI_Images

Status affected

Version 20.18.2

Status affected

Version 20.15.4.1_LI_Images

Status affected

Version 20.15.4.1

Status affected

Version 20.18.2_LI_Images

Status affected

Version 20.18.2.1_LI_Images

Status affected

Version 20.18.2.1

Status affected

Version 20.15.4.2_LI_Images

Status affected

Version 20.15.4.2

Status affected

Version 20.12.6.1

Status affected

Version 20.12.6.1_LI_Images

Status affected

Version 20.12.5.3

Status affected

Version 20.12.5.3_LI_Images

Status affected

Version 20.9.8.2_LI_Images

Status affected

Version 20.9.8.2

Status affected

Version 20.18.3

Status affected

Version 20.18.3_LI_Images

Status affected

Version 20.15.5

Status affected

Version 20.15.5_LI_Images

Status affected

Version 20.12.7

Status affected

Version 20.12.7_LI_Images

Status affected

Version 20.9.9

Status affected

Version 20.9.9_LI_Images

Status affected

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.076

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
psirt@cisco.com	5.4	2.8	2.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

CWE-779 Logging of Excessive Data

The product logs too much information, making log files hard to process and possibly hindering recovery efforts or forensic analysis after an attack.

https://www.heise.de/news/Jetzt-patchen-Angreifer-attackieren-Cisco-Catalyst-SD-WAN-Controller-11294491.html

Media Report

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-rpa-EHchtZk

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-mltvnps2-JxpWm7R

https://nvd.nist.gov/vuln/detail/CVE-2026-20209

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-20209

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-20209

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-20209