5.4
CVE-2026-20210
- EPSS 0.19%
- Veröffentlicht 14.05.2026 16:08:46
- Zuletzt bearbeitet 29.06.2026 17:35:57
- Quelle psirt@cisco.com
- CVE-Watchlists
- Unerledigt
Cisco Catalyst SD-WAN Manager Privilege Escalation Vulnerability
A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, remote attacker with read-only permissions to modify configurations and perform unauthorized actions on an affected system. This vulnerability exists because of a failure to redact sensitive information within device configurations and templates. An attacker could exploit this vulnerability by elevating their read-only permissions to those of a high-privileged user. A successful exploit could allow the attacker to access or modify configuration settings within Cisco Catalyst SD-WAN Manager as a high-privileged user.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Cisco ≫ Catalyst Sd-wan Manager Version < 20.9.9.1
Cisco ≫ Catalyst Sd-wan Manager Version >= 20.10 < 20.12.5.4
Cisco ≫ Catalyst Sd-wan Manager Version >= 20.12.6 < 20.12.6.2
Cisco ≫ Catalyst Sd-wan Manager Version >= 20.13 < 20.15.4.4
Cisco ≫ Catalyst Sd-wan Manager Version >= 20.15.5 < 20.15.5.2
Cisco ≫ Catalyst Sd-wan Manager Version >= 20.16 < 20.18.2.2
Cisco ≫ Catalyst Sd-wan Manager Version >= 26.1 < 26.1.1.1
Cisco ≫ Catalyst Sd-wan Manager Version20.12.7
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.19% | 0.093 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| psirt@cisco.com | 5.4 | 2.8 | 2.5 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
|
CWE-779 Logging of Excessive Data
The product logs too much information, making log files hard to process and possibly hindering recovery efforts or forensic analysis after an attack.
Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-rpa-EHchtZk
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-mltvnps2-JxpWm7R