5.4

CVE-2026-20210

Medienbericht

Cisco Catalyst SD-WAN Manager Privilege Escalation Vulnerability

A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, remote attacker with read-only permissions to modify configurations and perform unauthorized actions on an affected system.

This vulnerability exists because of a failure to redact sensitive information within device configurations and templates. An attacker could exploit this vulnerability by elevating their read-only permissions to those of a high-privileged user. A successful exploit could allow the attacker to access or modify configuration settings within Cisco Catalyst SD-WAN Manager as a high-privileged user.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
CiscoCatalyst Sd-wan Manager Version < 20.9.9.1
CiscoCatalyst Sd-wan Manager Version >= 20.10 < 20.12.5.4
CiscoCatalyst Sd-wan Manager Version >= 20.12.6 < 20.12.6.2
CiscoCatalyst Sd-wan Manager Version >= 20.13 < 20.15.4.4
CiscoCatalyst Sd-wan Manager Version >= 20.15.5 < 20.15.5.2
CiscoCatalyst Sd-wan Manager Version >= 20.16 < 20.18.2.2
CiscoCatalyst Sd-wan Manager Version >= 26.1 < 26.1.1.1
CiscoCatalyst Sd-wan Manager Version20.12.7
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.19% 0.093
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
psirt@cisco.com 5.4 2.8 2.5
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
CWE-779 Logging of Excessive Data

The product logs too much information, making log files hard to process and possibly hindering recovery efforts or forensic analysis after an attack.

Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
VulnDex Intel
Media Report
15.05.2026 09:08
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-rpa-EHchtZk
Not Applicable
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-mltvnps2-JxpWm7R
Vendor Advisory