Cisco Catalyst SD-WAN Vulnerabilities

Created on 2026-02-25 16:34, updated on 2026-02-25 16:34, by Alexandre Dulaunoy
JSON
Description

Cisco Catalyst SD-WAN Vulnerabilities

  • These vulnerabilities are not dependent on one another. Exploitation of one of the vulnerabilities is not required to exploit another vulnerability.

    Details about the vulnerabilities are as follows:

    CVE-2026-20129: Cisco Catalyst SD-WAN Manager Authentication Bypass Vulnerability

    A vulnerability in the API user authentication of Cisco Catalyst SD-WAN Manager could allow an unauthenticated, remote attacker to gain access to an affected system as a user who has the netadmin role.

    The vulnerability is due to improper authentication for requests that are sent to the API. An attacker could exploit this vulnerability by sending a crafted request to the API of an affected system. A successful exploit could allow the attacker to execute commands with the privileges of the netadmin role.

    Note: Cisco Catalyst SD-WAN Manager releases 20.18 and later are not affected by this vulnerability.

    Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

    Bug ID(s): CSCws33587
    CVE ID: CVE-2026-20129
    Security Impact Rating (SIR): Critical
    CVSS Base Score: 9.8
    CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

    CVE-2026-20126: Cisco Catalyst SD-WAN Manager Privilege Escalation Vulnerability

    A vulnerability in Cisco Catalyst SD-WAN Manager could allow an authenticated, local attacker with low privileges to gain root privileges on the underlying operating system.

    This vulnerability is due to an insufficient user authentication mechanism in the REST API. An attacker could exploit this vulnerability by sending a request to the REST API of the affected system. A successful exploit could allow the attacker to gain root privileges on the underlying operating system.

    Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

    Bug ID(s): CSCws93470
    CVE ID: CVE-2026-20126
    Security Impact Rating (SIR): High
    CVSS Base Score: 7.8
    CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

    CVE-2026-20133: Cisco Catalyst SD-WAN Manager Information Disclosure Vulnerability

    A vulnerability in Cisco Catalyst SD-WAN Manager could allow an unauthenticated, remote attacker to view sensitive information on an affected system.

    This vulnerability is due to insufficient file system access restrictions. An attacker could exploit this vulnerability by accessing the API of an affected system. A successful exploit could allow the attacker to read sensitive information on the underlying operating system.

    Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

    Bug ID(s): CSCws33583
    CVE ID: CVE-2026-20133
    Security Impact Rating (SIR): High
    CVSS Base Score: 7.5
    CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

    CVE-2026-20122: Cisco Catalyst SD-WAN Manager Arbitrary File Overwrite Vulnerability

    A vulnerability in the API of Cisco Catalyst SD-WAN Manager could allow an authenticated, remote attacker to overwrite arbitrary files on the local file system. To exploit this vulnerability, the attacker must have valid read-only credentials with API access on the affected system.

    This vulnerability is due to improper file handling on the API interface of an affected system. An attacker could exploit this vulnerability by uploading a malicious file on the local file system. A successful exploit could allow the attacker to overwrite arbitrary files on the affected system and gain vmanage user privileges.

    Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

    Bug ID(s): CSCws33584, CSCws33586
    CVE ID: CVE-2026-20122
    Security Impact Rating (SIR): High
    CVSS Base Score: 7.1
    CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L

    CVE-2026-20128: Cisco Catalyst SD-WAN Manager Information Disclosure Vulnerability

    A vulnerability in the Data Collection Agent (DCA) feature of Cisco Catalyst SD-WAN Manager could allow an authenticated, local attacker to gain DCA user privileges on an affected system. To exploit this vulnerability, the attacker must have valid vmanage credentials on the affected system.

    This vulnerability is due to the presence of a credential file for the DCA user on an affected system. An attacker could exploit this vulnerability by accessing the filesystem as a low-privileged user and reading the file that contains the DCA password from that affected system. A successful exploit could allow the attacker to access another affected system and gain DCA user privileges.

    Note: Cisco Catalyst SD-WAN Manager releases 20.18 and later are not affected by this vulnerability.

    Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

    Bug ID(s): CSCws33585
    CVE ID: CVE-2026-20128
    Security Impact Rating (SIR): Medium
    CVSS Base Score: 5.5
    CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Vulnerabilities included in this bundle
Meta
[
  {
    "ref": [
      "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-authbp-qwCX8D4v"
    ]
  }
]
Combined detection rules

Detection rules are retrieved from Rulezet.

Combined sightings
Author Vulnerability Source Type Date