CVE-2026-20122 (GCVE-0-2026-20122)
Vulnerability from cvelistv5 – Published: 2026-02-25 16:14 – Updated: 2026-04-21 03:55
VLAI?
CISA KEV
Title
Cisco Catalyst SD-WAN Manager Arbitrary File Overwrite Vulnerability
Summary
A vulnerability in the API of Cisco Catalyst SD-WAN Manager could allow an authenticated, remote attacker to overwrite arbitrary files on the local file system. To exploit this vulnerability, the attacker must have valid read-only credentials with API access on the affected system.
This vulnerability is due to improper file handling on the API interface of an affected system. An attacker could exploit this vulnerability by uploading a malicious file on the local file system. A successful exploit could allow the attacker to overwrite arbitrary files on the affected system and gain vmanage user privileges.
Severity ?
5.4 (Medium)
CWE
- CWE-648 - Incorrect Use of Privileged APIs
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Catalyst SD-WAN Manager |
Affected:
20.1.12
Affected: 19.2.1 Affected: 18.4.4 Affected: 18.4.5 Affected: 20.1.1.1 Affected: 20.1.1 Affected: 19.3.0 Affected: 19.2.2 Affected: 19.2.099 Affected: 18.3.6 Affected: 18.3.7 Affected: 19.2.0 Affected: 18.3.8 Affected: 19.0.0 Affected: 19.1.0 Affected: 18.4.302 Affected: 18.4.303 Affected: 19.2.097 Affected: 19.2.098 Affected: 17.2.10 Affected: 18.3.6.1 Affected: 19.0.1a Affected: 18.2.0 Affected: 18.4.3 Affected: 18.4.1 Affected: 17.2.8 Affected: 18.3.3.1 Affected: 18.4.0 Affected: 18.3.1 Affected: 17.2.6 Affected: 17.2.9 Affected: 18.3.4 Affected: 17.2.5 Affected: 18.3.1.1 Affected: 18.3.5 Affected: 18.4.0.1 Affected: 18.3.3 Affected: 17.2.7 Affected: 17.2.4 Affected: 18.3.0 Affected: 19.2.3 Affected: 18.4.501_ES Affected: 20.3.1 Affected: 20.1.2 Affected: 19.2.929 Affected: 19.2.31 Affected: 20.3.2 Affected: 19.2.32 Affected: 20.3.2_925 Affected: 20.3.2.1 Affected: 20.3.2.1_927 Affected: 18.4.6 Affected: 20.1.2_937 Affected: 20.4.1 Affected: 20.3.2_928 Affected: 20.3.2_929 Affected: 20.4.1.0.1 Affected: 20.3.2.1_930 Affected: 19.2.4 Affected: 20.5.0.1.1 Affected: 20.4.1.1 Affected: 20.3.3 Affected: 19.2.4.0.1 Affected: 20.3.2_937 Affected: 20.3.3.1 Affected: 20.5.1 Affected: 20.1.3 Affected: 20.3.3.0.4 Affected: 20.3.3.1.2 Affected: 20.3.3.1.1 Affected: 20.4.1.2 Affected: 20.3.3.0.2 Affected: 20.4.1.1.5 Affected: 20.4.1.0.01 Affected: 20.4.1.0.02 Affected: 20.3.3.1.7 Affected: 20.3.3.1.5 Affected: 20.5.1.0.1 Affected: 20.3.3.1.10 Affected: 20.3.3.0.8 Affected: 20.4.2 Affected: 20.4.2.0.1 Affected: 20.3.4 Affected: 20.3.3.0.14 Affected: 19.2.4.0.8 Affected: 19.2.4.0.9 Affected: 20.3.4.0.1 Affected: 20.3.2.0.5 Affected: 20.6.1 Affected: 20.5.1.0.2 Affected: 20.3.3.0.17 Affected: 20.6.1.1 Affected: 20.6.0.18.3 Affected: 20.3.2.0.6 Affected: 20.6.0.18.4 Affected: 20.4.2.0.2 Affected: 20.3.3.0.16 Affected: 20.3.4.0.5 Affected: 20.6.1.0.1 Affected: 20.3.4.0.6 Affected: 20.6.2 Affected: 20.7.1EFT2 Affected: 20.3.4.0.9 Affected: 20.3.4.0.11 Affected: 20.4.2.0.4 Affected: 20.3.3.0.18 Affected: 20.7.1 Affected: 20.6.2.1 Affected: 20.3.4.1 Affected: 20.5.1.1 Affected: 20.4.2.1 Affected: 20.4.2.1.1 Affected: 20.3.4.1.1 Affected: 20.3.813 Affected: 20.3.4.0.19 Affected: 20.4.2.2.1 Affected: 20.5.1.2 Affected: 20.3.4.2 Affected: 20.3.814 Affected: 20.4.2.2 Affected: 20.6.2.2 Affected: 20.3.4.2.1 Affected: 20.7.1.1 Affected: 20.3.4.1.2 Affected: 20.6.2.2.2 Affected: 20.3.4.0.20 Affected: 20.6.2.2.3 Affected: 20.4.2.2.2 Affected: 20.3.5 Affected: 20.6.2.0.4 Affected: 20.4.2.2.3 Affected: 20.3.4.0.24 Affected: 20.6.2.2.7 Affected: 20.6.3 Affected: 20.3.4.2.2 Affected: 20.4.2.2.4 Affected: 20.7.1.0.2 Affected: 20.8.1 Affected: 20.3.5.0.8 Affected: 20.3.5.0.9 Affected: 20.4.2.2.8 Affected: 20.3.5.0.7 Affected: 20.6.3.0.7 Affected: 20.6.3.0.5 Affected: 20.6.3.0.10 Affected: 20.6.3.0.2 Affected: 20.7.2 Affected: 20.9.1EFT2 Affected: 20.6.3.0.11 Affected: 20.6.3.1 Affected: 20.6.3.0.14 Affected: 20.6.4 Affected: 20.9.1 Affected: 20.6.3.0.19 Affected: 20.6.3.0.18 Affected: 20.3.6 Affected: 20.9.1.1 Affected: 20.6.3.0.23 Affected: 20.6.4.0.4 Affected: 20.6.3.0.25 Affected: 20.6.5 Affected: 20.6.3.0.27 Affected: 20.9.2 Affected: 20.9.2.1 Affected: 20.6.3.0.29 Affected: 20.6.3.0.31 Affected: 20.6.3.0.32 Affected: 20.10.1 Affected: 20.6.3.0.33 Affected: 20.9.2.0.01 Affected: 20.9.1_LI_Images Affected: 20.10.1_LI_Images Affected: 20.9.2_LI_Images Affected: 20.3.7 Affected: 20.9.3 Affected: 20.6.5.1 Affected: 20.11.1 Affected: 20.11.1_LI_Images Affected: 20.9.3_LI_ Images Affected: 20.6.3.1.1 Affected: 20.9.3.0.2 Affected: 20.6.5.1.2 Affected: 20.9.3.0.3 Affected: 20.4.2.3 Affected: 20.6.3.2 Affected: 20.6.4.1 Affected: 20.6.3.0.38 Affected: 20.6.3.0.39 Affected: 20.3.5.1 Affected: 20.3.4.3 Affected: 20.9.3.1 Affected: 20.3.3.2 Affected: 20.6.5.2 Affected: 20.3.7.1 Affected: 20.10.1.1 Affected: 20.6.5.2.1 Affected: 20.3.4.0.25 Affected: 20.6.2.2.4 Affected: 20.6.1.2 Affected: 20.11.1.1 Affected: 20.9.3.0.5 Affected: 20.3.4.0.26 Affected: 20.6.5.1.3 Affected: 20.6.3.0.40 Affected: 20.1.3.1 Affected: 20.9.2.2 Affected: 20.6.5.2.3 Affected: 20.6.5.1.4 Affected: 20.6.5.3 Affected: 20.6.3.0.41 Affected: 20.9.3.0.7 Affected: 20.6.5.1.5 Affected: 20.9.3.0.4 Affected: 20.6.4.0.19 Affected: 20.6.5.1.6 Affected: 20.9.3.0.8 Affected: 20.6.3.3 Affected: 20.3.7.2 Affected: 20.6.5.4 Affected: 20.6.5.1.7 Affected: 20.9.3.0.12 Affected: 20.6.4.2 Affected: 20.6.5.5 Affected: 20.9.3.2 Affected: 20.11.1.2 Affected: 20.6.3.4 Affected: 20.10.1.2 Affected: 20.6.5.1.9 Affected: 20.9.3.0.16 Affected: 20.6.3.0.45 Affected: 20.6.5.1.10 Affected: 20.9.3.0.17 Affected: 20.6.5.2.4 Affected: 20.6.4.0.21 Affected: 20.9.3.0.18 Affected: 20.6.3.0.46 Affected: 20.6.3.0.47 Affected: 20.9.2.3 Affected: 20.9.3.2_LI_Images Affected: 20.9.3.0.21 Affected: 20.9.3.0.20 Affected: 20.9.4_LI_Images Affected: 20.9.4 Affected: 20.6.5.1.11 Affected: 20.12.1 Affected: 20.12.1_LI_Images Affected: 20.6.5.1.13 Affected: 20.9.3.0.23 Affected: 20.6.5.2.8 Affected: 20.9.4.1 Affected: 20.9.4.1_LI_Images Affected: 20.9.3.0.25 Affected: 20.9.3.0.24 Affected: 20.6.5.1.14 Affected: 20.3.8 Affected: 20.6.6 Affected: 20.9.3.0.26 Affected: 20.6.3.0.51 Affected: 20.9.3.0.29 Affected: 20.12.2 Affected: 20.12.2_LI_Images Affected: 20.6.6.0.1 Affected: 20.13.1_LI_Images Affected: 20.9.4.0.4 Affected: 20.13.1 Affected: 20.9.4.1.1 Affected: 20.9.5 Affected: 20.9.5_LI_Images Affected: 20.12.3_LI_Images Affected: 20.12.3 Affected: 20.9.4.1.3 Affected: 20.6.7 Affected: 20.9.5.1 Affected: 20.9.5.1_LI_Images Affected: 20.9.4.1.6 Affected: 20.14.1 Affected: 20.14.1_LI_Images Affected: 20.9.5.2 Affected: 20.9.5.2.1 Affected: 20.9.5.2_LI_Images Affected: 20.12.3.1 Affected: 20.12.4 Affected: 20.15.1_LI_Images Affected: 20.15.1 Affected: 20.9.5.1.4 Affected: 20.9.5.2.7 Affected: 20.9.5.2.13 Affected: 20.9.6 Affected: 20.9.6_LI_Images Affected: 20.9.5.2.14 Affected: 20.6.8 Affected: 20.12.4.0.03 Affected: 20.16.1 Affected: 20.16.1_LI_Images Affected: 20.12.4_LI_Images Affected: 20.9.5.2.16 Affected: 20.12.4.0.4 Affected: 20.12.401 Affected: 20.9.5.3 Affected: 20.9.5.3_LI_Images Affected: 20.12.4.1_LI_Images Affected: 20.12.4.1 Affected: 20.9.5.2.21 Affected: 20.9.6.0.3 Affected: 20.12.4.0.6 Affected: 20.15.2_LI_Images Affected: 20.15.2 Affected: 20.12.4_Monthly_ES5 Affected: 20.12.5 Affected: 20.12.5_LI_Images Affected: 20.9.7_LI _Images Affected: 20.9.7 Affected: 20.15.3 Affected: 20.15.3_ LI _Images Affected: 20.12.501 Affected: 20.12.5.1_LI_Images Affected: 20.12.5.1 Affected: 20.12.5.2_LI_Images Affected: 20.12.5.2 Affected: 20.15.3.1 Affected: 20.15.4_LI_Images Affected: 20.15.4 Affected: 20.9.7.1_LI _Images Affected: 20.9.7.1 Affected: 20.18.1 Affected: 20.18.1_LI_Images Affected: 20.12.6_LI_Images Affected: 20.12.6 Affected: 20.12.5.1.01 Affected: 20.9.8 Affected: 20.9.8_LI_Images Affected: 20.18.2 Affected: 20.15.4.1_LI_Images Affected: 20.15.4.1 Affected: 20.18.2_LI_Images |
CISA KEV
Known Exploited Vulnerability - GCVE BCP-07 Compliant
KEV entry ID: e1228312-271a-42cb-9474-847cdc1a1e8e
Exploited: Yes
Timestamps
First Seen: 2026-04-20
Asserted: 2026-04-20
Scope
Notes: KEV entry: Cisco Catalyst SD-WAN Manager Incorrect Use of Privileged APIs Vulnerability | Affected: Cisco / Catalyst SD-WAN Manger | Description: Cisco Catalyst SD-WAN Manager contains an incorrect use of privileged APIs vulnerability due to improper file handling on the API interface of an affected system. An attacker could exploit this vulnerability by uploading a malicious file on the local file system. A successful exploit could allow the attacker to overwrite arbitrary files on the affected system and gain vmanage user privileges. | Required action: Please adhere to CISA’s guidelines to assess exposure and mitigate risks associated with Cisco SD-WAN devices as outlines in CISA’s Emergency Directive 26-03 (URL listed below in Notes) and CISA’s “Hunt & Hardening Guidance for Cisco SD-WAN Devices (URL listed below in Notes). Adhere to the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available. | Due date: 2026-04-23 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): CISA Mitigation Instructions: https://www.cisa.gov/news-events/directives/ed-26-03-mitigate-vulnerabilities-cisco-sd-wan-systems ; https://www.cisa.gov/news-events/directives/supplemental-direction-ed-26-03-hunt-and-hardening-guidance-cisco-sd-wan-systems ; https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-authbp-qwCX8D4v ; https://nvd.nist.gov/vuln/detail/ CVE-2026-20122
Evidence
Type: Vendor Report
Signal: Successful Exploitation
Confidence: 80%
Source: cisa-kev
Details
| Cwes | CWE-648 |
|---|---|
| Feed | CISA Known Exploited Vulnerabilities Catalog |
| Product | Catalyst SD-WAN Manger |
| Due Date | 2026-04-23 |
| Date Added | 2026-04-20 |
| Vendorproject | Cisco |
| Vulnerabilityname | Cisco Catalyst SD-WAN Manager Incorrect Use of Privileged APIs Vulnerability |
| Knownransomwarecampaignuse | Unknown |
References
Created: 2026-04-20 20:00 UTC
| Updated: 2026-04-20 20:00 UTC
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-20122",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-05T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2026-04-20",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-20122"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-21T03:55:33.255Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-20122"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-04-20T00:00:00.000Z",
"value": "CVE-2026-20122 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco Catalyst SD-WAN Manager",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "20.1.12"
},
{
"status": "affected",
"version": "19.2.1"
},
{
"status": "affected",
"version": "18.4.4"
},
{
"status": "affected",
"version": "18.4.5"
},
{
"status": "affected",
"version": "20.1.1.1"
},
{
"status": "affected",
"version": "20.1.1"
},
{
"status": "affected",
"version": "19.3.0"
},
{
"status": "affected",
"version": "19.2.2"
},
{
"status": "affected",
"version": "19.2.099"
},
{
"status": "affected",
"version": "18.3.6"
},
{
"status": "affected",
"version": "18.3.7"
},
{
"status": "affected",
"version": "19.2.0"
},
{
"status": "affected",
"version": "18.3.8"
},
{
"status": "affected",
"version": "19.0.0"
},
{
"status": "affected",
"version": "19.1.0"
},
{
"status": "affected",
"version": "18.4.302"
},
{
"status": "affected",
"version": "18.4.303"
},
{
"status": "affected",
"version": "19.2.097"
},
{
"status": "affected",
"version": "19.2.098"
},
{
"status": "affected",
"version": "17.2.10"
},
{
"status": "affected",
"version": "18.3.6.1"
},
{
"status": "affected",
"version": "19.0.1a"
},
{
"status": "affected",
"version": "18.2.0"
},
{
"status": "affected",
"version": "18.4.3"
},
{
"status": "affected",
"version": "18.4.1"
},
{
"status": "affected",
"version": "17.2.8"
},
{
"status": "affected",
"version": "18.3.3.1"
},
{
"status": "affected",
"version": "18.4.0"
},
{
"status": "affected",
"version": "18.3.1"
},
{
"status": "affected",
"version": "17.2.6"
},
{
"status": "affected",
"version": "17.2.9"
},
{
"status": "affected",
"version": "18.3.4"
},
{
"status": "affected",
"version": "17.2.5"
},
{
"status": "affected",
"version": "18.3.1.1"
},
{
"status": "affected",
"version": "18.3.5"
},
{
"status": "affected",
"version": "18.4.0.1"
},
{
"status": "affected",
"version": "18.3.3"
},
{
"status": "affected",
"version": "17.2.7"
},
{
"status": "affected",
"version": "17.2.4"
},
{
"status": "affected",
"version": "18.3.0"
},
{
"status": "affected",
"version": "19.2.3"
},
{
"status": "affected",
"version": "18.4.501_ES"
},
{
"status": "affected",
"version": "20.3.1"
},
{
"status": "affected",
"version": "20.1.2"
},
{
"status": "affected",
"version": "19.2.929"
},
{
"status": "affected",
"version": "19.2.31"
},
{
"status": "affected",
"version": "20.3.2"
},
{
"status": "affected",
"version": "19.2.32"
},
{
"status": "affected",
"version": "20.3.2_925"
},
{
"status": "affected",
"version": "20.3.2.1"
},
{
"status": "affected",
"version": "20.3.2.1_927"
},
{
"status": "affected",
"version": "18.4.6"
},
{
"status": "affected",
"version": "20.1.2_937"
},
{
"status": "affected",
"version": "20.4.1"
},
{
"status": "affected",
"version": "20.3.2_928"
},
{
"status": "affected",
"version": "20.3.2_929"
},
{
"status": "affected",
"version": "20.4.1.0.1"
},
{
"status": "affected",
"version": "20.3.2.1_930"
},
{
"status": "affected",
"version": "19.2.4"
},
{
"status": "affected",
"version": "20.5.0.1.1"
},
{
"status": "affected",
"version": "20.4.1.1"
},
{
"status": "affected",
"version": "20.3.3"
},
{
"status": "affected",
"version": "19.2.4.0.1"
},
{
"status": "affected",
"version": "20.3.2_937"
},
{
"status": "affected",
"version": "20.3.3.1"
},
{
"status": "affected",
"version": "20.5.1"
},
{
"status": "affected",
"version": "20.1.3"
},
{
"status": "affected",
"version": "20.3.3.0.4"
},
{
"status": "affected",
"version": "20.3.3.1.2"
},
{
"status": "affected",
"version": "20.3.3.1.1"
},
{
"status": "affected",
"version": "20.4.1.2"
},
{
"status": "affected",
"version": "20.3.3.0.2"
},
{
"status": "affected",
"version": "20.4.1.1.5"
},
{
"status": "affected",
"version": "20.4.1.0.01"
},
{
"status": "affected",
"version": "20.4.1.0.02"
},
{
"status": "affected",
"version": "20.3.3.1.7"
},
{
"status": "affected",
"version": "20.3.3.1.5"
},
{
"status": "affected",
"version": "20.5.1.0.1"
},
{
"status": "affected",
"version": "20.3.3.1.10"
},
{
"status": "affected",
"version": "20.3.3.0.8"
},
{
"status": "affected",
"version": "20.4.2"
},
{
"status": "affected",
"version": "20.4.2.0.1"
},
{
"status": "affected",
"version": "20.3.4"
},
{
"status": "affected",
"version": "20.3.3.0.14"
},
{
"status": "affected",
"version": "19.2.4.0.8"
},
{
"status": "affected",
"version": "19.2.4.0.9"
},
{
"status": "affected",
"version": "20.3.4.0.1"
},
{
"status": "affected",
"version": "20.3.2.0.5"
},
{
"status": "affected",
"version": "20.6.1"
},
{
"status": "affected",
"version": "20.5.1.0.2"
},
{
"status": "affected",
"version": "20.3.3.0.17"
},
{
"status": "affected",
"version": "20.6.1.1"
},
{
"status": "affected",
"version": "20.6.0.18.3"
},
{
"status": "affected",
"version": "20.3.2.0.6"
},
{
"status": "affected",
"version": "20.6.0.18.4"
},
{
"status": "affected",
"version": "20.4.2.0.2"
},
{
"status": "affected",
"version": "20.3.3.0.16"
},
{
"status": "affected",
"version": "20.3.4.0.5"
},
{
"status": "affected",
"version": "20.6.1.0.1"
},
{
"status": "affected",
"version": "20.3.4.0.6"
},
{
"status": "affected",
"version": "20.6.2"
},
{
"status": "affected",
"version": "20.7.1EFT2"
},
{
"status": "affected",
"version": "20.3.4.0.9"
},
{
"status": "affected",
"version": "20.3.4.0.11"
},
{
"status": "affected",
"version": "20.4.2.0.4"
},
{
"status": "affected",
"version": "20.3.3.0.18"
},
{
"status": "affected",
"version": "20.7.1"
},
{
"status": "affected",
"version": "20.6.2.1"
},
{
"status": "affected",
"version": "20.3.4.1"
},
{
"status": "affected",
"version": "20.5.1.1"
},
{
"status": "affected",
"version": "20.4.2.1"
},
{
"status": "affected",
"version": "20.4.2.1.1"
},
{
"status": "affected",
"version": "20.3.4.1.1"
},
{
"status": "affected",
"version": "20.3.813"
},
{
"status": "affected",
"version": "20.3.4.0.19"
},
{
"status": "affected",
"version": "20.4.2.2.1"
},
{
"status": "affected",
"version": "20.5.1.2"
},
{
"status": "affected",
"version": "20.3.4.2"
},
{
"status": "affected",
"version": "20.3.814"
},
{
"status": "affected",
"version": "20.4.2.2"
},
{
"status": "affected",
"version": "20.6.2.2"
},
{
"status": "affected",
"version": "20.3.4.2.1"
},
{
"status": "affected",
"version": "20.7.1.1"
},
{
"status": "affected",
"version": "20.3.4.1.2"
},
{
"status": "affected",
"version": "20.6.2.2.2"
},
{
"status": "affected",
"version": "20.3.4.0.20"
},
{
"status": "affected",
"version": "20.6.2.2.3"
},
{
"status": "affected",
"version": "20.4.2.2.2"
},
{
"status": "affected",
"version": "20.3.5"
},
{
"status": "affected",
"version": "20.6.2.0.4"
},
{
"status": "affected",
"version": "20.4.2.2.3"
},
{
"status": "affected",
"version": "20.3.4.0.24"
},
{
"status": "affected",
"version": "20.6.2.2.7"
},
{
"status": "affected",
"version": "20.6.3"
},
{
"status": "affected",
"version": "20.3.4.2.2"
},
{
"status": "affected",
"version": "20.4.2.2.4"
},
{
"status": "affected",
"version": "20.7.1.0.2"
},
{
"status": "affected",
"version": "20.8.1"
},
{
"status": "affected",
"version": "20.3.5.0.8"
},
{
"status": "affected",
"version": "20.3.5.0.9"
},
{
"status": "affected",
"version": "20.4.2.2.8"
},
{
"status": "affected",
"version": "20.3.5.0.7"
},
{
"status": "affected",
"version": "20.6.3.0.7"
},
{
"status": "affected",
"version": "20.6.3.0.5"
},
{
"status": "affected",
"version": "20.6.3.0.10"
},
{
"status": "affected",
"version": "20.6.3.0.2"
},
{
"status": "affected",
"version": "20.7.2"
},
{
"status": "affected",
"version": "20.9.1EFT2"
},
{
"status": "affected",
"version": "20.6.3.0.11"
},
{
"status": "affected",
"version": "20.6.3.1"
},
{
"status": "affected",
"version": "20.6.3.0.14"
},
{
"status": "affected",
"version": "20.6.4"
},
{
"status": "affected",
"version": "20.9.1"
},
{
"status": "affected",
"version": "20.6.3.0.19"
},
{
"status": "affected",
"version": "20.6.3.0.18"
},
{
"status": "affected",
"version": "20.3.6"
},
{
"status": "affected",
"version": "20.9.1.1"
},
{
"status": "affected",
"version": "20.6.3.0.23"
},
{
"status": "affected",
"version": "20.6.4.0.4"
},
{
"status": "affected",
"version": "20.6.3.0.25"
},
{
"status": "affected",
"version": "20.6.5"
},
{
"status": "affected",
"version": "20.6.3.0.27"
},
{
"status": "affected",
"version": "20.9.2"
},
{
"status": "affected",
"version": "20.9.2.1"
},
{
"status": "affected",
"version": "20.6.3.0.29"
},
{
"status": "affected",
"version": "20.6.3.0.31"
},
{
"status": "affected",
"version": "20.6.3.0.32"
},
{
"status": "affected",
"version": "20.10.1"
},
{
"status": "affected",
"version": "20.6.3.0.33"
},
{
"status": "affected",
"version": "20.9.2.0.01"
},
{
"status": "affected",
"version": "20.9.1_LI_Images"
},
{
"status": "affected",
"version": "20.10.1_LI_Images"
},
{
"status": "affected",
"version": "20.9.2_LI_Images"
},
{
"status": "affected",
"version": "20.3.7"
},
{
"status": "affected",
"version": "20.9.3"
},
{
"status": "affected",
"version": "20.6.5.1"
},
{
"status": "affected",
"version": "20.11.1"
},
{
"status": "affected",
"version": "20.11.1_LI_Images"
},
{
"status": "affected",
"version": "20.9.3_LI_ Images"
},
{
"status": "affected",
"version": "20.6.3.1.1"
},
{
"status": "affected",
"version": "20.9.3.0.2"
},
{
"status": "affected",
"version": "20.6.5.1.2"
},
{
"status": "affected",
"version": "20.9.3.0.3"
},
{
"status": "affected",
"version": "20.4.2.3"
},
{
"status": "affected",
"version": "20.6.3.2"
},
{
"status": "affected",
"version": "20.6.4.1"
},
{
"status": "affected",
"version": "20.6.3.0.38"
},
{
"status": "affected",
"version": "20.6.3.0.39"
},
{
"status": "affected",
"version": "20.3.5.1"
},
{
"status": "affected",
"version": "20.3.4.3"
},
{
"status": "affected",
"version": "20.9.3.1"
},
{
"status": "affected",
"version": "20.3.3.2"
},
{
"status": "affected",
"version": "20.6.5.2"
},
{
"status": "affected",
"version": "20.3.7.1"
},
{
"status": "affected",
"version": "20.10.1.1"
},
{
"status": "affected",
"version": "20.6.5.2.1"
},
{
"status": "affected",
"version": "20.3.4.0.25"
},
{
"status": "affected",
"version": "20.6.2.2.4"
},
{
"status": "affected",
"version": "20.6.1.2"
},
{
"status": "affected",
"version": "20.11.1.1"
},
{
"status": "affected",
"version": "20.9.3.0.5"
},
{
"status": "affected",
"version": "20.3.4.0.26"
},
{
"status": "affected",
"version": "20.6.5.1.3"
},
{
"status": "affected",
"version": "20.6.3.0.40"
},
{
"status": "affected",
"version": "20.1.3.1"
},
{
"status": "affected",
"version": "20.9.2.2"
},
{
"status": "affected",
"version": "20.6.5.2.3"
},
{
"status": "affected",
"version": "20.6.5.1.4"
},
{
"status": "affected",
"version": "20.6.5.3"
},
{
"status": "affected",
"version": "20.6.3.0.41"
},
{
"status": "affected",
"version": "20.9.3.0.7"
},
{
"status": "affected",
"version": "20.6.5.1.5"
},
{
"status": "affected",
"version": "20.9.3.0.4"
},
{
"status": "affected",
"version": "20.6.4.0.19"
},
{
"status": "affected",
"version": "20.6.5.1.6"
},
{
"status": "affected",
"version": "20.9.3.0.8"
},
{
"status": "affected",
"version": "20.6.3.3"
},
{
"status": "affected",
"version": "20.3.7.2"
},
{
"status": "affected",
"version": "20.6.5.4"
},
{
"status": "affected",
"version": "20.6.5.1.7"
},
{
"status": "affected",
"version": "20.9.3.0.12"
},
{
"status": "affected",
"version": "20.6.4.2"
},
{
"status": "affected",
"version": "20.6.5.5"
},
{
"status": "affected",
"version": "20.9.3.2"
},
{
"status": "affected",
"version": "20.11.1.2"
},
{
"status": "affected",
"version": "20.6.3.4"
},
{
"status": "affected",
"version": "20.10.1.2"
},
{
"status": "affected",
"version": "20.6.5.1.9"
},
{
"status": "affected",
"version": "20.9.3.0.16"
},
{
"status": "affected",
"version": "20.6.3.0.45"
},
{
"status": "affected",
"version": "20.6.5.1.10"
},
{
"status": "affected",
"version": "20.9.3.0.17"
},
{
"status": "affected",
"version": "20.6.5.2.4"
},
{
"status": "affected",
"version": "20.6.4.0.21"
},
{
"status": "affected",
"version": "20.9.3.0.18"
},
{
"status": "affected",
"version": "20.6.3.0.46"
},
{
"status": "affected",
"version": "20.6.3.0.47"
},
{
"status": "affected",
"version": "20.9.2.3"
},
{
"status": "affected",
"version": "20.9.3.2_LI_Images"
},
{
"status": "affected",
"version": "20.9.3.0.21"
},
{
"status": "affected",
"version": "20.9.3.0.20"
},
{
"status": "affected",
"version": "20.9.4_LI_Images"
},
{
"status": "affected",
"version": "20.9.4"
},
{
"status": "affected",
"version": "20.6.5.1.11"
},
{
"status": "affected",
"version": "20.12.1"
},
{
"status": "affected",
"version": "20.12.1_LI_Images"
},
{
"status": "affected",
"version": "20.6.5.1.13"
},
{
"status": "affected",
"version": "20.9.3.0.23"
},
{
"status": "affected",
"version": "20.6.5.2.8"
},
{
"status": "affected",
"version": "20.9.4.1"
},
{
"status": "affected",
"version": "20.9.4.1_LI_Images"
},
{
"status": "affected",
"version": "20.9.3.0.25"
},
{
"status": "affected",
"version": "20.9.3.0.24"
},
{
"status": "affected",
"version": "20.6.5.1.14"
},
{
"status": "affected",
"version": "20.3.8"
},
{
"status": "affected",
"version": "20.6.6"
},
{
"status": "affected",
"version": "20.9.3.0.26"
},
{
"status": "affected",
"version": "20.6.3.0.51"
},
{
"status": "affected",
"version": "20.9.3.0.29"
},
{
"status": "affected",
"version": "20.12.2"
},
{
"status": "affected",
"version": "20.12.2_LI_Images"
},
{
"status": "affected",
"version": "20.6.6.0.1"
},
{
"status": "affected",
"version": "20.13.1_LI_Images"
},
{
"status": "affected",
"version": "20.9.4.0.4"
},
{
"status": "affected",
"version": "20.13.1"
},
{
"status": "affected",
"version": "20.9.4.1.1"
},
{
"status": "affected",
"version": "20.9.5"
},
{
"status": "affected",
"version": "20.9.5_LI_Images"
},
{
"status": "affected",
"version": "20.12.3_LI_Images"
},
{
"status": "affected",
"version": "20.12.3"
},
{
"status": "affected",
"version": "20.9.4.1.3"
},
{
"status": "affected",
"version": "20.6.7"
},
{
"status": "affected",
"version": "20.9.5.1"
},
{
"status": "affected",
"version": "20.9.5.1_LI_Images"
},
{
"status": "affected",
"version": "20.9.4.1.6"
},
{
"status": "affected",
"version": "20.14.1"
},
{
"status": "affected",
"version": "20.14.1_LI_Images"
},
{
"status": "affected",
"version": "20.9.5.2"
},
{
"status": "affected",
"version": "20.9.5.2.1"
},
{
"status": "affected",
"version": "20.9.5.2_LI_Images"
},
{
"status": "affected",
"version": "20.12.3.1"
},
{
"status": "affected",
"version": "20.12.4"
},
{
"status": "affected",
"version": "20.15.1_LI_Images"
},
{
"status": "affected",
"version": "20.15.1"
},
{
"status": "affected",
"version": "20.9.5.1.4"
},
{
"status": "affected",
"version": "20.9.5.2.7"
},
{
"status": "affected",
"version": "20.9.5.2.13"
},
{
"status": "affected",
"version": "20.9.6"
},
{
"status": "affected",
"version": "20.9.6_LI_Images"
},
{
"status": "affected",
"version": "20.9.5.2.14"
},
{
"status": "affected",
"version": "20.6.8"
},
{
"status": "affected",
"version": "20.12.4.0.03"
},
{
"status": "affected",
"version": "20.16.1"
},
{
"status": "affected",
"version": "20.16.1_LI_Images"
},
{
"status": "affected",
"version": "20.12.4_LI_Images"
},
{
"status": "affected",
"version": "20.9.5.2.16"
},
{
"status": "affected",
"version": "20.12.4.0.4"
},
{
"status": "affected",
"version": "20.12.401"
},
{
"status": "affected",
"version": "20.9.5.3"
},
{
"status": "affected",
"version": "20.9.5.3_LI_Images"
},
{
"status": "affected",
"version": "20.12.4.1_LI_Images"
},
{
"status": "affected",
"version": "20.12.4.1"
},
{
"status": "affected",
"version": "20.9.5.2.21"
},
{
"status": "affected",
"version": "20.9.6.0.3"
},
{
"status": "affected",
"version": "20.12.4.0.6"
},
{
"status": "affected",
"version": "20.15.2_LI_Images"
},
{
"status": "affected",
"version": "20.15.2"
},
{
"status": "affected",
"version": "20.12.4_Monthly_ES5"
},
{
"status": "affected",
"version": "20.12.5"
},
{
"status": "affected",
"version": "20.12.5_LI_Images"
},
{
"status": "affected",
"version": "20.9.7_LI _Images"
},
{
"status": "affected",
"version": "20.9.7"
},
{
"status": "affected",
"version": "20.15.3"
},
{
"status": "affected",
"version": "20.15.3_ LI _Images"
},
{
"status": "affected",
"version": "20.12.501"
},
{
"status": "affected",
"version": "20.12.5.1_LI_Images"
},
{
"status": "affected",
"version": "20.12.5.1"
},
{
"status": "affected",
"version": "20.12.5.2_LI_Images"
},
{
"status": "affected",
"version": "20.12.5.2"
},
{
"status": "affected",
"version": "20.15.3.1"
},
{
"status": "affected",
"version": "20.15.4_LI_Images"
},
{
"status": "affected",
"version": "20.15.4"
},
{
"status": "affected",
"version": "20.9.7.1_LI _Images"
},
{
"status": "affected",
"version": "20.9.7.1"
},
{
"status": "affected",
"version": "20.18.1"
},
{
"status": "affected",
"version": "20.18.1_LI_Images"
},
{
"status": "affected",
"version": "20.12.6_LI_Images"
},
{
"status": "affected",
"version": "20.12.6"
},
{
"status": "affected",
"version": "20.12.5.1.01"
},
{
"status": "affected",
"version": "20.9.8"
},
{
"status": "affected",
"version": "20.9.8_LI_Images"
},
{
"status": "affected",
"version": "20.18.2"
},
{
"status": "affected",
"version": "20.15.4.1_LI_Images"
},
{
"status": "affected",
"version": "20.15.4.1"
},
{
"status": "affected",
"version": "20.18.2_LI_Images"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the API of Cisco Catalyst SD-WAN Manager could allow an authenticated, remote attacker to overwrite arbitrary files on the local file system. To exploit this vulnerability, the attacker must have valid read-only credentials with API access on the affected system.\r\n\r\nThis vulnerability is due to improper file handling on the API interface of an affected system. An attacker could exploit this vulnerability by uploading a malicious file on the local file system. A successful exploit could allow the attacker to overwrite arbitrary files on the affected system\u0026nbsp;and gain vmanage user privileges."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in CVE-2026-20133, CVE-2026-20126, and CVE-2026-20129.\r\n\r\nIn March 2026, the Cisco PSIRT became aware of active exploitation of the vulnerabilities that are described in CVE-2026-20128 and CVE-2026-20122 only. The vulnerabilities that are described in the other CVEs in this advisory are not known to have been compromised. Cisco strongly recommends that customers upgrade to a fixed software release to remediate these vulnerabilities."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-648",
"description": "Incorrect Use of Privileged APIs",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-20T21:47:05.503Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-sdwan-authbp-qwCX8D4v",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-authbp-qwCX8D4v"
}
],
"source": {
"advisory": "cisco-sa-sdwan-authbp-qwCX8D4v",
"defects": [
"CSCws33584"
],
"discovery": "INTERNAL"
},
"title": "Cisco Catalyst SD-WAN Manager Arbitrary File Overwrite Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2026-20122",
"datePublished": "2026-02-25T16:14:21.256Z",
"dateReserved": "2025-10-08T11:59:15.377Z",
"dateUpdated": "2026-04-21T03:55:33.255Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"cisa_known_exploited": {
"cveID": "CVE-2026-20122",
"cwes": "[\"CWE-648\"]",
"dateAdded": "2026-04-20",
"dueDate": "2026-04-23",
"knownRansomwareCampaignUse": "Unknown",
"notes": "CISA Mitigation Instructions: https://www.cisa.gov/news-events/directives/ed-26-03-mitigate-vulnerabilities-cisco-sd-wan-systems ; https://www.cisa.gov/news-events/directives/supplemental-direction-ed-26-03-hunt-and-hardening-guidance-cisco-sd-wan-systems ; https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-authbp-qwCX8D4v ; https://nvd.nist.gov/vuln/detail/CVE-2026-20122",
"product": "Catalyst SD-WAN Manger",
"requiredAction": "Please adhere to CISA\u2019s guidelines to assess exposure and mitigate risks associated with Cisco SD-WAN devices as outlines in CISA\u2019s Emergency Directive 26-03 (URL listed below in Notes) and CISA\u2019s \u201cHunt \u0026 Hardening Guidance for Cisco SD-WAN Devices (URL listed below in Notes). Adhere to the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available.",
"shortDescription": "Cisco Catalyst SD-WAN Manager contains an incorrect use of privileged APIs vulnerability due to improper file handling on the API interface of an affected system. An attacker could exploit this vulnerability by uploading a malicious file on the local file system. A successful exploit could allow the attacker to overwrite arbitrary files on the affected system and gain vmanage user privileges.",
"vendorProject": "Cisco",
"vulnerabilityName": "Cisco Catalyst SD-WAN Manager Incorrect Use of Privileged APIs Vulnerability"
},
"epss": {
"cve": "CVE-2026-20122",
"date": "2026-05-02",
"epss": "0.00988",
"percentile": "0.76961"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2026-20122\",\"sourceIdentifier\":\"psirt@cisco.com\",\"published\":\"2026-02-25T17:25:28.170\",\"lastModified\":\"2026-04-21T11:59:56.777\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability in the API of Cisco Catalyst SD-WAN Manager could allow an authenticated, remote attacker to overwrite arbitrary files on the local file system. To exploit this vulnerability, the attacker must have valid read-only credentials with API access on the affected system.\\r\\n\\r\\nThis vulnerability is due to improper file handling on the API interface of an affected system. An attacker could exploit this vulnerability by uploading a malicious file on the local file system. A successful exploit could allow the attacker to overwrite arbitrary files on the affected system\u0026nbsp;and gain vmanage user privileges.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad en la API de Cisco Catalyst SD-WAN Manager podr\u00eda permitir a un atacante remoto y autenticado sobrescribir archivos arbitrarios en el sistema de archivos local. Para explotar esta vulnerabilidad, el atacante debe tener credenciales v\u00e1lidas de solo lectura con acceso a la API en el sistema afectado.\\n\\nEsta vulnerabilidad se debe a un manejo inadecuado de archivos en la interfaz de la API de un sistema afectado. Un atacante podr\u00eda explotar esta vulnerabilidad al cargar un archivo malicioso en el sistema de archivos local. Un exploit exitoso podr\u00eda permitir al atacante sobrescribir archivos arbitrarios en el sistema afectado y obtener privilegios de usuario de vmanage.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"psirt@cisco.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N\",\"baseScore\":5.4,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":2.5},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N\",\"baseScore\":5.4,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":2.5}]},\"weaknesses\":[{\"source\":\"psirt@cisco.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-648\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:catalyst_sd-wan_manager:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"20.9.8.2\",\"matchCriteriaId\":\"0388BD67-C1AD-4E47-8B1A-22EE1634190E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:catalyst_sd-wan_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"20.10\",\"versionEndExcluding\":\"20.12.5.3\",\"matchCriteriaId\":\"ADAB32B5-239D-4DC0-BF30-A6D72ACB3710\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:catalyst_sd-wan_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"20.13\",\"versionEndExcluding\":\"20.15.4.2\",\"matchCriteriaId\":\"D284EA84-6C27-4A9C-BDA2-D1C5BF1F2356\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:catalyst_sd-wan_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"20.16\",\"versionEndExcluding\":\"20.18.2.1\",\"matchCriteriaId\":\"B94E1DC2-5DA5-4238-8040-6D524DDEAA4F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.12.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F5B6E170-73B8-4838-93B4-AD258F3BCA7C\"}]}]}],\"references\":[{\"url\":\"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-authbp-qwCX8D4v\",\"source\":\"psirt@cisco.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-20122\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"US Government Resource\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-20122\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"active\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-04-20T18:04:20.224638Z\"}}}, {\"other\": {\"type\": \"kev\", \"content\": {\"dateAdded\": \"2026-04-20\", \"reference\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-20122\"}}}], \"references\": [{\"url\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-20122\", \"tags\": [\"government-resource\"]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-02-25T18:14:22.592Z\"}, \"timeline\": [{\"lang\": \"en\", \"time\": \"2026-04-20T00:00:00.000Z\", \"value\": \"CVE-2026-20122 added to CISA KEV\"}]}], \"cna\": {\"title\": \"Cisco Catalyst SD-WAN Manager Arbitrary File Overwrite Vulnerability\", \"source\": {\"defects\": [\"CSCws33584\"], \"advisory\": \"cisco-sa-sdwan-authbp-qwCX8D4v\", \"discovery\": \"INTERNAL\"}, \"metrics\": [{\"format\": \"cvssV3_1\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 5.4, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"LOW\"}}], \"affected\": [{\"vendor\": \"Cisco\", \"product\": \"Cisco Catalyst SD-WAN Manager\", \"versions\": [{\"status\": \"affected\", \"version\": \"20.1.12\"}, {\"status\": \"affected\", \"version\": \"19.2.1\"}, {\"status\": \"affected\", \"version\": \"18.4.4\"}, {\"status\": \"affected\", \"version\": \"18.4.5\"}, {\"status\": \"affected\", \"version\": \"20.1.1.1\"}, {\"status\": \"affected\", \"version\": \"20.1.1\"}, {\"status\": \"affected\", \"version\": \"19.3.0\"}, {\"status\": \"affected\", \"version\": \"19.2.2\"}, {\"status\": \"affected\", \"version\": \"19.2.099\"}, {\"status\": \"affected\", \"version\": \"18.3.6\"}, {\"status\": \"affected\", \"version\": \"18.3.7\"}, {\"status\": \"affected\", \"version\": \"19.2.0\"}, {\"status\": \"affected\", \"version\": \"18.3.8\"}, {\"status\": \"affected\", \"version\": \"19.0.0\"}, {\"status\": \"affected\", \"version\": \"19.1.0\"}, {\"status\": \"affected\", \"version\": \"18.4.302\"}, {\"status\": \"affected\", \"version\": \"18.4.303\"}, {\"status\": \"affected\", \"version\": \"19.2.097\"}, {\"status\": \"affected\", \"version\": \"19.2.098\"}, {\"status\": \"affected\", \"version\": \"17.2.10\"}, {\"status\": \"affected\", \"version\": \"18.3.6.1\"}, {\"status\": \"affected\", \"version\": \"19.0.1a\"}, {\"status\": \"affected\", \"version\": \"18.2.0\"}, {\"status\": \"affected\", \"version\": \"18.4.3\"}, {\"status\": \"affected\", \"version\": \"18.4.1\"}, {\"status\": \"affected\", \"version\": \"17.2.8\"}, {\"status\": \"affected\", \"version\": \"18.3.3.1\"}, {\"status\": \"affected\", \"version\": \"18.4.0\"}, {\"status\": \"affected\", \"version\": \"18.3.1\"}, {\"status\": \"affected\", \"version\": \"17.2.6\"}, {\"status\": \"affected\", \"version\": \"17.2.9\"}, {\"status\": \"affected\", \"version\": \"18.3.4\"}, {\"status\": \"affected\", \"version\": \"17.2.5\"}, {\"status\": \"affected\", \"version\": \"18.3.1.1\"}, {\"status\": \"affected\", \"version\": \"18.3.5\"}, {\"status\": \"affected\", \"version\": \"18.4.0.1\"}, {\"status\": \"affected\", \"version\": \"18.3.3\"}, {\"status\": \"affected\", \"version\": \"17.2.7\"}, {\"status\": \"affected\", \"version\": \"17.2.4\"}, {\"status\": \"affected\", \"version\": \"18.3.0\"}, {\"status\": \"affected\", \"version\": \"19.2.3\"}, {\"status\": \"affected\", \"version\": \"18.4.501_ES\"}, {\"status\": \"affected\", \"version\": \"20.3.1\"}, {\"status\": \"affected\", \"version\": \"20.1.2\"}, {\"status\": \"affected\", \"version\": \"19.2.929\"}, {\"status\": \"affected\", \"version\": \"19.2.31\"}, {\"status\": \"affected\", \"version\": \"20.3.2\"}, {\"status\": \"affected\", \"version\": \"19.2.32\"}, {\"status\": \"affected\", \"version\": \"20.3.2_925\"}, {\"status\": \"affected\", \"version\": \"20.3.2.1\"}, {\"status\": \"affected\", \"version\": \"20.3.2.1_927\"}, {\"status\": \"affected\", \"version\": \"18.4.6\"}, {\"status\": \"affected\", \"version\": \"20.1.2_937\"}, {\"status\": \"affected\", \"version\": \"20.4.1\"}, {\"status\": \"affected\", \"version\": \"20.3.2_928\"}, {\"status\": \"affected\", \"version\": \"20.3.2_929\"}, {\"status\": \"affected\", \"version\": \"20.4.1.0.1\"}, {\"status\": \"affected\", \"version\": \"20.3.2.1_930\"}, {\"status\": \"affected\", \"version\": \"19.2.4\"}, {\"status\": \"affected\", \"version\": \"20.5.0.1.1\"}, {\"status\": \"affected\", \"version\": \"20.4.1.1\"}, {\"status\": \"affected\", \"version\": \"20.3.3\"}, {\"status\": \"affected\", \"version\": \"19.2.4.0.1\"}, {\"status\": \"affected\", \"version\": \"20.3.2_937\"}, {\"status\": \"affected\", \"version\": \"20.3.3.1\"}, {\"status\": \"affected\", \"version\": \"20.5.1\"}, {\"status\": \"affected\", \"version\": \"20.1.3\"}, {\"status\": \"affected\", \"version\": \"20.3.3.0.4\"}, {\"status\": \"affected\", \"version\": \"20.3.3.1.2\"}, {\"status\": \"affected\", \"version\": \"20.3.3.1.1\"}, {\"status\": \"affected\", \"version\": \"20.4.1.2\"}, {\"status\": \"affected\", \"version\": \"20.3.3.0.2\"}, {\"status\": \"affected\", \"version\": \"20.4.1.1.5\"}, {\"status\": \"affected\", \"version\": \"20.4.1.0.01\"}, {\"status\": \"affected\", \"version\": \"20.4.1.0.02\"}, {\"status\": \"affected\", \"version\": \"20.3.3.1.7\"}, {\"status\": \"affected\", \"version\": \"20.3.3.1.5\"}, {\"status\": \"affected\", \"version\": \"20.5.1.0.1\"}, {\"status\": \"affected\", \"version\": \"20.3.3.1.10\"}, {\"status\": \"affected\", \"version\": \"20.3.3.0.8\"}, {\"status\": \"affected\", \"version\": \"20.4.2\"}, {\"status\": \"affected\", \"version\": \"20.4.2.0.1\"}, {\"status\": \"affected\", \"version\": \"20.3.4\"}, {\"status\": \"affected\", \"version\": \"20.3.3.0.14\"}, {\"status\": \"affected\", \"version\": \"19.2.4.0.8\"}, {\"status\": \"affected\", \"version\": \"19.2.4.0.9\"}, {\"status\": \"affected\", \"version\": \"20.3.4.0.1\"}, {\"status\": \"affected\", \"version\": \"20.3.2.0.5\"}, {\"status\": \"affected\", \"version\": \"20.6.1\"}, {\"status\": \"affected\", \"version\": \"20.5.1.0.2\"}, {\"status\": \"affected\", \"version\": \"20.3.3.0.17\"}, {\"status\": \"affected\", \"version\": \"20.6.1.1\"}, {\"status\": \"affected\", \"version\": \"20.6.0.18.3\"}, {\"status\": \"affected\", \"version\": \"20.3.2.0.6\"}, {\"status\": \"affected\", \"version\": \"20.6.0.18.4\"}, {\"status\": \"affected\", \"version\": \"20.4.2.0.2\"}, {\"status\": \"affected\", \"version\": \"20.3.3.0.16\"}, {\"status\": \"affected\", \"version\": \"20.3.4.0.5\"}, {\"status\": \"affected\", \"version\": \"20.6.1.0.1\"}, {\"status\": \"affected\", \"version\": \"20.3.4.0.6\"}, {\"status\": \"affected\", \"version\": \"20.6.2\"}, {\"status\": \"affected\", \"version\": \"20.7.1EFT2\"}, {\"status\": \"affected\", \"version\": \"20.3.4.0.9\"}, {\"status\": \"affected\", \"version\": \"20.3.4.0.11\"}, {\"status\": \"affected\", \"version\": \"20.4.2.0.4\"}, {\"status\": \"affected\", \"version\": \"20.3.3.0.18\"}, {\"status\": \"affected\", \"version\": \"20.7.1\"}, {\"status\": \"affected\", \"version\": \"20.6.2.1\"}, {\"status\": \"affected\", \"version\": \"20.3.4.1\"}, {\"status\": \"affected\", \"version\": \"20.5.1.1\"}, {\"status\": \"affected\", \"version\": \"20.4.2.1\"}, {\"status\": \"affected\", \"version\": \"20.4.2.1.1\"}, {\"status\": \"affected\", \"version\": \"20.3.4.1.1\"}, {\"status\": \"affected\", \"version\": \"20.3.813\"}, {\"status\": \"affected\", \"version\": \"20.3.4.0.19\"}, {\"status\": \"affected\", \"version\": \"20.4.2.2.1\"}, {\"status\": \"affected\", \"version\": \"20.5.1.2\"}, {\"status\": \"affected\", \"version\": \"20.3.4.2\"}, {\"status\": \"affected\", \"version\": \"20.3.814\"}, {\"status\": \"affected\", \"version\": \"20.4.2.2\"}, {\"status\": \"affected\", \"version\": \"20.6.2.2\"}, {\"status\": \"affected\", \"version\": \"20.3.4.2.1\"}, {\"status\": \"affected\", \"version\": \"20.7.1.1\"}, {\"status\": \"affected\", \"version\": \"20.3.4.1.2\"}, {\"status\": \"affected\", \"version\": \"20.6.2.2.2\"}, {\"status\": \"affected\", \"version\": \"20.3.4.0.20\"}, {\"status\": \"affected\", \"version\": \"20.6.2.2.3\"}, {\"status\": \"affected\", \"version\": \"20.4.2.2.2\"}, {\"status\": \"affected\", \"version\": \"20.3.5\"}, {\"status\": \"affected\", \"version\": \"20.6.2.0.4\"}, {\"status\": \"affected\", \"version\": \"20.4.2.2.3\"}, {\"status\": \"affected\", \"version\": \"20.3.4.0.24\"}, {\"status\": \"affected\", \"version\": \"20.6.2.2.7\"}, {\"status\": \"affected\", \"version\": \"20.6.3\"}, {\"status\": \"affected\", \"version\": \"20.3.4.2.2\"}, {\"status\": \"affected\", \"version\": \"20.4.2.2.4\"}, {\"status\": \"affected\", \"version\": \"20.7.1.0.2\"}, {\"status\": \"affected\", \"version\": \"20.8.1\"}, {\"status\": \"affected\", \"version\": \"20.3.5.0.8\"}, {\"status\": \"affected\", \"version\": \"20.3.5.0.9\"}, {\"status\": \"affected\", \"version\": \"20.4.2.2.8\"}, {\"status\": \"affected\", \"version\": \"20.3.5.0.7\"}, {\"status\": \"affected\", \"version\": \"20.6.3.0.7\"}, {\"status\": \"affected\", \"version\": \"20.6.3.0.5\"}, {\"status\": \"affected\", \"version\": \"20.6.3.0.10\"}, {\"status\": \"affected\", \"version\": \"20.6.3.0.2\"}, {\"status\": \"affected\", \"version\": \"20.7.2\"}, {\"status\": \"affected\", \"version\": \"20.9.1EFT2\"}, {\"status\": \"affected\", \"version\": \"20.6.3.0.11\"}, {\"status\": \"affected\", \"version\": \"20.6.3.1\"}, {\"status\": \"affected\", \"version\": \"20.6.3.0.14\"}, {\"status\": \"affected\", \"version\": \"20.6.4\"}, {\"status\": \"affected\", \"version\": \"20.9.1\"}, {\"status\": \"affected\", \"version\": \"20.6.3.0.19\"}, {\"status\": \"affected\", \"version\": \"20.6.3.0.18\"}, {\"status\": \"affected\", \"version\": \"20.3.6\"}, {\"status\": \"affected\", \"version\": \"20.9.1.1\"}, {\"status\": \"affected\", \"version\": \"20.6.3.0.23\"}, {\"status\": \"affected\", \"version\": \"20.6.4.0.4\"}, {\"status\": \"affected\", \"version\": \"20.6.3.0.25\"}, {\"status\": \"affected\", \"version\": \"20.6.5\"}, {\"status\": \"affected\", \"version\": \"20.6.3.0.27\"}, {\"status\": \"affected\", \"version\": \"20.9.2\"}, {\"status\": \"affected\", \"version\": \"20.9.2.1\"}, {\"status\": \"affected\", \"version\": \"20.6.3.0.29\"}, {\"status\": \"affected\", \"version\": \"20.6.3.0.31\"}, {\"status\": \"affected\", \"version\": \"20.6.3.0.32\"}, {\"status\": \"affected\", \"version\": \"20.10.1\"}, {\"status\": \"affected\", \"version\": \"20.6.3.0.33\"}, {\"status\": \"affected\", \"version\": \"20.9.2.0.01\"}, {\"status\": \"affected\", \"version\": \"20.9.1_LI_Images\"}, {\"status\": \"affected\", \"version\": \"20.10.1_LI_Images\"}, {\"status\": \"affected\", \"version\": \"20.9.2_LI_Images\"}, {\"status\": \"affected\", \"version\": \"20.3.7\"}, {\"status\": \"affected\", \"version\": \"20.9.3\"}, {\"status\": \"affected\", \"version\": \"20.6.5.1\"}, {\"status\": \"affected\", \"version\": \"20.11.1\"}, {\"status\": \"affected\", \"version\": \"20.11.1_LI_Images\"}, {\"status\": \"affected\", \"version\": \"20.9.3_LI_ Images\"}, {\"status\": \"affected\", \"version\": \"20.6.3.1.1\"}, {\"status\": \"affected\", \"version\": \"20.9.3.0.2\"}, {\"status\": \"affected\", \"version\": \"20.6.5.1.2\"}, {\"status\": \"affected\", \"version\": \"20.9.3.0.3\"}, {\"status\": \"affected\", \"version\": \"20.4.2.3\"}, {\"status\": \"affected\", \"version\": \"20.6.3.2\"}, {\"status\": \"affected\", \"version\": \"20.6.4.1\"}, {\"status\": \"affected\", \"version\": \"20.6.3.0.38\"}, {\"status\": \"affected\", \"version\": \"20.6.3.0.39\"}, {\"status\": \"affected\", \"version\": \"20.3.5.1\"}, {\"status\": \"affected\", \"version\": \"20.3.4.3\"}, {\"status\": \"affected\", \"version\": \"20.9.3.1\"}, {\"status\": \"affected\", \"version\": \"20.3.3.2\"}, {\"status\": \"affected\", \"version\": \"20.6.5.2\"}, {\"status\": \"affected\", \"version\": \"20.3.7.1\"}, {\"status\": \"affected\", \"version\": \"20.10.1.1\"}, {\"status\": \"affected\", \"version\": \"20.6.5.2.1\"}, {\"status\": \"affected\", \"version\": \"20.3.4.0.25\"}, {\"status\": \"affected\", \"version\": \"20.6.2.2.4\"}, {\"status\": \"affected\", \"version\": \"20.6.1.2\"}, {\"status\": \"affected\", \"version\": \"20.11.1.1\"}, {\"status\": \"affected\", \"version\": \"20.9.3.0.5\"}, {\"status\": \"affected\", \"version\": \"20.3.4.0.26\"}, {\"status\": \"affected\", \"version\": \"20.6.5.1.3\"}, {\"status\": \"affected\", \"version\": \"20.6.3.0.40\"}, {\"status\": \"affected\", \"version\": \"20.1.3.1\"}, {\"status\": \"affected\", \"version\": \"20.9.2.2\"}, {\"status\": \"affected\", \"version\": \"20.6.5.2.3\"}, {\"status\": \"affected\", \"version\": \"20.6.5.1.4\"}, {\"status\": \"affected\", \"version\": \"20.6.5.3\"}, {\"status\": \"affected\", \"version\": \"20.6.3.0.41\"}, {\"status\": \"affected\", \"version\": \"20.9.3.0.7\"}, {\"status\": \"affected\", \"version\": \"20.6.5.1.5\"}, {\"status\": \"affected\", \"version\": \"20.9.3.0.4\"}, {\"status\": \"affected\", \"version\": \"20.6.4.0.19\"}, {\"status\": \"affected\", \"version\": \"20.6.5.1.6\"}, {\"status\": \"affected\", \"version\": \"20.9.3.0.8\"}, {\"status\": \"affected\", \"version\": \"20.6.3.3\"}, {\"status\": \"affected\", \"version\": \"20.3.7.2\"}, {\"status\": \"affected\", \"version\": \"20.6.5.4\"}, {\"status\": \"affected\", \"version\": \"20.6.5.1.7\"}, {\"status\": \"affected\", \"version\": \"20.9.3.0.12\"}, {\"status\": \"affected\", \"version\": \"20.6.4.2\"}, {\"status\": \"affected\", \"version\": \"20.6.5.5\"}, {\"status\": \"affected\", \"version\": \"20.9.3.2\"}, {\"status\": \"affected\", \"version\": \"20.11.1.2\"}, {\"status\": \"affected\", \"version\": \"20.6.3.4\"}, {\"status\": \"affected\", \"version\": \"20.10.1.2\"}, {\"status\": \"affected\", \"version\": \"20.6.5.1.9\"}, {\"status\": \"affected\", \"version\": \"20.9.3.0.16\"}, {\"status\": \"affected\", \"version\": \"20.6.3.0.45\"}, {\"status\": \"affected\", \"version\": \"20.6.5.1.10\"}, {\"status\": \"affected\", \"version\": \"20.9.3.0.17\"}, {\"status\": \"affected\", \"version\": \"20.6.5.2.4\"}, {\"status\": \"affected\", \"version\": \"20.6.4.0.21\"}, {\"status\": \"affected\", \"version\": \"20.9.3.0.18\"}, {\"status\": \"affected\", \"version\": \"20.6.3.0.46\"}, {\"status\": \"affected\", \"version\": \"20.6.3.0.47\"}, {\"status\": \"affected\", \"version\": \"20.9.2.3\"}, {\"status\": \"affected\", \"version\": \"20.9.3.2_LI_Images\"}, {\"status\": \"affected\", \"version\": \"20.9.3.0.21\"}, {\"status\": \"affected\", \"version\": \"20.9.3.0.20\"}, {\"status\": \"affected\", \"version\": \"20.9.4_LI_Images\"}, {\"status\": \"affected\", \"version\": \"20.9.4\"}, {\"status\": \"affected\", \"version\": \"20.6.5.1.11\"}, {\"status\": \"affected\", \"version\": \"20.12.1\"}, {\"status\": \"affected\", \"version\": \"20.12.1_LI_Images\"}, {\"status\": \"affected\", \"version\": \"20.6.5.1.13\"}, {\"status\": \"affected\", \"version\": \"20.9.3.0.23\"}, {\"status\": \"affected\", \"version\": \"20.6.5.2.8\"}, {\"status\": \"affected\", \"version\": \"20.9.4.1\"}, {\"status\": \"affected\", \"version\": \"20.9.4.1_LI_Images\"}, {\"status\": \"affected\", \"version\": \"20.9.3.0.25\"}, {\"status\": \"affected\", \"version\": \"20.9.3.0.24\"}, {\"status\": \"affected\", \"version\": \"20.6.5.1.14\"}, {\"status\": \"affected\", \"version\": \"20.3.8\"}, {\"status\": \"affected\", \"version\": \"20.6.6\"}, {\"status\": \"affected\", \"version\": \"20.9.3.0.26\"}, {\"status\": \"affected\", \"version\": \"20.6.3.0.51\"}, {\"status\": \"affected\", \"version\": \"20.9.3.0.29\"}, {\"status\": \"affected\", \"version\": \"20.12.2\"}, {\"status\": \"affected\", \"version\": \"20.12.2_LI_Images\"}, {\"status\": \"affected\", \"version\": \"20.6.6.0.1\"}, {\"status\": \"affected\", \"version\": \"20.13.1_LI_Images\"}, {\"status\": \"affected\", \"version\": \"20.9.4.0.4\"}, {\"status\": \"affected\", \"version\": \"20.13.1\"}, {\"status\": \"affected\", \"version\": \"20.9.4.1.1\"}, {\"status\": \"affected\", \"version\": \"20.9.5\"}, {\"status\": \"affected\", \"version\": \"20.9.5_LI_Images\"}, {\"status\": \"affected\", \"version\": \"20.12.3_LI_Images\"}, {\"status\": \"affected\", \"version\": \"20.12.3\"}, {\"status\": \"affected\", \"version\": \"20.9.4.1.3\"}, {\"status\": \"affected\", \"version\": \"20.6.7\"}, {\"status\": \"affected\", \"version\": \"20.9.5.1\"}, {\"status\": \"affected\", \"version\": \"20.9.5.1_LI_Images\"}, {\"status\": \"affected\", \"version\": \"20.9.4.1.6\"}, {\"status\": \"affected\", \"version\": \"20.14.1\"}, {\"status\": \"affected\", \"version\": \"20.14.1_LI_Images\"}, {\"status\": \"affected\", \"version\": \"20.9.5.2\"}, {\"status\": \"affected\", \"version\": \"20.9.5.2.1\"}, {\"status\": \"affected\", \"version\": \"20.9.5.2_LI_Images\"}, {\"status\": \"affected\", \"version\": \"20.12.3.1\"}, {\"status\": \"affected\", \"version\": \"20.12.4\"}, {\"status\": \"affected\", \"version\": \"20.15.1_LI_Images\"}, {\"status\": \"affected\", \"version\": \"20.15.1\"}, {\"status\": \"affected\", \"version\": \"20.9.5.1.4\"}, {\"status\": \"affected\", \"version\": \"20.9.5.2.7\"}, {\"status\": \"affected\", \"version\": \"20.9.5.2.13\"}, {\"status\": \"affected\", \"version\": \"20.9.6\"}, {\"status\": \"affected\", \"version\": \"20.9.6_LI_Images\"}, {\"status\": \"affected\", \"version\": \"20.9.5.2.14\"}, {\"status\": \"affected\", \"version\": \"20.6.8\"}, {\"status\": \"affected\", \"version\": \"20.12.4.0.03\"}, {\"status\": \"affected\", \"version\": \"20.16.1\"}, {\"status\": \"affected\", \"version\": \"20.16.1_LI_Images\"}, {\"status\": \"affected\", \"version\": \"20.12.4_LI_Images\"}, {\"status\": \"affected\", \"version\": \"20.9.5.2.16\"}, {\"status\": \"affected\", \"version\": \"20.12.4.0.4\"}, {\"status\": \"affected\", \"version\": \"20.12.401\"}, {\"status\": \"affected\", \"version\": \"20.9.5.3\"}, {\"status\": \"affected\", \"version\": \"20.9.5.3_LI_Images\"}, {\"status\": \"affected\", \"version\": \"20.12.4.1_LI_Images\"}, {\"status\": \"affected\", \"version\": \"20.12.4.1\"}, {\"status\": \"affected\", \"version\": \"20.9.5.2.21\"}, {\"status\": \"affected\", \"version\": \"20.9.6.0.3\"}, {\"status\": \"affected\", \"version\": \"20.12.4.0.6\"}, {\"status\": \"affected\", \"version\": \"20.15.2_LI_Images\"}, {\"status\": \"affected\", \"version\": \"20.15.2\"}, {\"status\": \"affected\", \"version\": \"20.12.4_Monthly_ES5\"}, {\"status\": \"affected\", \"version\": \"20.12.5\"}, {\"status\": \"affected\", \"version\": \"20.12.5_LI_Images\"}, {\"status\": \"affected\", \"version\": \"20.9.7_LI _Images\"}, {\"status\": \"affected\", \"version\": \"20.9.7\"}, {\"status\": \"affected\", \"version\": \"20.15.3\"}, {\"status\": \"affected\", \"version\": \"20.15.3_ LI _Images\"}, {\"status\": \"affected\", \"version\": \"20.12.501\"}, {\"status\": \"affected\", \"version\": \"20.12.5.1_LI_Images\"}, {\"status\": \"affected\", \"version\": \"20.12.5.1\"}, {\"status\": \"affected\", \"version\": \"20.12.5.2_LI_Images\"}, {\"status\": \"affected\", \"version\": \"20.12.5.2\"}, {\"status\": \"affected\", \"version\": \"20.15.3.1\"}, {\"status\": \"affected\", \"version\": \"20.15.4_LI_Images\"}, {\"status\": \"affected\", \"version\": \"20.15.4\"}, {\"status\": \"affected\", \"version\": \"20.9.7.1_LI _Images\"}, {\"status\": \"affected\", \"version\": \"20.9.7.1\"}, {\"status\": \"affected\", \"version\": \"20.18.1\"}, {\"status\": \"affected\", \"version\": \"20.18.1_LI_Images\"}, {\"status\": \"affected\", \"version\": \"20.12.6_LI_Images\"}, {\"status\": \"affected\", \"version\": \"20.12.6\"}, {\"status\": \"affected\", \"version\": \"20.12.5.1.01\"}, {\"status\": \"affected\", \"version\": \"20.9.8\"}, {\"status\": \"affected\", \"version\": \"20.9.8_LI_Images\"}, {\"status\": \"affected\", \"version\": \"20.18.2\"}, {\"status\": \"affected\", \"version\": \"20.15.4.1_LI_Images\"}, {\"status\": \"affected\", \"version\": \"20.15.4.1\"}, {\"status\": \"affected\", \"version\": \"20.18.2_LI_Images\"}], \"defaultStatus\": \"unknown\"}], \"exploits\": [{\"lang\": \"en\", \"value\": \"The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in CVE-2026-20133, CVE-2026-20126, and CVE-2026-20129.\\r\\n\\r\\nIn March 2026, the Cisco PSIRT became aware of active exploitation of the vulnerabilities that are described in CVE-2026-20128 and CVE-2026-20122 only. The vulnerabilities that are described in the other CVEs in this advisory are not known to have been compromised. Cisco strongly recommends that customers upgrade to a fixed software release to remediate these vulnerabilities.\"}], \"references\": [{\"url\": \"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-authbp-qwCX8D4v\", \"name\": \"cisco-sa-sdwan-authbp-qwCX8D4v\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A vulnerability in the API of Cisco Catalyst SD-WAN Manager could allow an authenticated, remote attacker to overwrite arbitrary files on the local file system. To exploit this vulnerability, the attacker must have valid read-only credentials with API access on the affected system.\\r\\n\\r\\nThis vulnerability is due to improper file handling on the API interface of an affected system. An attacker could exploit this vulnerability by uploading a malicious file on the local file system. A successful exploit could allow the attacker to overwrite arbitrary files on the affected system\u0026nbsp;and gain vmanage user privileges.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"cwe\", \"cweId\": \"CWE-648\", \"description\": \"Incorrect Use of Privileged APIs\"}]}], \"providerMetadata\": {\"orgId\": \"d1c1063e-7a18-46af-9102-31f8928bc633\", \"shortName\": \"cisco\", \"dateUpdated\": \"2026-03-20T21:47:05.503Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-20122\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-04-21T03:55:33.255Z\", \"dateReserved\": \"2025-10-08T11:59:15.377Z\", \"assignerOrgId\": \"d1c1063e-7a18-46af-9102-31f8928bc633\", \"datePublished\": \"2026-02-25T16:14:21.256Z\", \"assignerShortName\": \"cisco\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…