CVE-2026-20128 (GCVE-0-2026-20128)
Vulnerability from cvelistv5 – Published: 2026-02-25 16:14 – Updated: 2026-04-21 03:55
VLAI?
CISA KEV
Title
Cisco Catalyst SD-WAN Manager Information Disclosure Vulnerability
Summary
A vulnerability in the Data Collection Agent (DCA) feature of Cisco Catalyst SD-WAN Manager could allow an unauthenticated, remote attacker to gain DCA user privileges on an affected system.
This vulnerability is due to the presence of a credential file for the DCA user on an affected system. An attacker could exploit this vulnerability by sending a crafted HTTP request and reading the file that contains the DCA password from that affected system. A successful exploit could allow the attacker to access another affected system and gain DCA user privileges.
Note: Cisco Catalyst SD-WAN Manager releases 20.18 and later are not affected by this vulnerability.
Severity ?
7.5 (High)
CWE
- CWE-257 - Storing Passwords in a Recoverable Format
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Catalyst SD-WAN Manager |
Affected:
20.1.12
Affected: 19.2.1 Affected: 18.4.4 Affected: 18.4.5 Affected: 20.1.1.1 Affected: 20.1.1 Affected: 19.3.0 Affected: 19.2.2 Affected: 19.2.099 Affected: 18.3.6 Affected: 18.3.7 Affected: 19.2.0 Affected: 18.3.8 Affected: 19.0.0 Affected: 19.1.0 Affected: 18.4.302 Affected: 18.4.303 Affected: 19.2.097 Affected: 19.2.098 Affected: 17.2.10 Affected: 18.3.6.1 Affected: 19.0.1a Affected: 18.2.0 Affected: 18.4.3 Affected: 18.4.1 Affected: 17.2.8 Affected: 18.3.3.1 Affected: 18.4.0 Affected: 18.3.1 Affected: 17.2.6 Affected: 17.2.9 Affected: 18.3.4 Affected: 17.2.5 Affected: 18.3.1.1 Affected: 18.3.5 Affected: 18.4.0.1 Affected: 18.3.3 Affected: 17.2.7 Affected: 18.3.0 Affected: 19.2.3 Affected: 18.4.501_ES Affected: 20.3.1 Affected: 20.1.2 Affected: 19.2.929 Affected: 19.2.31 Affected: 20.3.2 Affected: 19.2.32 Affected: 20.3.2.1 Affected: 20.3.2.1_927 Affected: 18.4.6 Affected: 20.3.2_928 Affected: 20.3.2_929 Affected: 20.4.1.0.1 Affected: 20.3.2.1_930 Affected: 19.2.4 Affected: 20.5.0.1.1 Affected: 20.4.1.1 Affected: 20.3.3 Affected: 19.2.4.0.1 Affected: 20.3.2_937 Affected: 20.5.1 Affected: 20.1.3 Affected: 20.3.3.0.4 Affected: 20.3.3.1.2 Affected: 20.3.3.1.1 Affected: 20.4.1.2 Affected: 20.3.3.0.2 Affected: 20.4.1.1.5 Affected: 20.4.1.0.02 Affected: 20.3.3.1.7 Affected: 20.3.3.1.5 Affected: 20.5.1.0.1 Affected: 20.3.3.1.10 Affected: 20.3.3.0.8 Affected: 20.4.2 Affected: 20.3.4 Affected: 20.3.3.0.14 Affected: 19.2.4.0.8 Affected: 19.2.4.0.9 Affected: 20.3.4.0.1 Affected: 20.3.2.0.5 Affected: 20.5.1.0.2 Affected: 20.6.1.1 Affected: 20.6.0.18.3 Affected: 20.3.2.0.6 Affected: 20.6.0.18.4 Affected: 20.4.2.0.2 Affected: 20.3.3.0.16 Affected: 20.6.1.0.1 Affected: 20.3.4.0.6 Affected: 20.7.1EFT2 Affected: 20.3.4.0.9 Affected: 20.3.4.0.11 Affected: 20.3.3.0.18 Affected: 20.6.2.1 Affected: 20.3.4.1 Affected: 20.4.2.1 Affected: 20.4.2.1.1 Affected: 20.3.4.1.1 Affected: 20.3.813 Affected: 20.3.4.0.19 Affected: 20.4.2.2.1 Affected: 20.5.1.2 Affected: 20.3.814 Affected: 20.4.2.2 Affected: 20.6.2.2 Affected: 20.3.4.2.1 Affected: 20.3.4.1.2 Affected: 20.3.4.0.20 Affected: 20.6.2.2.3 Affected: 20.4.2.2.2 Affected: 20.6.2.0.4 Affected: 20.3.4.0.24 Affected: 20.6.2.2.7 Affected: 20.3.4.2.2 Affected: 20.4.2.2.4 Affected: 20.3.5.0.8 Affected: 20.3.5.0.9 Affected: 20.3.5.0.7 Affected: 20.6.3.0.2 Affected: 20.9.1EFT2 Affected: 20.3.6 Affected: 20.3.7 Affected: 20.4.2.3 Affected: 20.3.5.1 Affected: 20.3.4.3 Affected: 20.3.3.2 Affected: 20.3.7.1 Affected: 20.3.4.0.25 Affected: 20.6.2.2.4 Affected: 20.6.1.2 Affected: 20.1.3.1 Affected: 20.6.5.1.4 Affected: 20.3.8 Affected: 20.12.501 Affected: 26.1.1 |
CISA KEV
Known Exploited Vulnerability - GCVE BCP-07 Compliant
KEV entry ID: 9ef4bbca-93a6-4add-bce2-2196e27c7ec5
Exploited: Yes
Timestamps
First Seen: 2026-04-20
Asserted: 2026-04-20
Scope
Notes: KEV entry: Cisco Catalyst SD-WAN Manager Storing Passwords in a Recoverable Format Vulnerability | Affected: Cisco / Catalyst SD-WAN Manager | Description: Cisco Catalyst SD-WAN Manager contains a storing passwords in a recoverable format vulnerability that allows an authenticated, local attacker to gain DCA user privileges by accessing a credential file for the DCA user on the filesystem as a low-privileged user. | Required action: Please adhere to CISA’s guidelines to assess exposure and mitigate risks associated with Cisco SD-WAN devices as outlines in CISA’s Emergency Directive 26-03 (URL listed below in Notes) and CISA’s “Hunt & Hardening Guidance for Cisco SD-WAN Devices (URL listed below in Notes). Adhere to the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available. | Due date: 2026-04-23 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): CISA Mitigation Instructions: https://www.cisa.gov/news-events/directives/ed-26-03-mitigate-vulnerabilities-cisco-sd-wan-systems ; https://www.cisa.gov/news-events/directives/supplemental-direction-ed-26-03-hunt-and-hardening-guidance-cisco-sd-wan-systems ; https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-authbp-qwCX8D4v ; https://nvd.nist.gov/vuln/detail/CVE-2026-20128
Evidence
Type: Vendor Report
Signal: Successful Exploitation
Confidence: 80%
Source: cisa-kev
Details
| Cwes | CWE-257 |
|---|---|
| Feed | CISA Known Exploited Vulnerabilities Catalog |
| Product | Catalyst SD-WAN Manager |
| Due Date | 2026-04-23 |
| Date Added | 2026-04-20 |
| Vendorproject | Cisco |
| Vulnerabilityname | Cisco Catalyst SD-WAN Manager Storing Passwords in a Recoverable Format Vulnerability |
| Knownransomwarecampaignuse | Unknown |
References
Created: 2026-04-20 20:00 UTC
| Updated: 2026-04-20 20:00 UTC
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-20128",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-25T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2026-04-20",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-20128"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-21T03:55:31.648Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-20128"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-04-20T00:00:00.000Z",
"value": "CVE-2026-20128 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco Catalyst SD-WAN Manager",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "20.1.12"
},
{
"status": "affected",
"version": "19.2.1"
},
{
"status": "affected",
"version": "18.4.4"
},
{
"status": "affected",
"version": "18.4.5"
},
{
"status": "affected",
"version": "20.1.1.1"
},
{
"status": "affected",
"version": "20.1.1"
},
{
"status": "affected",
"version": "19.3.0"
},
{
"status": "affected",
"version": "19.2.2"
},
{
"status": "affected",
"version": "19.2.099"
},
{
"status": "affected",
"version": "18.3.6"
},
{
"status": "affected",
"version": "18.3.7"
},
{
"status": "affected",
"version": "19.2.0"
},
{
"status": "affected",
"version": "18.3.8"
},
{
"status": "affected",
"version": "19.0.0"
},
{
"status": "affected",
"version": "19.1.0"
},
{
"status": "affected",
"version": "18.4.302"
},
{
"status": "affected",
"version": "18.4.303"
},
{
"status": "affected",
"version": "19.2.097"
},
{
"status": "affected",
"version": "19.2.098"
},
{
"status": "affected",
"version": "17.2.10"
},
{
"status": "affected",
"version": "18.3.6.1"
},
{
"status": "affected",
"version": "19.0.1a"
},
{
"status": "affected",
"version": "18.2.0"
},
{
"status": "affected",
"version": "18.4.3"
},
{
"status": "affected",
"version": "18.4.1"
},
{
"status": "affected",
"version": "17.2.8"
},
{
"status": "affected",
"version": "18.3.3.1"
},
{
"status": "affected",
"version": "18.4.0"
},
{
"status": "affected",
"version": "18.3.1"
},
{
"status": "affected",
"version": "17.2.6"
},
{
"status": "affected",
"version": "17.2.9"
},
{
"status": "affected",
"version": "18.3.4"
},
{
"status": "affected",
"version": "17.2.5"
},
{
"status": "affected",
"version": "18.3.1.1"
},
{
"status": "affected",
"version": "18.3.5"
},
{
"status": "affected",
"version": "18.4.0.1"
},
{
"status": "affected",
"version": "18.3.3"
},
{
"status": "affected",
"version": "17.2.7"
},
{
"status": "affected",
"version": "18.3.0"
},
{
"status": "affected",
"version": "19.2.3"
},
{
"status": "affected",
"version": "18.4.501_ES"
},
{
"status": "affected",
"version": "20.3.1"
},
{
"status": "affected",
"version": "20.1.2"
},
{
"status": "affected",
"version": "19.2.929"
},
{
"status": "affected",
"version": "19.2.31"
},
{
"status": "affected",
"version": "20.3.2"
},
{
"status": "affected",
"version": "19.2.32"
},
{
"status": "affected",
"version": "20.3.2.1"
},
{
"status": "affected",
"version": "20.3.2.1_927"
},
{
"status": "affected",
"version": "18.4.6"
},
{
"status": "affected",
"version": "20.3.2_928"
},
{
"status": "affected",
"version": "20.3.2_929"
},
{
"status": "affected",
"version": "20.4.1.0.1"
},
{
"status": "affected",
"version": "20.3.2.1_930"
},
{
"status": "affected",
"version": "19.2.4"
},
{
"status": "affected",
"version": "20.5.0.1.1"
},
{
"status": "affected",
"version": "20.4.1.1"
},
{
"status": "affected",
"version": "20.3.3"
},
{
"status": "affected",
"version": "19.2.4.0.1"
},
{
"status": "affected",
"version": "20.3.2_937"
},
{
"status": "affected",
"version": "20.5.1"
},
{
"status": "affected",
"version": "20.1.3"
},
{
"status": "affected",
"version": "20.3.3.0.4"
},
{
"status": "affected",
"version": "20.3.3.1.2"
},
{
"status": "affected",
"version": "20.3.3.1.1"
},
{
"status": "affected",
"version": "20.4.1.2"
},
{
"status": "affected",
"version": "20.3.3.0.2"
},
{
"status": "affected",
"version": "20.4.1.1.5"
},
{
"status": "affected",
"version": "20.4.1.0.02"
},
{
"status": "affected",
"version": "20.3.3.1.7"
},
{
"status": "affected",
"version": "20.3.3.1.5"
},
{
"status": "affected",
"version": "20.5.1.0.1"
},
{
"status": "affected",
"version": "20.3.3.1.10"
},
{
"status": "affected",
"version": "20.3.3.0.8"
},
{
"status": "affected",
"version": "20.4.2"
},
{
"status": "affected",
"version": "20.3.4"
},
{
"status": "affected",
"version": "20.3.3.0.14"
},
{
"status": "affected",
"version": "19.2.4.0.8"
},
{
"status": "affected",
"version": "19.2.4.0.9"
},
{
"status": "affected",
"version": "20.3.4.0.1"
},
{
"status": "affected",
"version": "20.3.2.0.5"
},
{
"status": "affected",
"version": "20.5.1.0.2"
},
{
"status": "affected",
"version": "20.6.1.1"
},
{
"status": "affected",
"version": "20.6.0.18.3"
},
{
"status": "affected",
"version": "20.3.2.0.6"
},
{
"status": "affected",
"version": "20.6.0.18.4"
},
{
"status": "affected",
"version": "20.4.2.0.2"
},
{
"status": "affected",
"version": "20.3.3.0.16"
},
{
"status": "affected",
"version": "20.6.1.0.1"
},
{
"status": "affected",
"version": "20.3.4.0.6"
},
{
"status": "affected",
"version": "20.7.1EFT2"
},
{
"status": "affected",
"version": "20.3.4.0.9"
},
{
"status": "affected",
"version": "20.3.4.0.11"
},
{
"status": "affected",
"version": "20.3.3.0.18"
},
{
"status": "affected",
"version": "20.6.2.1"
},
{
"status": "affected",
"version": "20.3.4.1"
},
{
"status": "affected",
"version": "20.4.2.1"
},
{
"status": "affected",
"version": "20.4.2.1.1"
},
{
"status": "affected",
"version": "20.3.4.1.1"
},
{
"status": "affected",
"version": "20.3.813"
},
{
"status": "affected",
"version": "20.3.4.0.19"
},
{
"status": "affected",
"version": "20.4.2.2.1"
},
{
"status": "affected",
"version": "20.5.1.2"
},
{
"status": "affected",
"version": "20.3.814"
},
{
"status": "affected",
"version": "20.4.2.2"
},
{
"status": "affected",
"version": "20.6.2.2"
},
{
"status": "affected",
"version": "20.3.4.2.1"
},
{
"status": "affected",
"version": "20.3.4.1.2"
},
{
"status": "affected",
"version": "20.3.4.0.20"
},
{
"status": "affected",
"version": "20.6.2.2.3"
},
{
"status": "affected",
"version": "20.4.2.2.2"
},
{
"status": "affected",
"version": "20.6.2.0.4"
},
{
"status": "affected",
"version": "20.3.4.0.24"
},
{
"status": "affected",
"version": "20.6.2.2.7"
},
{
"status": "affected",
"version": "20.3.4.2.2"
},
{
"status": "affected",
"version": "20.4.2.2.4"
},
{
"status": "affected",
"version": "20.3.5.0.8"
},
{
"status": "affected",
"version": "20.3.5.0.9"
},
{
"status": "affected",
"version": "20.3.5.0.7"
},
{
"status": "affected",
"version": "20.6.3.0.2"
},
{
"status": "affected",
"version": "20.9.1EFT2"
},
{
"status": "affected",
"version": "20.3.6"
},
{
"status": "affected",
"version": "20.3.7"
},
{
"status": "affected",
"version": "20.4.2.3"
},
{
"status": "affected",
"version": "20.3.5.1"
},
{
"status": "affected",
"version": "20.3.4.3"
},
{
"status": "affected",
"version": "20.3.3.2"
},
{
"status": "affected",
"version": "20.3.7.1"
},
{
"status": "affected",
"version": "20.3.4.0.25"
},
{
"status": "affected",
"version": "20.6.2.2.4"
},
{
"status": "affected",
"version": "20.6.1.2"
},
{
"status": "affected",
"version": "20.1.3.1"
},
{
"status": "affected",
"version": "20.6.5.1.4"
},
{
"status": "affected",
"version": "20.3.8"
},
{
"status": "affected",
"version": "20.12.501"
},
{
"status": "affected",
"version": "26.1.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Data Collection Agent (DCA) feature of Cisco Catalyst SD-WAN Manager could allow an unauthenticated, remote attacker to gain DCA user privileges on an affected system.\r\n\r\nThis vulnerability is due to the presence of a credential file for the DCA user on an affected system. An attacker could exploit this vulnerability by sending a crafted HTTP request and reading the file that contains the DCA password from that affected system. A successful exploit could allow the attacker to access another affected system and gain DCA user privileges.\r\nNote: Cisco Catalyst SD-WAN Manager releases 20.18 and later are not affected by this vulnerability."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in CVE-2026-20133, CVE-2026-20126, and CVE-2026-20129.\r\n\r\nIn March 2026, the Cisco PSIRT became aware of active exploitation of the vulnerabilities that are described in CVE-2026-20128 and CVE-2026-20122 only. The vulnerabilities that are described in the other CVEs in this advisory are not known to have been compromised. Cisco strongly recommends that customers upgrade to a fixed software release to remediate these vulnerabilities."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-257",
"description": "Storing Passwords in a Recoverable Format",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-20T21:47:33.415Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-sdwan-authbp-qwCX8D4v",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-authbp-qwCX8D4v"
}
],
"source": {
"advisory": "cisco-sa-sdwan-authbp-qwCX8D4v",
"defects": [
"CSCws33585"
],
"discovery": "INTERNAL"
},
"title": "Cisco Catalyst SD-WAN Manager Information Disclosure Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2026-20128",
"datePublished": "2026-02-25T16:14:12.353Z",
"dateReserved": "2025-10-08T11:59:15.379Z",
"dateUpdated": "2026-04-21T03:55:31.648Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"cisa_known_exploited": {
"cveID": "CVE-2026-20128",
"cwes": "[\"CWE-257\"]",
"dateAdded": "2026-04-20",
"dueDate": "2026-04-23",
"knownRansomwareCampaignUse": "Unknown",
"notes": "CISA Mitigation Instructions: https://www.cisa.gov/news-events/directives/ed-26-03-mitigate-vulnerabilities-cisco-sd-wan-systems ; https://www.cisa.gov/news-events/directives/supplemental-direction-ed-26-03-hunt-and-hardening-guidance-cisco-sd-wan-systems ; https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-authbp-qwCX8D4v ; https://nvd.nist.gov/vuln/detail/CVE-2026-20128",
"product": "Catalyst SD-WAN Manager",
"requiredAction": "Please adhere to CISA\u2019s guidelines to assess exposure and mitigate risks associated with Cisco SD-WAN devices as outlines in CISA\u2019s Emergency Directive 26-03 (URL listed below in Notes) and CISA\u2019s \u201cHunt \u0026 Hardening Guidance for Cisco SD-WAN Devices (URL listed below in Notes). Adhere to the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available.",
"shortDescription": "Cisco Catalyst SD-WAN Manager contains a storing passwords in a recoverable format vulnerability that allows an authenticated, local attacker to gain DCA user privileges by accessing a credential file for the DCA user on the filesystem as a low-privileged user.",
"vendorProject": "Cisco",
"vulnerabilityName": "Cisco Catalyst SD-WAN Manager Storing Passwords in a Recoverable Format Vulnerability"
},
"epss": {
"cve": "CVE-2026-20128",
"date": "2026-04-24",
"epss": "0.00053",
"percentile": "0.16463"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2026-20128\",\"sourceIdentifier\":\"psirt@cisco.com\",\"published\":\"2026-02-25T17:25:30.150\",\"lastModified\":\"2026-04-21T12:48:20.987\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability in the Data Collection Agent (DCA) feature of Cisco Catalyst SD-WAN Manager could allow an unauthenticated, remote attacker to gain DCA user privileges on an affected system.\\r\\n\\r\\nThis vulnerability is due to the presence of a credential file for the DCA user on an affected system. An attacker could exploit this vulnerability by sending a crafted HTTP request and reading the file that contains the DCA password from that affected system. A successful exploit could allow the attacker to access another affected system and gain DCA user privileges.\\r\\nNote: Cisco Catalyst SD-WAN Manager releases 20.18 and later are not affected by this vulnerability.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad en la funci\u00f3n de Agente de Recopilaci\u00f3n de Datos (DCA) de Cisco Catalyst SD-WAN Manager podr\u00eda permitir a un atacante local autenticado obtener privilegios de usuario de DCA en un sistema afectado. Para explotar esta vulnerabilidad, el atacante debe tener credenciales v\u00e1lidas de vmanage en el sistema afectado.\\n\\nEsta vulnerabilidad se debe a la presencia de un archivo de credenciales para el usuario de DCA en un sistema afectado. Un atacante podr\u00eda explotar esta vulnerabilidad al acceder al sistema de archivos como un usuario con privilegios bajos y leer el archivo que contiene la contrase\u00f1a de DCA de ese sistema afectado. Un exploit exitoso podr\u00eda permitir al atacante acceder a otro sistema afectado y obtener privilegios de usuario de DCA.\\nNota: Las versiones 20.18 y posteriores de Cisco Catalyst SD-WAN Manager no se ven afectadas por esta vulnerabilidad.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"psirt@cisco.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":0.8,\"impactScore\":6.0}]},\"weaknesses\":[{\"source\":\"psirt@cisco.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-257\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:catalyst_sd-wan_manager:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"20.9.8.2\",\"matchCriteriaId\":\"0388BD67-C1AD-4E47-8B1A-22EE1634190E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:catalyst_sd-wan_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"20.10\",\"versionEndExcluding\":\"20.12.5.3\",\"matchCriteriaId\":\"ADAB32B5-239D-4DC0-BF30-A6D72ACB3710\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:catalyst_sd-wan_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"20.13\",\"versionEndExcluding\":\"20.15.4.2\",\"matchCriteriaId\":\"D284EA84-6C27-4A9C-BDA2-D1C5BF1F2356\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:catalyst_sd-wan_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"20.16\",\"versionEndExcluding\":\"20.18\",\"matchCriteriaId\":\"79B0897E-0FF3-44CA-901F-A10A6921672D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.12.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F5B6E170-73B8-4838-93B4-AD258F3BCA7C\"}]}]}],\"references\":[{\"url\":\"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-authbp-qwCX8D4v\",\"source\":\"psirt@cisco.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-20128\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"US Government Resource\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-20128\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"active\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-04-20T17:58:26.507619Z\"}}}, {\"other\": {\"type\": \"kev\", \"content\": {\"dateAdded\": \"2026-04-20\", \"reference\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-20128\"}}}], \"references\": [{\"url\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-20128\", \"tags\": [\"government-resource\"]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-02-25T18:17:54.348Z\"}, \"timeline\": [{\"lang\": \"en\", \"time\": \"2026-04-20T00:00:00.000Z\", \"value\": \"CVE-2026-20128 added to CISA KEV\"}]}], \"cna\": {\"title\": \"Cisco Catalyst SD-WAN Manager Information Disclosure Vulnerability\", \"source\": {\"defects\": [\"CSCws33585\"], \"advisory\": \"cisco-sa-sdwan-authbp-qwCX8D4v\", \"discovery\": \"INTERNAL\"}, \"metrics\": [{\"format\": \"cvssV3_1\", \"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"HIGH\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"Cisco\", \"product\": \"Cisco Catalyst SD-WAN Manager\", \"versions\": [{\"status\": \"affected\", \"version\": \"20.1.12\"}, {\"status\": \"affected\", \"version\": \"19.2.1\"}, {\"status\": \"affected\", \"version\": \"18.4.4\"}, {\"status\": \"affected\", \"version\": \"18.4.5\"}, {\"status\": \"affected\", \"version\": \"20.1.1.1\"}, {\"status\": \"affected\", \"version\": \"20.1.1\"}, {\"status\": \"affected\", \"version\": \"19.3.0\"}, {\"status\": \"affected\", \"version\": \"19.2.2\"}, {\"status\": \"affected\", \"version\": \"19.2.099\"}, {\"status\": \"affected\", \"version\": \"18.3.6\"}, {\"status\": \"affected\", \"version\": \"18.3.7\"}, {\"status\": \"affected\", \"version\": \"19.2.0\"}, {\"status\": \"affected\", \"version\": \"18.3.8\"}, {\"status\": \"affected\", \"version\": \"19.0.0\"}, {\"status\": \"affected\", \"version\": \"19.1.0\"}, {\"status\": \"affected\", \"version\": \"18.4.302\"}, {\"status\": \"affected\", \"version\": \"18.4.303\"}, {\"status\": \"affected\", \"version\": \"19.2.097\"}, {\"status\": \"affected\", \"version\": \"19.2.098\"}, {\"status\": \"affected\", \"version\": \"17.2.10\"}, {\"status\": \"affected\", \"version\": \"18.3.6.1\"}, {\"status\": \"affected\", \"version\": \"19.0.1a\"}, {\"status\": \"affected\", \"version\": \"18.2.0\"}, {\"status\": \"affected\", \"version\": \"18.4.3\"}, {\"status\": \"affected\", \"version\": \"18.4.1\"}, {\"status\": \"affected\", \"version\": \"17.2.8\"}, {\"status\": \"affected\", \"version\": \"18.3.3.1\"}, {\"status\": \"affected\", \"version\": \"18.4.0\"}, {\"status\": \"affected\", \"version\": \"18.3.1\"}, {\"status\": \"affected\", \"version\": \"17.2.6\"}, {\"status\": \"affected\", \"version\": \"17.2.9\"}, {\"status\": \"affected\", \"version\": \"18.3.4\"}, {\"status\": \"affected\", \"version\": \"17.2.5\"}, {\"status\": \"affected\", \"version\": \"18.3.1.1\"}, {\"status\": \"affected\", \"version\": \"18.3.5\"}, {\"status\": \"affected\", \"version\": \"18.4.0.1\"}, {\"status\": \"affected\", \"version\": \"18.3.3\"}, {\"status\": \"affected\", \"version\": \"17.2.7\"}, {\"status\": \"affected\", \"version\": \"18.3.0\"}, {\"status\": \"affected\", \"version\": \"19.2.3\"}, {\"status\": \"affected\", \"version\": \"18.4.501_ES\"}, {\"status\": \"affected\", \"version\": \"20.3.1\"}, {\"status\": \"affected\", \"version\": \"20.1.2\"}, {\"status\": \"affected\", \"version\": \"19.2.929\"}, {\"status\": \"affected\", \"version\": \"19.2.31\"}, {\"status\": \"affected\", \"version\": \"20.3.2\"}, {\"status\": \"affected\", \"version\": \"19.2.32\"}, {\"status\": \"affected\", \"version\": \"20.3.2.1\"}, {\"status\": \"affected\", \"version\": \"20.3.2.1_927\"}, {\"status\": \"affected\", \"version\": \"18.4.6\"}, {\"status\": \"affected\", \"version\": \"20.3.2_928\"}, {\"status\": \"affected\", \"version\": \"20.3.2_929\"}, {\"status\": \"affected\", \"version\": \"20.4.1.0.1\"}, {\"status\": \"affected\", \"version\": \"20.3.2.1_930\"}, {\"status\": \"affected\", \"version\": \"19.2.4\"}, {\"status\": \"affected\", \"version\": \"20.5.0.1.1\"}, {\"status\": \"affected\", \"version\": \"20.4.1.1\"}, {\"status\": \"affected\", \"version\": \"20.3.3\"}, {\"status\": \"affected\", \"version\": \"19.2.4.0.1\"}, {\"status\": \"affected\", \"version\": \"20.3.2_937\"}, {\"status\": \"affected\", \"version\": \"20.5.1\"}, {\"status\": \"affected\", \"version\": \"20.1.3\"}, {\"status\": \"affected\", \"version\": \"20.3.3.0.4\"}, {\"status\": \"affected\", \"version\": \"20.3.3.1.2\"}, {\"status\": \"affected\", \"version\": \"20.3.3.1.1\"}, {\"status\": \"affected\", \"version\": \"20.4.1.2\"}, {\"status\": \"affected\", \"version\": \"20.3.3.0.2\"}, {\"status\": \"affected\", \"version\": \"20.4.1.1.5\"}, {\"status\": \"affected\", \"version\": \"20.4.1.0.02\"}, {\"status\": \"affected\", \"version\": \"20.3.3.1.7\"}, {\"status\": \"affected\", \"version\": \"20.3.3.1.5\"}, {\"status\": \"affected\", \"version\": \"20.5.1.0.1\"}, {\"status\": \"affected\", \"version\": \"20.3.3.1.10\"}, {\"status\": \"affected\", \"version\": \"20.3.3.0.8\"}, {\"status\": \"affected\", \"version\": \"20.4.2\"}, {\"status\": \"affected\", \"version\": \"20.3.4\"}, {\"status\": \"affected\", \"version\": \"20.3.3.0.14\"}, {\"status\": \"affected\", \"version\": \"19.2.4.0.8\"}, {\"status\": \"affected\", \"version\": \"19.2.4.0.9\"}, {\"status\": \"affected\", \"version\": \"20.3.4.0.1\"}, {\"status\": \"affected\", \"version\": \"20.3.2.0.5\"}, {\"status\": \"affected\", \"version\": \"20.5.1.0.2\"}, {\"status\": \"affected\", \"version\": \"20.6.1.1\"}, {\"status\": \"affected\", \"version\": \"20.6.0.18.3\"}, {\"status\": \"affected\", \"version\": \"20.3.2.0.6\"}, {\"status\": \"affected\", \"version\": \"20.6.0.18.4\"}, {\"status\": \"affected\", \"version\": \"20.4.2.0.2\"}, {\"status\": \"affected\", \"version\": \"20.3.3.0.16\"}, {\"status\": \"affected\", \"version\": \"20.6.1.0.1\"}, {\"status\": \"affected\", \"version\": \"20.3.4.0.6\"}, {\"status\": \"affected\", \"version\": \"20.7.1EFT2\"}, {\"status\": \"affected\", \"version\": \"20.3.4.0.9\"}, {\"status\": \"affected\", \"version\": \"20.3.4.0.11\"}, {\"status\": \"affected\", \"version\": \"20.3.3.0.18\"}, {\"status\": \"affected\", \"version\": \"20.6.2.1\"}, {\"status\": \"affected\", \"version\": \"20.3.4.1\"}, {\"status\": \"affected\", \"version\": \"20.4.2.1\"}, {\"status\": \"affected\", \"version\": \"20.4.2.1.1\"}, {\"status\": \"affected\", \"version\": \"20.3.4.1.1\"}, {\"status\": \"affected\", \"version\": \"20.3.813\"}, {\"status\": \"affected\", \"version\": \"20.3.4.0.19\"}, {\"status\": \"affected\", \"version\": \"20.4.2.2.1\"}, {\"status\": \"affected\", \"version\": \"20.5.1.2\"}, {\"status\": \"affected\", \"version\": \"20.3.814\"}, {\"status\": \"affected\", \"version\": \"20.4.2.2\"}, {\"status\": \"affected\", \"version\": \"20.6.2.2\"}, {\"status\": \"affected\", \"version\": \"20.3.4.2.1\"}, {\"status\": \"affected\", \"version\": \"20.3.4.1.2\"}, {\"status\": \"affected\", \"version\": \"20.3.4.0.20\"}, {\"status\": \"affected\", \"version\": \"20.6.2.2.3\"}, {\"status\": \"affected\", \"version\": \"20.4.2.2.2\"}, {\"status\": \"affected\", \"version\": \"20.6.2.0.4\"}, {\"status\": \"affected\", \"version\": \"20.3.4.0.24\"}, {\"status\": \"affected\", \"version\": \"20.6.2.2.7\"}, {\"status\": \"affected\", \"version\": \"20.3.4.2.2\"}, {\"status\": \"affected\", \"version\": \"20.4.2.2.4\"}, {\"status\": \"affected\", \"version\": \"20.3.5.0.8\"}, {\"status\": \"affected\", \"version\": \"20.3.5.0.9\"}, {\"status\": \"affected\", \"version\": \"20.3.5.0.7\"}, {\"status\": \"affected\", \"version\": \"20.6.3.0.2\"}, {\"status\": \"affected\", \"version\": \"20.9.1EFT2\"}, {\"status\": \"affected\", \"version\": \"20.3.6\"}, {\"status\": \"affected\", \"version\": \"20.3.7\"}, {\"status\": \"affected\", \"version\": \"20.4.2.3\"}, {\"status\": \"affected\", \"version\": \"20.3.5.1\"}, {\"status\": \"affected\", \"version\": \"20.3.4.3\"}, {\"status\": \"affected\", \"version\": \"20.3.3.2\"}, {\"status\": \"affected\", \"version\": \"20.3.7.1\"}, {\"status\": \"affected\", \"version\": \"20.3.4.0.25\"}, {\"status\": \"affected\", \"version\": \"20.6.2.2.4\"}, {\"status\": \"affected\", \"version\": \"20.6.1.2\"}, {\"status\": \"affected\", \"version\": \"20.1.3.1\"}, {\"status\": \"affected\", \"version\": \"20.6.5.1.4\"}, {\"status\": \"affected\", \"version\": \"20.3.8\"}, {\"status\": \"affected\", \"version\": \"20.12.501\"}, {\"status\": \"affected\", \"version\": \"26.1.1\"}], \"defaultStatus\": \"unknown\"}], \"exploits\": [{\"lang\": \"en\", \"value\": \"The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in CVE-2026-20133, CVE-2026-20126, and CVE-2026-20129.\\r\\n\\r\\nIn March 2026, the Cisco PSIRT became aware of active exploitation of the vulnerabilities that are described in CVE-2026-20128 and CVE-2026-20122 only. The vulnerabilities that are described in the other CVEs in this advisory are not known to have been compromised. Cisco strongly recommends that customers upgrade to a fixed software release to remediate these vulnerabilities.\"}], \"references\": [{\"url\": \"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-authbp-qwCX8D4v\", \"name\": \"cisco-sa-sdwan-authbp-qwCX8D4v\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A vulnerability in the Data Collection Agent (DCA) feature of Cisco Catalyst SD-WAN Manager could allow an unauthenticated, remote attacker to gain DCA user privileges on an affected system.\\r\\n\\r\\nThis vulnerability is due to the presence of a credential file for the DCA user on an affected system. An attacker could exploit this vulnerability by sending a crafted HTTP request and reading the file that contains the DCA password from that affected system. A successful exploit could allow the attacker to access another affected system and gain DCA user privileges.\\r\\nNote: Cisco Catalyst SD-WAN Manager releases 20.18 and later are not affected by this vulnerability.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"cwe\", \"cweId\": \"CWE-257\", \"description\": \"Storing Passwords in a Recoverable Format\"}]}], \"providerMetadata\": {\"orgId\": \"d1c1063e-7a18-46af-9102-31f8928bc633\", \"shortName\": \"cisco\", \"dateUpdated\": \"2026-03-20T21:47:33.415Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-20128\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-04-21T03:55:31.648Z\", \"dateReserved\": \"2025-10-08T11:59:15.379Z\", \"assignerOrgId\": \"d1c1063e-7a18-46af-9102-31f8928bc633\", \"datePublished\": \"2026-02-25T16:14:12.353Z\", \"assignerShortName\": \"cisco\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…