MEDIUM✓ PATCH🇵🇱 Wersja polska

CVE-2026-20209

CVSS 5.4v3.1pub. 2026-05-14upd. 2026-06-29

A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, remote attacker with read-only permissions to elevate their privileges from low to high and perform actions as a high-privileged user. This vulnerability exists because sensitive session information is recorded in audit logs. An attacker could exploit this vulnerability by elevating their read-only permissions in Cisco Catalyst SD-WAN Manager to those of a high-privileged user. A successful exploit could allow the attacker to perform actions as a high-privileged user.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
  • Cisco Catalyst Sd Wan Manager

    APP
    Cisco
    20.12.720.10 – 20.12.5.4 (bez)20.12.6 – 20.12.6.2 (bez)20.13 – 20.15.4.4 (bez)< 20.9.9.120.16 – 20.18.2.2 (bez)26.1 – 26.1.1.1 (bez)20.15.5 – 20.15.5.2 (bez)
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
CWE
References

Related vulnerabilities

CVE-2026-20182CRITICAL10.0⚠ KEVPL ✓ten sam produkt

Cisco Catalyst SD-WAN — pominięcie uwierzytelnienia z dostępem administracyjnym

CVE-2026-20127CRITICAL10.0⚠ KEVPL ✓ten sam produkt

Cisco Catalyst SD-WAN — ominięcie uwierzytelnienia peering i przejęcie uprawnień

CVE-2026-20129CRITICAL9.8PL ✓ten sam produkt

Pominięcie uwierzytelnienia w API Cisco Catalyst SD-WAN Manager

CVE-2023-20252CRITICAL9.8ten sam produkt

A vulnerability in the Security Assertion Markup Language (SAML) APIs of Cisco Catalyst SD-WAN Manager Softwar...

CVE-2023-20214CRITICAL9.1ten sam produkt

A vulnerability in the request authentication validation for the REST API of Cisco SD-WAN vManage software cou...