CVE-2026-20209
MEDIUM EPSS 8.9%
Published May 14, 20261mo ago · Modified Jun 29, 2026today
5.4 CVSS 3.1
Published May 14, 2026 1mo ago
Last Modified Jun 29, 2026 today
Description
A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, remote attacker with read-only permissions to elevate their privileges from low to high and perform actions as a high-privileged user. This vulnerability exists because sensitive session information is recorded in audit logs. An attacker could exploit this vulnerability by elevating their read-only permissions in Cisco Catalyst SD-WAN Manager to those of a high-privileged user. A successful exploit could allow the attacker to perform actions as a high-privileged user.
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N Attack Vector Network
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality Low
Integrity Low
Availability None
Threat Intelligence
EPSS Exploit Probability
8.9% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available
Weaknesses 1
CWE-779
Affected Products 8
| Vendor | Product | Version | Range |
|---|---|---|---|
| cisco | catalyst_sd-wan_manager | * | <20.9.9.1 |
| cisco | catalyst_sd-wan_manager | * | ≥20.10 – <20.12.5.4 |
| cisco | catalyst_sd-wan_manager | * | ≥20.12.6 – <20.12.6.2 |
| cisco | catalyst_sd-wan_manager | * | ≥20.13 – <20.15.4.4 |
| cisco | catalyst_sd-wan_manager | * | ≥20.15.5 – <20.15.5.2 |
| cisco | catalyst_sd-wan_manager | * | ≥20.16 – <20.18.2.2 |
| cisco | catalyst_sd-wan_manager | * | ≥26.1 – <26.1.1.1 |
| cisco | catalyst_sd-wan_manager | 20.12.7 | any |
References 2
- sec.cloudapps.cisco.com https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-mltvnps2-JxpWm7R
- sec.cloudapps.cisco.com https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-rpa-EHchtZk
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.