Details of VAR-202602-3258

ID

VAR-202602-3258

CVE

CVE-2026-20127

TITLE

Cisco Systems Cisco Catalyst SD-WAN Manager Vulnerabilities related to authentication in multiple products, such as

Trust: 0.8

sources: JVNDB: JVNDB-2026-005651

DESCRIPTION

A vulnerability in the peering authentication in Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, and Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an unauthenticated, remote attacker to bypass authentication and obtain administrative privileges on an affected system. This vulnerability exists because the peering authentication mechanism in an affected system is not working properly. An attacker could exploit this vulnerability by sending crafted requests to an affected system. A successful exploit could allow the attacker to log in to an affected Cisco Catalyst SD-WAN Controller as an internal, high-privileged, non-root user account. Using this account, the attacker could access NETCONF, which would then allow the attacker to manipulate network configuration for the SD-WAN fabric. . All information handled by the software may be rewritten. Furthermore, the software may stop working completely. Furthermore, attacks exploiting this vulnerability may affect other software as well

Trust: 1.62

sources: NVD: CVE-2026-20127 // JVNDB: JVNDB-2026-005651

AFFECTED PRODUCTS

vendor:	cisco	model:	catalyst sd-wan manager	scope:	lt	version:	20.12.5.3	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	gte	version:	20.13	Trust: 1.0
vendor:	cisco	model:	sd-wan vsmart controller	scope:	gte	version:	20.11	Trust: 1.0
vendor:	cisco	model:	sd-wan vsmart controller	scope:	gte	version:	20.16	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	lt	version:	20.15.4.2	Trust: 1.0
vendor:	cisco	model:	sd-wan vsmart controller	scope:	lt	version:	20.9.8.2	Trust: 1.0
vendor:	cisco	model:	sd-wan vsmart controller	scope:	lt	version:	20.18.2.1	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	gte	version:	20.11	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	gte	version:	20.16	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	eq	version:	20.12.6	Trust: 1.0
vendor:	cisco	model:	sd-wan vsmart controller	scope:	lt	version:	20.12.5.3	Trust: 1.0
vendor:	cisco	model:	sd-wan vsmart controller	scope:	gte	version:	20.13	Trust: 1.0
vendor:	cisco	model:	sd-wan vsmart controller	scope:	eq	version:	20.12.6	Trust: 1.0
vendor:	cisco	model:	sd-wan vsmart controller	scope:	lt	version:	20.15.4.2	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	lt	version:	20.9.8.2	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	lt	version:	20.18.2.1	Trust: 1.0
vendor:	シスコシステムズ	model:	cisco sd-wan vsmart controller	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco catalyst sd-wan manager	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2026-005651 // NVD: CVE-2026-20127

CVSS

SEVERITY

CVSSV2

CVSSV3

psirt@cisco.com:	CVE-2026-20127
value:	CRITICAL
Trust: 1.0
nvd@nist.gov:	CVE-2026-20127
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2026-20127
value:	CRITICAL
Trust: 0.8

psirt@cisco.com:	CVE-2026-20127
baseSeverity:	CRITICAL
baseScore:	10.0
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	6.0
version:	3.1
Trust: 2.0
NVD:	CVE-2026-20127
baseSeverity:	CRITICAL
baseScore:	10.0
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2026-005651 // NVD: CVE-2026-20127 // NVD: CVE-2026-20127

PROBLEMTYPE DATA

problemtype:	CWE-287	Trust: 1.0
problemtype:	Inappropriate authentication (CWE-287) [ others ]	Trust: 0.8
problemtype:	Inappropriate authentication (CWE-287) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2026-005651 // NVD: CVE-2026-20127

PATCH

title:

Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability

url:

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-rpa-EHchtZk

Trust: 0.8

sources: JVNDB: JVNDB-2026-005651

EXTERNAL IDS

db:	NVD	id:	CVE-2026-20127	Trust: 2.6
db:	JVNDB	id:	JVNDB-2026-005651	Trust: 0.8

sources: JVNDB: JVNDB-2026-005651 // NVD: CVE-2026-20127

REFERENCES

url:	https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=cve-2026-20127	Trust: 1.8
url:	https://sec.cloudapps.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-sdwan-rpa-ehchtzk	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2026-20127	Trust: 0.8

sources: JVNDB: JVNDB-2026-005651 // NVD: CVE-2026-20127

SOURCES

db:	JVNDB	id:	JVNDB-2026-005651
db:	NVD	id:	CVE-2026-20127

LAST UPDATE DATE

2026-03-03T23:37:42.564000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2026-005651	date:	2026-03-02T09:51:00
db:	NVD	id:	CVE-2026-20127	date:	2026-02-26T16:20:02.187

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2026-005651	date:	2026-03-02T00:00:00
db:	NVD	id:	CVE-2026-20127	date:	2026-02-25T17:25:29.477