Sign-up

ID

VAR-202602-3835


CVE

CVE-2026-20129


DESCRIPTION

A vulnerability in the API user authentication of Cisco Catalyst SD-WAN Manager could allow an unauthenticated, remote attacker to gain access to an affected system as a user who has the netadmin role. The vulnerability is due to improper authentication for requests that are sent to the API. An attacker could exploit this vulnerability by sending a crafted request to the API of an affected system. A successful exploit could allow the attacker to execute commands with the privileges of the netadmin role. Note: Cisco Catalyst SD-WAN Manager releases 20.18 and later are not affected by this vulnerability. 

Trust: 1.0

sources: NVD: CVE-2026-20129

AFFECTED PRODUCTS

vendor:ciscomodel:catalyst sd-wan managerscope:ltversion:20.12.5.3

Trust: 1.0

vendor:ciscomodel:catalyst sd-wan managerscope:gteversion:20.11

Trust: 1.0

vendor:ciscomodel:catalyst sd-wan managerscope:gteversion:20.16

Trust: 1.0

vendor:ciscomodel:catalyst sd-wan managerscope:gteversion:20.13

Trust: 1.0

vendor:ciscomodel:catalyst sd-wan managerscope:ltversion:20.18

Trust: 1.0

vendor:ciscomodel:catalyst sd-wan managerscope:eqversion:20.12.6

Trust: 1.0

vendor:ciscomodel:catalyst sd-wan managerscope:ltversion:20.9.8.2

Trust: 1.0

vendor:ciscomodel:catalyst sd-wan managerscope:ltversion:20.15.4.2

Trust: 1.0

sources: NVD: CVE-2026-20129

CVSS

SEVERITY

CVSSV2

CVSSV3

psirt@cisco.com: CVE-2026-20129
value: CRITICAL

Trust: 1.0

psirt@cisco.com: CVE-2026-20129
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

sources: NVD: CVE-2026-20129

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.0

sources: NVD: CVE-2026-20129

EXTERNAL IDS

db:NVDid:CVE-2026-20129

Trust: 1.0

sources: NVD: CVE-2026-20129

REFERENCES

url:https://sec.cloudapps.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-sdwan-authbp-qwcx8d4v

Trust: 1.0

sources: NVD: CVE-2026-20129

SOURCES

db:NVDid:CVE-2026-20129

LAST UPDATE DATE

2026-03-05T23:44:24.575000+00:00


SOURCES UPDATE DATE

db:NVDid:CVE-2026-20129date:2026-03-04T21:16:28.077

SOURCES RELEASE DATE

db:NVDid:CVE-2026-20129date:2026-02-25T17:25:30.343