ID
VAR-202602-3835
CVE
CVE-2026-20129
TITLE
Cisco Systems Cisco Catalyst SD-WAN Manager Authentication vulnerability in
Trust: 0.8
DESCRIPTION
A vulnerability in the API user authentication of Cisco Catalyst SD-WAN Manager could allow an unauthenticated, remote attacker to gain access to an affected system as a user who has the netadmin role. The vulnerability is due to improper authentication for requests that are sent to the API. An attacker could exploit this vulnerability by sending a crafted request to the API of an affected system. A successful exploit could allow the attacker to execute commands with the privileges of the netadmin role. Note: Cisco Catalyst SD-WAN Manager releases 20.18 and later are not affected by this vulnerability. . All information handled by the software may be rewritten. Furthermore, the software may stop working completely. Furthermore, attacks that exploit this vulnerability will not affect other software
Trust: 1.62
AFFECTED PRODUCTS
| vendor: | cisco | model: | catalyst sd-wan manager | scope: | lt | version: | 20.12.5.3 | Trust: 1.0 |
| vendor: | cisco | model: | catalyst sd-wan manager | scope: | gte | version: | 20.11 | Trust: 1.0 |
| vendor: | cisco | model: | catalyst sd-wan manager | scope: | gte | version: | 20.16 | Trust: 1.0 |
| vendor: | cisco | model: | catalyst sd-wan manager | scope: | gte | version: | 20.13 | Trust: 1.0 |
| vendor: | cisco | model: | catalyst sd-wan manager | scope: | lt | version: | 20.18 | Trust: 1.0 |
| vendor: | cisco | model: | catalyst sd-wan manager | scope: | eq | version: | 20.12.6 | Trust: 1.0 |
| vendor: | cisco | model: | catalyst sd-wan manager | scope: | lt | version: | 20.9.8.2 | Trust: 1.0 |
| vendor: | cisco | model: | catalyst sd-wan manager | scope: | lt | version: | 20.15.4.2 | Trust: 1.0 |
| vendor: | シスコシステムズ | model: | cisco catalyst sd-wan manager | scope: | eq | version: | 20.9.8.2 | Trust: 0.8 |
| vendor: | シスコシステムズ | model: | cisco catalyst sd-wan manager | scope: | eq | version: | 20.16 that's all 20.18 | Trust: 0.8 |
| vendor: | シスコシステムズ | model: | cisco catalyst sd-wan manager | scope: | eq | version: | 20.13 that's all 20.15.4.2 | Trust: 0.8 |
| vendor: | シスコシステムズ | model: | cisco catalyst sd-wan manager | scope: | eq | version: | 20.11 that's all 20.12.5.3 | Trust: 0.8 |
| vendor: | シスコシステムズ | model: | cisco catalyst sd-wan manager | scope: | eq | version: | 20.12.6 | Trust: 0.8 |
| vendor: | シスコシステムズ | model: | cisco catalyst sd-wan manager | scope: | - | version: | - | Trust: 0.8 |
| vendor: | シスコシステムズ | model: | cisco catalyst sd-wan manager | scope: | eq | version: | - | Trust: 0.8 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-287 | Trust: 1.0 |
| problemtype: | Inappropriate authentication (CWE-287) [ others ] | Trust: 0.8 |
PATCH
| title: | Cisco Catalyst SD-WAN Vulnerabilities | url: | https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-authbp-qwCX8D4v | Trust: 0.8 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2026-20129 | Trust: 2.6 |
| db: | JVNDB | id: | JVNDB-2026-006162 | Trust: 0.8 |
REFERENCES
| url: | https://sec.cloudapps.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-sdwan-authbp-qwcx8d4v | Trust: 1.0 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2026-20129 | Trust: 0.8 |
SOURCES
| db: | JVNDB | id: | JVNDB-2026-006162 |
| db: | NVD | id: | CVE-2026-20129 |
LAST UPDATE DATE
2026-03-09T23:40:28.093000+00:00
SOURCES UPDATE DATE
| db: | JVNDB | id: | JVNDB-2026-006162 | date: | 2026-03-06T06:39:00 |
| db: | NVD | id: | CVE-2026-20129 | date: | 2026-03-04T21:16:28.077 |
SOURCES RELEASE DATE
| db: | JVNDB | id: | JVNDB-2026-006162 | date: | 2026-03-06T00:00:00 |
| db: | NVD | id: | CVE-2026-20129 | date: | 2026-02-25T17:25:30.343 |