ID
VAR-202602-3961
CVE
CVE-2026-20122
TITLE
Cisco Systems Cisco Catalyst SD-WAN Manager privilege in API Improper Use Vulnerability
Trust: 0.8
DESCRIPTION
A vulnerability in the API of Cisco Catalyst SD-WAN Manager could allow an authenticated, remote attacker to overwrite arbitrary files on the local file system. To exploit this vulnerability, the attacker must have valid read-only credentials with API access on the affected system. This vulnerability is due to improper file handling on the API interface of an affected system. An attacker could exploit this vulnerability by uploading a malicious file on the local file system. A successful exploit could allow the attacker to overwrite arbitrary files on the affected system and gain vmanage user privileges. Also, some of the information handled by the software may be rewritten. Furthermore, the software will not stop. Furthermore, attacks that exploit this vulnerability will not affect other software
Trust: 1.62
AFFECTED PRODUCTS
| vendor: | cisco | model: | catalyst sd-wan manager | scope: | lt | version: | 20.12.5.3 | Trust: 1.0 |
| vendor: | cisco | model: | catalyst sd-wan manager | scope: | gte | version: | 20.11 | Trust: 1.0 |
| vendor: | cisco | model: | catalyst sd-wan manager | scope: | gte | version: | 20.16 | Trust: 1.0 |
| vendor: | cisco | model: | catalyst sd-wan manager | scope: | gte | version: | 20.13 | Trust: 1.0 |
| vendor: | cisco | model: | catalyst sd-wan manager | scope: | eq | version: | 20.12.6 | Trust: 1.0 |
| vendor: | cisco | model: | catalyst sd-wan manager | scope: | lt | version: | 20.18.2.1 | Trust: 1.0 |
| vendor: | cisco | model: | catalyst sd-wan manager | scope: | lt | version: | 20.9.8.2 | Trust: 1.0 |
| vendor: | cisco | model: | catalyst sd-wan manager | scope: | lt | version: | 20.15.4.2 | Trust: 1.0 |
| vendor: | シスコシステムズ | model: | cisco catalyst sd-wan manager | scope: | eq | version: | 20.9.8.2 | Trust: 0.8 |
| vendor: | シスコシステムズ | model: | cisco catalyst sd-wan manager | scope: | eq | version: | 20.16 that's all 20.18.2.1 | Trust: 0.8 |
| vendor: | シスコシステムズ | model: | cisco catalyst sd-wan manager | scope: | eq | version: | 20.13 that's all 20.15.4.2 | Trust: 0.8 |
| vendor: | シスコシステムズ | model: | cisco catalyst sd-wan manager | scope: | eq | version: | 20.11 that's all 20.12.5.3 | Trust: 0.8 |
| vendor: | シスコシステムズ | model: | cisco catalyst sd-wan manager | scope: | eq | version: | 20.12.6 | Trust: 0.8 |
| vendor: | シスコシステムズ | model: | cisco catalyst sd-wan manager | scope: | - | version: | - | Trust: 0.8 |
| vendor: | シスコシステムズ | model: | cisco catalyst sd-wan manager | scope: | eq | version: | - | Trust: 0.8 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-648 | Trust: 1.0 |
| problemtype: | privilege API improper use of (CWE-648) [ others ] | Trust: 0.8 |
PATCH
| title: | Cisco Catalyst SD-WAN Vulnerabilities | url: | https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-authbp-qwCX8D4v | Trust: 0.8 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2026-20122 | Trust: 2.6 |
| db: | JVNDB | id: | JVNDB-2026-006165 | Trust: 0.8 |
REFERENCES
| url: | https://sec.cloudapps.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-sdwan-authbp-qwcx8d4v | Trust: 1.0 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2026-20122 | Trust: 0.8 |
SOURCES
| db: | JVNDB | id: | JVNDB-2026-006165 |
| db: | NVD | id: | CVE-2026-20122 |
LAST UPDATE DATE
2026-03-09T23:40:28.074000+00:00
SOURCES UPDATE DATE
| db: | JVNDB | id: | JVNDB-2026-006165 | date: | 2026-03-06T06:39:00 |
| db: | NVD | id: | CVE-2026-20122 | date: | 2026-03-04T21:25:22.193 |
SOURCES RELEASE DATE
| db: | JVNDB | id: | JVNDB-2026-006165 | date: | 2026-03-06T00:00:00 |
| db: | NVD | id: | CVE-2026-20122 | date: | 2026-02-25T17:25:28.170 |