Sign-up

ID

VAR-202602-4354


CVE

CVE-2026-20133


DESCRIPTION

A vulnerability in Cisco Catalyst SD-WAN Manager could allow an unauthenticated, remote attacker to view sensitive information on an affected system. This vulnerability is due to insufficient file system access restrictions. An attacker could exploit this vulnerability by accessing the API of an affected system. A successful exploit could allow the attacker to read sensitive information on the underlying operating system.

Trust: 1.0

sources: NVD: CVE-2026-20133

AFFECTED PRODUCTS

vendor:ciscomodel:catalyst sd-wan managerscope:ltversion:20.12.5.3

Trust: 1.0

vendor:ciscomodel:catalyst sd-wan managerscope:gteversion:20.11

Trust: 1.0

vendor:ciscomodel:catalyst sd-wan managerscope:gteversion:20.16

Trust: 1.0

vendor:ciscomodel:catalyst sd-wan managerscope:gteversion:20.13

Trust: 1.0

vendor:ciscomodel:catalyst sd-wan managerscope:eqversion:20.12.6

Trust: 1.0

vendor:ciscomodel:catalyst sd-wan managerscope:ltversion:20.18.2.1

Trust: 1.0

vendor:ciscomodel:catalyst sd-wan managerscope:ltversion:20.9.8.2

Trust: 1.0

vendor:ciscomodel:catalyst sd-wan managerscope:ltversion:20.15.4.2

Trust: 1.0

sources: NVD: CVE-2026-20133

CVSS

SEVERITY

CVSSV2

CVSSV3

psirt@cisco.com: CVE-2026-20133
value: MEDIUM

Trust: 1.0

nvd@nist.gov: CVE-2026-20133
value: HIGH

Trust: 1.0

psirt@cisco.com: CVE-2026-20133
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 1.0

nvd@nist.gov: CVE-2026-20133
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

sources: NVD: CVE-2026-20133 // NVD: CVE-2026-20133

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.0

sources: NVD: CVE-2026-20133

EXTERNAL IDS

db:NVDid:CVE-2026-20133

Trust: 1.0

sources: NVD: CVE-2026-20133

REFERENCES

url:https://sec.cloudapps.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-sdwan-authbp-qwcx8d4v

Trust: 1.0

sources: NVD: CVE-2026-20133

SOURCES

db:NVDid:CVE-2026-20133

LAST UPDATE DATE

2026-03-05T23:44:39.979000+00:00


SOURCES UPDATE DATE

db:NVDid:CVE-2026-20133date:2026-03-04T21:20:11.183

SOURCES RELEASE DATE

db:NVDid:CVE-2026-20133date:2026-02-25T17:25:30.983