Details of VAR-202602-4354

ID

VAR-202602-4354

CVE

CVE-2026-20133

TITLE

Cisco Systems Cisco Catalyst SD-WAN Manager Vulnerability regarding information leakage in

Trust: 0.8

sources: JVNDB: JVNDB-2026-006161

DESCRIPTION

A vulnerability in Cisco Catalyst SD-WAN Manager could allow an unauthenticated, remote attacker to view sensitive information on an affected system. This vulnerability is due to insufficient file system access restrictions. An attacker could exploit this vulnerability by accessing the API of an affected system. A successful exploit could allow the attacker to read sensitive information on the underlying operating system. In addition, information handled by the software will not be rewritten. Furthermore, the software will not stop. Furthermore, attacks exploiting this vulnerability will not affect other software

Trust: 1.62

sources: NVD: CVE-2026-20133 // JVNDB: JVNDB-2026-006161

AFFECTED PRODUCTS

vendor:	cisco	model:	catalyst sd-wan manager	scope:	lt	version:	20.12.5.3	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	gte	version:	20.11	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	gte	version:	20.16	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	gte	version:	20.13	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	eq	version:	20.12.6	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	lt	version:	20.18.2.1	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	lt	version:	20.9.8.2	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	lt	version:	20.15.4.2	Trust: 1.0
vendor:	シスコシステムズ	model:	cisco catalyst sd-wan manager	scope:	eq	version:	20.9.8.2	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco catalyst sd-wan manager	scope:	eq	version:	20.16 that's all 20.18.2.1	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco catalyst sd-wan manager	scope:	eq	version:	20.13 that's all 20.15.4.2	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco catalyst sd-wan manager	scope:	eq	version:	20.11 that's all 20.12.5.3	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco catalyst sd-wan manager	scope:	eq	version:	20.12.6	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco catalyst sd-wan manager	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco catalyst sd-wan manager	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2026-006161 // NVD: CVE-2026-20133

CVSS

SEVERITY

CVSSV2

CVSSV3

psirt@cisco.com:	CVE-2026-20133
value:	MEDIUM
Trust: 1.0
nvd@nist.gov:	CVE-2026-20133
value:	HIGH
Trust: 1.0
NVD:	CVE-2026-20133
value:	HIGH
Trust: 0.8

psirt@cisco.com:	CVE-2026-20133
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.1
Trust: 1.0
nvd@nist.gov:	CVE-2026-20133
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2026-20133
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2026-006161 // NVD: CVE-2026-20133 // NVD: CVE-2026-20133

PROBLEMTYPE DATA

problemtype:	CWE-200	Trust: 1.0
problemtype:	information leak (CWE-200) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2026-006161 // NVD: CVE-2026-20133

PATCH

title:

Cisco Catalyst SD-WAN Vulnerabilities

url:

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-authbp-qwCX8D4v

Trust: 0.8

sources: JVNDB: JVNDB-2026-006161

EXTERNAL IDS

db:	NVD	id:	CVE-2026-20133	Trust: 2.6
db:	JVNDB	id:	JVNDB-2026-006161	Trust: 0.8

sources: JVNDB: JVNDB-2026-006161 // NVD: CVE-2026-20133

REFERENCES

url:	https://sec.cloudapps.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-sdwan-authbp-qwcx8d4v	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2026-20133	Trust: 0.8

sources: JVNDB: JVNDB-2026-006161 // NVD: CVE-2026-20133

SOURCES

db:	JVNDB	id:	JVNDB-2026-006161
db:	NVD	id:	CVE-2026-20133

LAST UPDATE DATE

2026-03-09T23:41:43.191000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2026-006161	date:	2026-03-06T06:39:00
db:	NVD	id:	CVE-2026-20133	date:	2026-03-04T21:20:11.183

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2026-006161	date:	2026-03-06T00:00:00
db:	NVD	id:	CVE-2026-20133	date:	2026-02-25T17:25:30.983