Sign-up

ID

VAR-202602-4478


CVE

CVE-2026-20126


DESCRIPTION

A vulnerability in Cisco Catalyst SD-WAN Manager could allow an authenticated, local attacker with low privileges to gain root privileges on the underlying operating system. This vulnerability is due to an insufficient user authentication mechanism in the REST API. An attacker could exploit this vulnerability by sending a request to the REST API of the affected system. A successful exploit could allow the attacker to gain root privileges on the underlying operating system.

Trust: 1.0

sources: NVD: CVE-2026-20126

AFFECTED PRODUCTS

vendor:ciscomodel:catalyst sd-wan managerscope:ltversion:20.12.5.3

Trust: 1.0

vendor:ciscomodel:catalyst sd-wan managerscope:gteversion:20.11

Trust: 1.0

vendor:ciscomodel:catalyst sd-wan managerscope:gteversion:20.16

Trust: 1.0

vendor:ciscomodel:catalyst sd-wan managerscope:gteversion:20.13

Trust: 1.0

vendor:ciscomodel:catalyst sd-wan managerscope:eqversion:20.12.6

Trust: 1.0

vendor:ciscomodel:catalyst sd-wan managerscope:ltversion:20.18.2.1

Trust: 1.0

vendor:ciscomodel:catalyst sd-wan managerscope:ltversion:20.9.8.2

Trust: 1.0

vendor:ciscomodel:catalyst sd-wan managerscope:ltversion:20.15.4.2

Trust: 1.0

sources: NVD: CVE-2026-20126

CVSS

SEVERITY

CVSSV2

CVSSV3

psirt@cisco.com: CVE-2026-20126
value: HIGH

Trust: 1.0

nvd@nist.gov: CVE-2026-20126
value: HIGH

Trust: 1.0

psirt@cisco.com: CVE-2026-20126
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

nvd@nist.gov: CVE-2026-20126
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

sources: NVD: CVE-2026-20126 // NVD: CVE-2026-20126

PROBLEMTYPE DATA

problemtype:CWE-648

Trust: 1.0

sources: NVD: CVE-2026-20126

EXTERNAL IDS

db:NVDid:CVE-2026-20126

Trust: 1.0

sources: NVD: CVE-2026-20126

REFERENCES

url:https://sec.cloudapps.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-sdwan-authbp-qwcx8d4v

Trust: 1.0

sources: NVD: CVE-2026-20126

SOURCES

db:NVDid:CVE-2026-20126

LAST UPDATE DATE

2026-03-05T23:44:48.749000+00:00


SOURCES UPDATE DATE

db:NVDid:CVE-2026-20126date:2026-03-04T21:21:49.053

SOURCES RELEASE DATE

db:NVDid:CVE-2026-20126date:2026-02-25T17:25:28.840