Details of VAR-202605-3704

ID

VAR-202605-3704

CVE

CVE-2026-20182

TITLE

Cisco Systems Cisco Catalyst SD-WAN Manager Vulnerabilities related to authentication in multiple products, such as

Trust: 0.8

sources: JVNDB: JVNDB-2026-016006

DESCRIPTION

May 2026: This security advisory provides the details and fix information for a vulnerability that was discovered and fixed after the was disclosed in February 2026. This new advisory is for a new vulnerability in the control connection handshaking. The section of this advisory includes Show Control Connections guidance to help with system checks.  A vulnerability in the peering authentication in Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, and Cisco Catalyst SD-WAN Validator, formerly SD-WAN vBond, could allow an unauthenticated, remote attacker to bypass authentication and obtain administrative privileges on an affected system. This vulnerability exists because the peering authentication mechanism in an affected system is not working properly. An attacker could exploit this vulnerability by sending crafted requests to the affected system. A successful exploit could allow the attacker to log in to an affected Cisco Catalyst SD-WAN Controller as an internal, high-privileged, non-root user account. Using this account, the attacker could access NETCONF, which would then allow the attacker to manipulate network configuration for the SD-WAN fabric. A successful attack would allow the attacker to gain administrator privileges. Cisco Catalyst SD-WAN Controller He has high authority within the company. root This will allow you to log in as a non-user account. All information handled by the software may be rewritten. Furthermore, the software may stop working completely. Furthermore, attacks exploiting this vulnerability may affect other software as well

Trust: 1.62

sources: NVD: CVE-2026-20182 // JVNDB: JVNDB-2026-016006

AFFECTED PRODUCTS

vendor:	cisco	model:	sd-wan vsmart controller	scope:	lt	version:	20.12.5.4	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	gte	version:	20.10	Trust: 1.0
vendor:	cisco	model:	sd-wan vsmart controller	scope:	lt	version:	20.15.4.4	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	gte	version:	20.12.6	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	lt	version:	20.15.5.2	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	gte	version:	26.1	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	lt	version:	20.18.2.2	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	eq	version:	20.12.7	Trust: 1.0
vendor:	cisco	model:	sd-wan vsmart controller	scope:	gte	version:	20.10	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	gte	version:	20.16	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	gte	version:	20.13	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	gte	version:	20.15.5	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	lt	version:	20.9.9.1	Trust: 1.0
vendor:	cisco	model:	sd-wan vsmart controller	scope:	gte	version:	20.12.6	Trust: 1.0
vendor:	cisco	model:	sd-wan vsmart controller	scope:	lt	version:	20.15.5.2	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	lt	version:	26.1.1.1	Trust: 1.0
vendor:	cisco	model:	sd-wan vsmart controller	scope:	lt	version:	20.18.2.2	Trust: 1.0
vendor:	cisco	model:	sd-wan vsmart controller	scope:	gte	version:	26.1	Trust: 1.0
vendor:	cisco	model:	sd-wan vsmart controller	scope:	gte	version:	20.16	Trust: 1.0
vendor:	cisco	model:	sd-wan vsmart controller	scope:	gte	version:	20.13	Trust: 1.0
vendor:	cisco	model:	sd-wan vsmart controller	scope:	gte	version:	20.15.5	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	lt	version:	20.12.6.2	Trust: 1.0
vendor:	cisco	model:	sd-wan vsmart controller	scope:	lt	version:	26.1.1.1	Trust: 1.0
vendor:	cisco	model:	sd-wan vsmart controller	scope:	lt	version:	20.9.9.1	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	lt	version:	20.12.5.4	Trust: 1.0
vendor:	cisco	model:	catalyst sd-wan manager	scope:	lt	version:	20.15.4.4	Trust: 1.0
vendor:	cisco	model:	sd-wan vsmart controller	scope:	eq	version:	20.12.7	Trust: 1.0
vendor:	cisco	model:	sd-wan vsmart controller	scope:	lt	version:	20.12.6.2	Trust: 1.0
vendor:	シスコシステムズ	model:	cisco catalyst sd-wan manager	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco sd-wan vsmart controller	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2026-016006 // NVD: CVE-2026-20182

CVSS

SEVERITY

CVSSV2

CVSSV3

psirt@cisco.com:	CVE-2026-20182
value:	CRITICAL
Trust: 1.0
OTHER:	JVNDB-2026-016006
value:	CRITICAL
Trust: 0.8

psirt@cisco.com:	CVE-2026-20182
baseSeverity:	CRITICAL
baseScore:	10.0
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	6.0
version:	3.1
Trust: 1.0
OTHER:	JVNDB-2026-016006
baseSeverity:	CRITICAL
baseScore:	10.0
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2026-016006 // NVD: CVE-2026-20182

PROBLEMTYPE DATA

problemtype:	CWE-287	Trust: 1.0
problemtype:	Inappropriate authentication (CWE-287) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2026-016006 // NVD: CVE-2026-20182

PATCH

title:

Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability

url:

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-rpa2-v69WY2SW

Trust: 0.8

sources: JVNDB: JVNDB-2026-016006

EXTERNAL IDS

db:	NVD	id:	CVE-2026-20182	Trust: 2.6
db:	JVNDB	id:	JVNDB-2026-016006	Trust: 0.8

sources: JVNDB: JVNDB-2026-016006 // NVD: CVE-2026-20182

REFERENCES

url:	https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=cve-2026-20182	Trust: 1.8
url:	https://sec.cloudapps.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-sdwan-rpa2-v69wy2sw	Trust: 1.0
url:	https://sec.cloudapps.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-sdwan-rpa-ehchtzk	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2026-20182	Trust: 0.8

sources: JVNDB: JVNDB-2026-016006 // NVD: CVE-2026-20182

SOURCES

db:	JVNDB	id:	JVNDB-2026-016006
db:	NVD	id:	CVE-2026-20182

LAST UPDATE DATE

2026-06-19T23:37:40.970000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2026-016006	date:	2026-05-18T03:08:00
db:	NVD	id:	CVE-2026-20182	date:	2026-06-16T19:16:34.683

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2026-016006	date:	2026-05-18T00:00:00
db:	NVD	id:	CVE-2026-20182	date:	2026-05-14T17:16:19.387