Cisco Catalyst SD-WAN Manager
Moderate fix2 remedies
cpe:2.3:a:cisco:catalyst_sd-wan_manager:*:*:*:*:*:*:*
Moderate fix2 remedies
- <= 20.8
- <= 20.92
- <= 20.101
- <= 20.111
- <= 20.12
Cisco Catalyst SD-WAN Manager Stored Cross-Site Scripting Vulnerability
Vulnerability
Patched
A stored cross-site scripting vulnerability has been identified in the web-based management interface of Cisco Catalyst SD-WAN Manager (formerly Cisco SD-WAN vManage). This vulnerability allows authenticated, remote attackers to inject malicious scripts that are stored and executed on the affected system. The issue arises from improper input sanitization in the management interface, enabling attackers to exploit the vulnerability by submitting harmful scripts.
Impact
Exploitation of this vulnerability allows for stored cross-site scripting, where injected scripts are executed in the context of the user.
Remediation
Cisco has released software updates to address this vulnerability. Customers are advised to upgrade to a fixed release. For guidance on upgrading, consult the Cisco Security Advisories page or contact the Cisco Technical Assistance Center (TAC) or your maintenance provider.
Added: Jun 9, 2025, 7:46 PM
Updated: Jun 9, 2025, 7:46 PM
Vulnerability Rating
Custom Algorithm
spread
3.1impact
1.7exploitability
5.0remediation
7.7relevance
0.0threat
0.0urgency
2.9incentive
1.7Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.