Cisco Catalyst SD-WAN Manager
Moderate fix5 remedies
cpe:2.3:a:cisco:catalyst_sd-wan_manager:*:*:*:*:*:*:*
Moderate fix5 remedies
- < 20.9
- <= 20.9
- <= 20.11
- <= 20.12.5
- <= 20.12.6
- <= 20.13
- <= 20.14
- <= 20.15
- <= 20.16
- <= 20.18
Actively Exploited in the Wild
This vulnerability is being actively exploited in the wild.
Cisco Catalyst SD-WAN Manager Arbitrary File Overwrite Vulnerability
Vulnerability
Exploited
Patched
An authenticated, remote attacker could exploit a vulnerability in the API of Cisco Catalyst SD-WAN Manager to overwrite arbitrary files on the local file system. This issue arises from improper file handling in the API interface. To exploit this vulnerability, the attacker must have valid read-only credentials with API access on the affected system. A successful exploit could allow the attacker to overwrite files and gain vmanage user privileges.
Impact
Exploitation of this vulnerability could lead to unauthorized file modifications on the affected system, potentially allowing for privilege escalation to the vmanage user role.
Remediation
Cisco has released software updates that address this vulnerability. Customers are advised to upgrade to the latest version of Cisco Catalyst SD-WAN Manager. For guidance on which release to upgrade to, consult the Cisco Catalyst SD-WAN Upgrade Matrix.
Added: Feb 25, 2026, 11:14 PM
Updated: Apr 20, 2026, 7:02 PM
Vulnerability Rating
Custom Algorithm
spread
3.1impact
5.0exploitability
6.9remediation
7.7relevance
3.2threat
8.0urgency
2.9incentive
0.0Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.