Cisco Catalyst SD-WAN Manager
Moderate fix5 remedies
cpe:2.3:a:cisco:catalyst_sd-wan_manager:*:*:*:*:*:*:*
Moderate fix5 remedies
- < 20.9
- <= 20.9
- <= 20.11
- <= 20.12.5
- <= 20.12.6
- <= 20.13
- <= 20.14
- <= 20.15
- <= 20.16
- <= 20.18
Cisco Catalyst SD-WAN Manager Privilege Escalation Vulnerability
Vulnerability
Patched
A vulnerability exists in Cisco Catalyst SD-WAN Manager that allows an authenticated, local attacker with low privileges to gain root access on the underlying operating system. This issue arises from an inadequate user authentication mechanism in the REST API, enabling attackers to exploit the vulnerability by sending requests that elevate their privileges.
Impact
Exploitation of this vulnerability could lead to unauthorized root access on the operating system, allowing the attacker to execute commands and potentially manipulate system files and processes with elevated privileges.
Remediation
Cisco has released software updates to address this vulnerability. Users are advised to upgrade to version 20.9.8.2 or later, or to consult the Cisco Catalyst SD-WAN Upgrade Matrix for guidance on upgrading from other versions.
Added: Feb 25, 2026, 11:12 PM
Updated: Feb 25, 2026, 11:12 PM
Vulnerability Rating
Custom Algorithm
spread
3.1impact
10.0exploitability
3.8remediation
7.7relevance
3.2threat
0.0urgency
2.9incentive
0.0Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.