Cisco Catalyst SD-WAN Manager
Moderate fix5 remedies
cpe:2.3:a:cisco:catalyst_sd-wan_manager:*:*:*:*:*:*:*
Moderate fix5 remedies
- < 20.9
- <= 20.9
- <= 20.11
- <= 20.12.5
- <= 20.12.6
- <= 20.13
- <= 20.14
- <= 20.15
- <= 20.16
- <= 20.18
Cisco Catalyst SD-WAN Manager Authentication Bypass Vulnerability Allowing Privileged Access
Vulnerability
Patched
An authentication bypass vulnerability has been identified in the API user authentication of Cisco Catalyst SD-WAN Manager, affecting releases prior to 20.18. This vulnerability allows an unauthenticated, remote attacker to gain access to the system as a user with netadmin privileges. The issue arises from improper authentication of API requests, enabling attackers to execute commands with elevated rights.
Impact
Exploitation of this vulnerability could lead to unauthorized access with netadmin privileges, allowing the attacker to execute commands and potentially manipulate the system or its configurations at a high level.
Remediation
Cisco has released software updates to address this vulnerability. Users are advised to upgrade to version 20.9.8.2 or later, or to version 20.12.6.1, 20.15.4.2, or 20.18.2.1, depending on their current version. For more information, consult the Cisco Catalyst SD-WAN Upgrade Matrix.
Added: Feb 25, 2026, 6:34 PM
Updated: Feb 25, 2026, 6:34 PM
Vulnerability Rating
Custom Algorithm
spread
3.1impact
7.5exploitability
8.1remediation
7.7relevance
3.2threat
0.0urgency
2.9incentive
8.3Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.