Cisco Catalyst SD-WAN Manager
Moderate fix5 remedies
cpe:2.3:a:cisco:catalyst_sd-wan_manager:*:*:*:*:*:*:*
Moderate fix5 remedies
- < 20.9
- = 20.9
- = 20.11
- = 20.12.5
- = 20.12.6
- = 20.13
- = 20.14
- = 20.15
- = 20.16
- = 20.18
Actively Exploited in the Wild
This vulnerability is being actively exploited in the wild.
Cisco Catalyst SD-WAN Manager Information Disclosure Vulnerability
Vulnerability
Exploited
Patched
A vulnerability exists in Cisco Catalyst SD-WAN Manager due to inadequate file system access restrictions, allowing an unauthenticated, remote attacker to access sensitive information on the underlying operating system. Exploitation involves interacting with the system's API to retrieve this information.
Impact
Successful exploitation enables unauthorized access to sensitive information on the operating system of the affected system.
Remediation
Cisco has released software updates to address this vulnerability. For systems running versions earlier than 20.9, customers should migrate to a fixed release. For those on 20.9, the first fixed release is 20.9.8.2, estimated available on February 27, 2026. Customers on 20.11 should upgrade to 20.12.6.1, while those on 20.12.5 or 20.12.6 should move to 20.12.5.3 or 20.12.6.1, respectively. For versions 20.13, 20.14, and 20.15, the fixed release is 20.15.4.2. Users on 20.16 or 20.18 should upgrade to 20.18.2.1.
Added: Feb 25, 2026, 11:11 PM
Updated: Apr 20, 2026, 7:02 PM
Vulnerability Rating
Custom Algorithm
spread
3.1impact
2.5exploitability
9.1remediation
7.7relevance
3.4threat
8.0urgency
2.9incentive
4.2Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.