Cisco Catalyst SD-WAN Manager
Easy fix13 remedies
cpe:2.3:a:cisco:catalyst_sd-wan_manager:*:*:*:*:*:*:*
Easy fix13 remedies
- < 20.9
- <= 20.9
- <= 20.10
- <= 20.11
- <= 20.12
- <= 20.13
- <= 20.14
- <= 20.15
- <= 20.16
- <= 20.18
- <= 26.1
Cisco Catalyst SD-WAN Manager Privilege Escalation Vulnerability
Vulnerability
Patched
A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager (formerly SD-WAN vManage) could enable an authenticated, remote attacker with read-only permissions to elevate their privileges to high and act as a high-privileged user. This issue arises because sensitive session information is logged in audit trails, allowing an attacker to exploit the vulnerability by upgrading their permissions. A successful exploitation could permit the attacker to perform actions as a high-privileged user.
Impact
Exploitation of this vulnerability could allow an attacker to gain high-level privileges in Cisco Catalyst SD-WAN Manager, enabling them to perform actions reserved for high-privileged users.
Remediation
Cisco has released software updates to address this vulnerability. Customers should upgrade to the fixed software version. For additional information, consult the Cisco Catalyst SD-WAN Upgrade Matrix or contact the Cisco Technical Assistance Center (TAC).
Added: May 14, 2026, 5:45 PM
Updated: May 14, 2026, 5:45 PM
Vulnerability Rating
Custom Algorithm
spread
3.1impact
5.0exploitability
4.8remediation
8.3relevance
8.3threat
0.0urgency
2.9incentive
0.0Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.