Elise Imison

**Name of the Vulnerable Software and Affected Versions** Cisco Catalyst SD-WAN Manager versions prior to 26.0.1 **Description** A flaw in the web UI of Cisco Catalyst SD-WAN Manager allows an authenticated remote attacker with read-only permissions to elevate their privileges to a high-privileged level. This occurs because sensitive session information is recorded in audit logs, which an attacker can exploit to perform unauthorized actions with elevated permissions. **Recommendations** Update to version 26.0.1 or later.

**Name of the Vulnerable Software and Affected Versions** Cisco Catalyst SD-WAN Manager versions prior to 26.0.1 **Description** A flaw in the web UI of Cisco Catalyst SD-WAN Manager allows an authenticated remote attacker with read-only permissions to elevate their privileges to those of a high-privileged user. This occurs due to a failure to redact sensitive information within device configurations and templates, enabling the attacker to modify configurations and perform unauthorized actions on the system. **Recommendations** Update to a version later than 26.0.1.