Heba Farahat

**Name of the Vulnerable Software and Affected Versions** Cisco Catalyst SD-WAN Manager (affected versions not specified) **Description** A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager could allow an authenticated, remote attacker to retrieve arbitrary files from an affected system. This issue is due to improper validation of parameters sent to the web UI. An attacker could exploit this by logging in to Cisco Catalyst SD-WAN Manager and issuing crafted requests using the web UI, potentially obtaining arbitrary files from the underlying Linux file system of an affected system. The attacker must be an authenticated user to exploit this vulnerability. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cisco Catalyst SD-WAN Manager (affected versions not specified) **Description** The issue is related to insufficient user session management within the Cisco Catalyst SD-WAN Manager system, specifically in the multi-tenant feature. This could allow an authenticated, remote attacker to access another tenant being managed by the same instance, potentially gaining unauthorized access to information, making configuration changes, or causing a denial of service condition. The vulnerability requires the multi-tenant feature to be enabled and can be exploited by sending a crafted request to an affected system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.