PT-2026-21956 · Cisco · Cisco Catalyst Sd-Wan Manager
Arthur Vidineyev
·
Published
2026-02-25
·
Updated
2026-03-05
·
CVE-2026-20129
CVSS v3.1
10
Critical
| AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Cisco Catalyst SD-WAN Manager versions prior to 20.18
Description
A flaw exists in the API user authentication of Cisco Catalyst SD-WAN Manager that could allow an unauthenticated, remote attacker to gain access to an affected system with
netadmin privileges. The issue is due to improper authentication for requests sent to the API. An attacker could exploit this by sending a crafted request to the API, potentially allowing them to execute commands with netadmin privileges. The API endpoint is vulnerable to authentication bypass. The netadmin role provides elevated access, potentially leading to full control over the affected system.Recommendations
Upgrade to Cisco Catalyst SD-WAN Manager version 20.18 or later.
Fix
Improper Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Cisco Catalyst Sd-Wan Manager