Cisco Catalyst SD-WAN Manager Authenticated Privilege Escalation Vulnerability

A vulnerability in the CLI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, local attacker to execute arbitrary commands as root by supplying a crafted file to the affected system. This vulnerability is due to insufficient validation of user-supplied input...

CISA and Partners Release Guidance for Ongoing Global Exploitation of Cisco SD-WAN Systems

Update May 14, 2026: CISA has updated this Alert to include additional vulnerabilities, CVE-2026-20133 and CVE-2026-20182 and associated resources. The purpose of this Alert is to provide resources for organizations with Cisco Software-Defined Wide-Area Networking SD-WAN systems, including Federa...

Exploit for Improper Authentication in Cisco Catalyst_Sd-Wan_Manager

CVE-2026-20127 Scanner Overview This project is a Windows-based...

Exploit for Improper Authentication in Cisco Catalyst_Sd-Wan_Manager

CVE-2026-20127EXP Cisco Catalyst SD-WAN authentication bypa...

Cisco Catalyst SD-WAN Controller Authentication Bypass (cisco-sa-sdwan-rpa-EHchtZk)

According to its self-reported version, Cisco SD-WAN Viptela Software is affected by a vulnerability. - A vulnerability in the peering authentication in Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, and Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an...

Critical Cisco Catalyst Vulnerability Exploited in the wild (CVE-2026-20127)

Overview On February 25, 2026, Cisco disclosed a critical authentication bypass vulnerability in Cisco Catalyst SD‑WAN Controller and Cisco Catalyst SD‑WAN Manager, tracked as CVE‑2026‑20127, that allows an unauthenticated attacker to gain administrative access to affected systems. The Cisco...

Active exploitation of Cisco Catalyst SD-WAN by UAT-8616

Cisco Talos is tracking the active exploitation of CVE-2026-20127, a vulnerability in Cisco Catalyst SD-WAN Controller, formerly vSmart, that allows an unauthenticated remote attacker to bypass authentication and obtain administrative privileges on the affected system by sending a crafted request...

CVE-2025-20127

creationtimestamp| type| source ---|---|--- 2025-08-15 11:00:11+00:00| seen| https://t.me/truesecator/7332...

CVE-2024-20127

In Telephony, there is a possible out of bounds read due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09289881; Issue ID: MSV-2023...

CVE-2022-20127

In cet4tdatacback of cet4t.cc, there is a possible out of bounds write due to a double free. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12...

CVE-2021-20127

An arbitrary file deletion vulnerability exists in the file delete functionality of the Html5Servlet endpoint of Draytek VigorConnect 1.6.0-B3. This allows an authenticated user to arbitrarily delete files in any location on the target operating system with root privileges...

CVE-2017-20127

A vulnerability was found in KB Login Authentication Script 1.1 and classified as critical. Affected by this issue is some unknown functionality. The manipulation of the argument username/password with the input 'or''=' leads to sql injection. The attack may be launched remotely. The exploit has...

Cisco Prime Infrastructure Multiple Vulnerabilities (cisco-sa-pi-epnm-eRPWAXLe)

The version of Cisco Prime Infrastructure installed on the remote host is prior to 3.7.1, 3.8.1, 3.9.1 or 3.10.2. It is, therefore, affected by multiple vulnerabilities as referenced in the cisco-sa-pi-epnm-eRPWAXLe advisory: - An information disclosure vulnerability in the web-based management...

CVE-2023-20127

Cisco CVE-2023-20127 affects the web-based management interfaces of Prime Infrastructure and EPNM. The issue involves information disclosure and cross-site scripting (XSS) and cross-site request forgery (CSRF) vulnerabilities in the web UI, stemming from insufficient input validation and CSRF pro...

CVE-2023-20127 Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager EPNM could allow a remote attacker to obtain privileged information and conduct cross-site scripting XSS and cross-site request forgery CSRF attacks. For mor...

CVE-2017-20127

creationtimestamp| type| source ---|---|--- 2022-07-13 22:40:23+00:00| seen| https://t.me/cibsecurity/46197...

CVE-2017-20127 KB Login Authentication Script sql injection

A vulnerability was found in KB Login Authentication Script 1.1 and classified as critical. Affected by this issue is some unknown functionality. The manipulation of the argument username/password with the input 'or''=' leads to sql injection. The attack may be launched remotely. The exploit has...

CVE-2017-20127

KB Login Authentication Script 1.1 is affected by a SQL injection vulnerability. The issue arises from manipulating the username/password arguments with the payload 'or''=' which allows remote exploitation. The vulnerability is publicly disclosed and may be exploited by attackers. Connected docum...

CVE-2022-20127

CVE-2022-20127: Out-of-bounds write due to a double free in ce_t4t_data_cback (ce_t4t.cc) can lead to remote code execution with no user interaction on Android 10–12 (including 12L). Affected: Android versions listed in the CVE entry; multiple vendor advisories (Google Android bulletin; Red Hat/C...

CVE-2021-20127

creationtimestamp| type| source ---|---|--- 2021-10-13 20:26:50+00:00| seen| https://t.me/cibsecurity/30521...