Lucene search
K

48 matches found

The Hacker News
The Hacker News
added 2026/06/16 6:5 a.m.12 views

Cisco Releases Security Updates for Actively Exploited SD-WAN Manager Flaw

Cisco has released security updates for a medium-severity security flaw in Catalyst SD-WAN Manager that has come under active exploitation in the wild. The vulnerability, tracked as CVE-2026-20262 , carries a CVSS score of 6.5 out of 10.0. "A vulnerability in the web UI of Cisco Catalyst SD-WAN...

6.5CVSS5.8AI score0.07683EPSS
Exploits2
GithubExploit
GithubExploit
added 2026/06/14 10:23 a.m.122 views

Exploit for Improper Encoding or Escaping of Output in Cisco Catalyst_Sd-Wan_Manager

🚨 CVE-2026-20245 - Cisco Catalyst SD-WAN Manager Privilege Esc...

7.8CVSS6.8AI score0.25323EPSS
Exploits2
CISA KEV Catalog
CISA KEV Catalog
added 2026/06/09 12:0 a.m.7 views

Cisco Catalyst SD-WAN Manager Improper Encoding or Escaping of Output Vulnerability

Cisco Catalyst SD-WAN Manager formerly SD-WAN vManage contains an improper encoding or escaping of output vulnerability. This vulnerability could allow an authenticated, local attacker to execute arbitrary commands as root by supplying a crafted file to the affected system...

7.8CVSS6.2AI score0.25323EPSS
In wildExploits2
NCSC
NCSC
added 2026/05/15 8:19 a.m.19 views

Vulnerabilities found in Cisco Catalyst SD-WAN Controllers and Managers

Cisco has identified vulnerabilities in the Catalyst SD-WAN Controller and Manager products. Cisco has uncovered four vulnerabilities in these products. These vulnerabilities involve XXE injection, privilege escalation, and authentication bypass. The authentication bypass vulnerability resides in...

10CVSS6AI score0.88496EPSS
Exploits4References2
EUVD
EUVD
added 2026/05/14 4:8 p.m.7 views

EUVD-2026-30327

A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, remote attacker with read-only permissions to elevate their privileges from low to high and perform actions as a high-privileged user. This vulnerability exists because sensitive...

5.4CVSS5.8AI score0.00194EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.19 views

PT-2026-40960

Name of the Vulnerable Software and Affected Versions Cisco Catalyst SD-WAN Manager versions prior to 26.0.1 Description A flaw in the web UI of Cisco Catalyst SD-WAN Manager allows an authenticated remote attacker with read-only permissions to elevate their privileges to a high-privileged level...

5.4CVSS5.8AI score0.00194EPSS
Exploits0References4
The Hacker News
The Hacker News
added 2026/04/21 6:23 a.m.14 views

CISA Adds 8 Exploited Flaws to KEV, Sets April-May 2026 Federal Deadlines

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Monday added eight new vulnerabilities to its Known Exploited Vulnerabilities KEV catalog, including three flaws impacting Cisco Catalyst SD-WAN Manager, citing evidence of active exploitation. The list of vulnerabilities is as...

10CVSS7.7AI score0.99991EPSS
Exploits26
The Hacker News
The Hacker News
added 2026/03/05 3:22 p.m.14 views

Cisco Confirms Active Exploitation of Two Catalyst SD-WAN Manager Vulnerabilities

Cisco has disclosed that two more vulnerabilities affecting Catalyst SD-WAN Manager formerly SD-WAN vManage have come under active exploitation in the wild. The vulnerabilities in question are listed below - CVE-2026-20122 CVSS score: 7.1 - An arbitrary file overwrite vulnerability that could all...

10CVSS7.9AI score0.57793EPSS
Exploits14
VulnCheck KEV
VulnCheck KEV
added 2026/03/05 12:0 a.m.7 views

VulnCheck KEV: CVE-2026-20128

A vulnerability in the Data Collection Agent DCA feature of Cisco Catalyst SD-WAN Manager could allow an unauthenticated, remote attacker to gain DCA user privileges on an affected system. This vulnerability is due to the presence of a credential file for the DCA user on an affected system. An...

7.5CVSS5.8AI score0.05269EPSS
In wildExploits0References10
EUVD
EUVD
added 2026/02/25 6:31 p.m.5 views

EUVD-2026-8676

A vulnerability in the Data Collection Agent DCA feature of Cisco Catalyst SD-WAN Manager could allow an authenticated, local attacker to gain DCA user privileges on an affected system. To exploit this vulnerability, the attacker must have valid vmanage credentials on the affected system. This...

7.5CVSS5.5AI score0.05269EPSS
Exploits0References2
NVD
NVD
added 2026/02/25 5:25 p.m.7 views

CVE-2026-20128

A vulnerability in the Data Collection Agent DCA feature of Cisco Catalyst SD-WAN Manager could allow an unauthenticated, remote attacker to gain DCA user privileges on an affected system. This vulnerability is due to the presence of a credential file for the DCA user on an affected system. An...

7.5CVSS0.05269EPSS
Exploits0References2
OSV
OSV
added 2026/02/25 5:25 p.m.5 views

CVE-2026-20127

A vulnerability in the peering authentication in Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, and Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an unauthenticated, remote attacker to bypass authentication and obtain administrative privileges on an affected syste...

10CVSS5.8AI score0.57793EPSS
Exploits9References2
ATTACKERKB
ATTACKERKB
added 2026/02/25 4:14 p.m.3 views

CVE-2026-20122

A vulnerability in the API of Cisco Catalyst SD-WAN Manager could allow an authenticated, remote attacker to overwrite arbitrary files on the local file system. To exploit this vulnerability, the attacker must have valid read-only credentials with API access on the affected system. This...

5.4CVSS5.8AI score0.07016EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/02/25 4:14 p.m.31 views

CVE-2026-20127 Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability

A vulnerability in the peering authentication in Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, and Cisco Catalyst SD-WAN Validator, formerly SD-WAN vBond, could allow an unauthenticated, remote attacker to bypass authentication a...

10CVSS0.57793EPSS
Exploits9References1
ATTACKERKB
ATTACKERKB
added 2026/02/25 4:13 p.m.5 views

CVE-2026-20133

A vulnerability in Cisco Catalyst SD-WAN Software could allow an unauthenticated, remote attacker to view sensitive information on an affected system. This vulnerability is due to insufficient file system restrictions. An authenticated attacker with netadmin privileges could exploit this...

7.5CVSS7.5AI score0.10245EPSS
In wildExploits0References2Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-13921

Malicious code in bioql PyPI...

7.8CVSS6.4AI score0.00131EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 10:36 a.m.8 views

CVE-2024-20475

A vulnerability in the web-based management interface of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. This vulnerability exists because the web-based...

6.4CVSS6AI score0.00307EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:53 a.m.5 views

CVE-2023-20262

A vulnerability in the SSH service of Cisco Catalyst SD-WAN Manager could allow an unauthenticated, remote attacker to cause a process crash, resulting in a DoS condition for SSH access only. This vulnerability does not prevent the system from continuing to function, and web UI access is not...

7.5CVSS7.1AI score0.00744EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 1:45 a.m.12 views

CVE-2023-20261

A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager could allow an authenticated, remote attacker to retrieve arbitrary files from an affected system. This vulnerability is due to improper validation of parameters that are sent to the web UI. An attacker could exploit this vulnerabilit...

6.5CVSS6.8AI score0.00529EPSS
Exploits0References1
CNVD
CNVD
added 2025/05/14 12:0 a.m.2 views

Cisco Catalyst SD-WAN Manager Elevation of Privilege Vulnerability

Cisco Catalyst SD-WAN Manager is an API interface from Cisco for managing and configuring SD-WAN software-defined WAN devices. An elevation of privilege vulnerability exists in Cisco Catalyst SD-WAN Manager, which can be exploited by an attacker to cause an elevation of privilege...

7.8CVSS6.3AI score0.00131EPSS
Exploits0References1
Rows per page
Query Builder