CVE-2026-20133

EUVD-2026-8678
A vulnerability in Cisco Catalyst SD-WAN Manager could allow an unauthenticated, remote attacker to view sensitive information on an affected system.

This vulnerability is due to insufficient file system access restrictions. An attacker could exploit this vulnerability by accessing the API of an affected system. A successful exploit could allow the attacker to read sensitive information on the underlying operating system.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
ciscocatalyst_sd-wan_manager
𝑥
< 20.9.8.2
ciscocatalyst_sd-wan_manager
20.11 ≤
𝑥
< 20.12.5.3
ciscocatalyst_sd-wan_manager
20.13 ≤
𝑥
< 20.15.4.2
ciscocatalyst_sd-wan_manager
20.16 ≤
𝑥
< 20.18.2.1
ciscocatalyst_sd-wan_manager
20.12.6
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-authbp-qwCX8D4v