Skip to main content

Cisco Catalyst Sd Wan Manager CVE-2026-20108

| EUVDEUVD-2026-15437 MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2026-03-25 cisco GHSA-4wfv-hq2x-7m5r
5.4
CVSS 3.1 · Vendor: cisco
Share

Severity by source

Vendor (cisco) PRIMARY
5.4 MEDIUM
AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Primary rating from Vendor (cisco) · only source for this CVE.

CVSS VectorVendor: cisco

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

3
EUVD ID Assigned
Mar 25, 2026 - 16:16 euvd
EUVD-2026-15437
Analysis Generated
Mar 25, 2026 - 16:16 vuln.today
CVE Published
Mar 25, 2026 - 16:09 nvd
MEDIUM 5.4

DescriptionCVE.org

A vulnerability in the web-based management interface of Cisco Catalyst SD-WAN Manager could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by persuading a user of the web-based management interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.

AnalysisAI

Cisco Catalyst SD-WAN Manager's web interface contains a reflected cross-site scripting (XSS) vulnerability that requires user interaction and authentication to exploit. An attacker can craft a malicious link to execute arbitrary JavaScript in a victim's browser session, potentially stealing sensitive information or performing unauthorized actions within the management interface. No patch is currently available.

Technical ContextAI

This vulnerability is classified as CWE-79 (Improper Neutralization of Input During Web Page Generation), a reflected or stored XSS flaw in a web application. The Cisco Catalyst SD-WAN Manager (CPE: cpe:2.3:a:cisco:cisco_catalyst_sd-wan_manager) is an enterprise network management platform used to centralize control of SD-WAN deployments. The root cause stems from the management interface's failure to properly sanitize or encode user-supplied input before rendering it in HTML context. This allows attackers to inject malicious JavaScript that executes with the privileges of the authenticated user viewing the page, potentially compromising session tokens, harvesting credentials, or modifying network configurations.

RemediationAI

Upgrade Cisco Catalyst SD-WAN Manager to a patched version released after the affected versions listed above; consult the Cisco Security Advisory (https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-xss-ZqkhP9W9) for the specific recommended version. Until patching is feasible, implement network-level mitigations including restricting management interface access to trusted administrator IP ranges via firewall rules, enforcing HTTPS/TLS for all connections to the management interface, and enabling HTTP Strict-Transport-Security (HSTS) headers to prevent downgrade attacks. Additionally, educate administrative users about phishing risks and suspicious links, and consider implementing web application firewalls (WAF) with XSS-detection signatures on any reverse proxy fronting the management interface. Monitor authentication logs for unusual access patterns that may indicate exploitation attempts.

Share

CVE-2026-20108 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy