Skip to main content

Cisco Catalyst SD-WAN Manager CVE-2026-20210

| EUVDEUVD-2026-30326 MEDIUM
Logging of Excessive Data (CWE-779)
2026-05-14 cisco GHSA-m7f8-vg5v-4m9m
5.4
CVSS 3.1 · Vendor: cisco
Share

Severity by source

Vendor (cisco) PRIMARY
5.4 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Primary rating from Vendor (cisco) · only source for this CVE.

CVSS VectorVendor: cisco

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

2
Analysis Generated
May 14, 2026 - 17:32 vuln.today
CVE Published
May 14, 2026 - 16:08 nvd
MEDIUM 5.4

DescriptionCVE.org

A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, remote attacker with read-only permissions to modify configurations and perform unauthorized actions on an affected system.

This vulnerability exists because of a failure to redact sensitive information within device configurations and templates. An attacker could exploit this vulnerability by elevating their read-only permissions to those of a high-privileged user. A successful exploit could allow the attacker to access or modify configuration settings within Cisco Catalyst SD-WAN Manager as a high-privileged user.

AnalysisAI

Cisco Catalyst SD-WAN Manager web UI fails to properly redact sensitive information in device configurations and templates, allowing authenticated users with read-only permissions to extract and leverage privileged credentials to escalate their access and modify system configurations. The vulnerability affects all versions of the product and requires only network access and valid (albeit minimal) read-only credentials; successful exploitation grants attackers high-privileged administrative capability over the SD-WAN fabric.

Technical ContextAI

Cisco Catalyst SD-WAN Manager is a centralized management platform for SD-WAN deployments. The vulnerability stems from CWE-779 (Improper Log Redaction of Sensitive Information), where sensitive data such as API tokens, passwords, or pre-authentication credentials embedded in device configuration templates are not properly masked or removed before being presented to low-privileged users via the web UI. An attacker with read-only role access can extract these credentials from configuration or template endpoints, then use them to assume a higher-privileged context. The CPE cpe:2.3:a:cisco:cisco_catalyst_sd-wan_manager:*:*:*:*:*:*:*:* indicates the vulnerability affects all versions of the product line.

RemediationAI

Apply the vendor-released patch from Cisco as documented in the advisory https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-mltvnps2-JxpWm7R (note: exact patched versions not provided in available data - consult advisory for your release train). Pending patch deployment, implement compensating controls: (1) Restrict read-only role assignment to trusted internal personnel only; revoke read-only access for contractors, temporary staff, or third-party integrations not requiring configuration visibility-this eliminates the attacker prerequisite of valid credentials. (2) Enable and audit web UI activity logging for all configuration and template retrieval operations; escalate any read-only user accessing device templates or configurations containing sensitive fields. (3) Implement network-level access controls to limit SD-WAN Manager web UI access (typically HTTPS port 443) to a jumphost or management network, reducing the pool of authenticated users who can reach the vulnerable interface. (4) Rotate all API tokens, device credentials, and pre-shared secrets stored in device configurations and templates immediately after patching, as these are readable by current read-only users. The first control (credential restriction) is most effective but may impact legitimate use cases; audit and adjust RBAC before enforcement.

Share

CVE-2026-20210 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy