Description
A vulnerability in Cisco Catalyst SD-WAN Software could allow an unauthenticated, remote attacker to view sensitive information on an affected system.

This vulnerability is due to insufficient file system restrictions. An authenticated attacker with netadmin privileges could exploit this vulnerability by accessing the vshell of an affected system. A successful exploit could allow the attacker to read sensitive information on the underlying operating system.
Published: 2026-02-25
Score: 6.5 Medium
EPSS: 10.2% Moderate
KEV: Yes
Impact: n/a
Action: n/a
AI Analysis

Impact

A vulnerability in Cisco Catalyst SD-WAN Manager allows an unauthenticated, remote attacker to view sensitive information on the underlying operating system due to insufficient file system restrictions. The flaw also permits an authenticated attacker with netadmin privileges to access the vshell, enabling reading of protected OS files. This weakness corresponds to CWE-200 and results in confidentiality compromise with no evidence of code execution or privilege escalation.

Affected Systems

Cisco Catalyst SD-WAN Manager, especially versions matching the specified CPEs such as 20.12.6, is affected. All installations without the vendor’s latest fix remain vulnerable.

Risk and Exploitability

The CVSS score of 6.5 denotes medium severity, while the EPSS score of 10% indicates a relatively high likelihood of exploitation. The vulnerability is listed in CISA’s KEV catalog. The attack vector is remote, leveraging insufficient file system permissions or the vshell interface, and the impact is limited to information disclosure.

Generated by OpenCVE AI on June 24, 2026 at 12:44 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Cisco Catalyst SD-WAN Manager patch to mitigate insufficient file system access restrictions.
  • If a patch cannot be applied immediately, isolate the SD-WAN Manager service from external networks and restrict API access to trusted internal hosts only.
  • Enforce file system permissions so the SD-WAN Manager process cannot read sensitive OS directories, tightening access control for protected files.

Generated by OpenCVE AI on June 24, 2026 at 12:44 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 24 Jun 2026 05:15:00 +0000

Type Values Removed Values Added
Title Remote Information Disclosure via Insufficient File System Restrictions in Cisco Catalyst SD-WAN Manager

Wed, 24 Jun 2026 00:00:00 +0000

Type Values Removed Values Added
Title Remote Information Disclosure via Insufficient File System Restrictions in Cisco Catalyst SD-WAN Manager

Tue, 23 Jun 2026 19:30:00 +0000

Type Values Removed Values Added
Title Information Disclosure via Insufficient File System Restrictions in Cisco Catalyst SD-WAN Manager

Tue, 23 Jun 2026 15:30:00 +0000

Type Values Removed Values Added
Title Information Disclosure via Insufficient File System Restrictions in Cisco Catalyst SD-WAN Manager

Thu, 18 Jun 2026 16:45:00 +0000

Type Values Removed Values Added
Title Information Disclosure via Insufficient File System Restrictions in Cisco Catalyst SD-WAN Manager

Wed, 17 Jun 2026 10:00:00 +0000

Type Values Removed Values Added
Title Information Disclosure via Insufficient File System Restrictions in Cisco Catalyst SD-WAN Manager

Tue, 16 Jun 2026 12:00:00 +0000

Type Values Removed Values Added
Title Information Disclosure via File System Restrictions in Cisco Catalyst SD-WAN Manager

Tue, 28 Apr 2026 09:45:00 +0000

Type Values Removed Values Added
Title Information Disclosure via File System Restrictions in Cisco Catalyst SD-WAN Manager

Wed, 22 Apr 2026 16:30:00 +0000

Type Values Removed Values Added
Title Cisco Catalyst SD-WAN Manager Information Disclosure Vulnerability

Wed, 22 Apr 2026 16:00:00 +0000

Type Values Removed Values Added
Description A vulnerability in Cisco Catalyst SD-WAN Manager could allow an unauthenticated, remote attacker to view sensitive information on an affected system. This vulnerability is due to insufficient file system access restrictions. An attacker could exploit this vulnerability by accessing the API of an affected system. A successful exploit could allow the attacker to read sensitive information on the underlying operating system. A vulnerability in Cisco Catalyst SD-WAN Software could allow an unauthenticated, remote attacker to view sensitive information on an affected system. This vulnerability is due to insufficient file system restrictions. An authenticated attacker with netadmin privileges could exploit this vulnerability by accessing the vshell of an affected system. A successful exploit could allow the attacker to read sensitive information on the underlying operating system.

Mon, 20 Apr 2026 20:15:00 +0000

Type Values Removed Values Added
References
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'active', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Mon, 20 Apr 2026 19:30:00 +0000

Type Values Removed Values Added
Metrics kev

{'dateAdded': '2026-04-20T00:00:00+00:00', 'dueDate': '2026-04-23T00:00:00+00:00'}


Wed, 04 Mar 2026 21:30:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:cisco:catalyst_sd-wan_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.12.6:*:*:*:*:*:*:*

Fri, 27 Feb 2026 05:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Thu, 26 Feb 2026 13:30:00 +0000

Type Values Removed Values Added
First Time appeared Cisco
Cisco catalyst Sd-wan Manager
Vendors & Products Cisco
Cisco catalyst Sd-wan Manager

Wed, 25 Feb 2026 17:15:00 +0000

Type Values Removed Values Added
Description A vulnerability in Cisco Catalyst SD-WAN Manager could allow an unauthenticated, remote attacker to view sensitive information on an affected system. This vulnerability is due to insufficient file system access restrictions. An attacker could exploit this vulnerability by accessing the API of an affected system. A successful exploit could allow the attacker to read sensitive information on the underlying operating system.
Title Cisco Catalyst SD-WAN Manager Information Disclosure Vulnerability
Weaknesses CWE-200
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N'}


Subscriptions

Cisco Catalyst Sd-wan Manager
cve-icon MITRE

Status: PUBLISHED

Assigner: cisco

Published:

Updated: 2026-04-22T15:31:56.704Z

Reserved: 2025-10-08T11:59:15.380Z

Link: CVE-2026-20133

cve-icon Vulnrichment

Updated: 2026-02-25T18:17:58.540Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-25T17:25:30.983

Modified: 2026-06-17T10:17:11.190

Link: CVE-2026-20133

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-24T12:45:04Z

Weaknesses
  • CWE-200

    Exposure of Sensitive Information to an Unauthorized Actor