Detections
Analytics
Cisco Catalyst SD-WAN Vulnerabilities (cisco-sa-sdwan-authbp-qwCX8D4v)
high Nessus Plugin ID 299999
Language:
Synopsis
The remote device is missing a vendor-supplied security patchDescription
According to its self-reported version, Cisco SD-WAN Viptela Software is affected by multiple vulnerabilities.- A vulnerability in the API user authentication of Cisco Catalyst SD-WAN Manager could allow an unauthenticated, remote attacker to gain access to an affected system as a user who has thenetadmin role. The vulnerability is due to improper authentication for requests that are sent to the API. An attacker could exploit this vulnerability by sending a crafted request to the API of an affected system. A successful exploit could allow the attacker to execute commands with the privileges of the netadmin role.
Note: Cisco Catalyst SD-WAN Manager releases 20.18 and later are not affected by this vulnerability.
(CVE-2026-20129)
- A vulnerability in Cisco Catalyst SD-WAN Manager could allow an authenticated, local attacker with low privileges to gain root privileges on the underlying operating system. This vulnerability is due to an insufficient user authentication mechanism in the REST API. An attacker could exploit this vulnerability by sending a request to the REST API of the affected system. A successful exploit could allow the attacker togain root privileges on the underlying operating system. (CVE-2026-20126)
- A vulnerability in the API of Cisco Catalyst SD-WAN Manager could allow an authenticated, remote attacker to overwrite arbitrary files on the local file system. To exploit this vulnerability, the attacker must have valid read-only credentials with API access on the affected system. This vulnerability is due to improper file handling on the API interface of an affected system. An attacker could exploit this vulnerability by uploading a malicious file on the local file system. A successful exploit could allow the attacker to overwrite arbitrary files on the affected systemand gain vmanage user privileges.
(CVE-2026-20122)
- A vulnerability in the Data Collection Agent (DCA) feature of Cisco Catalyst SD-WAN Manager could allow an authenticated, local attacker to gain DCA user privileges on an affected system. To exploit this vulnerability, the attacker must have validvmanage credentials on the affected system. This vulnerability is due to the presence of a credential file for the DCA user on an affected system. An attacker could exploit this vulnerability by accessing the filesystem as a low-privileged user and reading the file that contains the DCA password from that affected system. A successful exploit could allow the attacker to access another affected system and gain DCA user privileges. Note: Cisco Catalyst SD-WAN Manager releases 20.18 and later are not affected by this vulnerability. (CVE-2026-20128)
- A vulnerability in Cisco Catalyst SD-WAN Manager could allow an unauthenticated, remote attacker to view sensitive information on an affected system. This vulnerability is due to insufficient file system access restrictions. An attacker could exploit this vulnerability by accessing the API of an affected system. A successful exploit could allow the attacker to read sensitive information on the underlying operating system. (CVE-2026-20133)
Please see the included Cisco BIDs and Cisco Security Advisory for more information.
Solution
Upgrade to the relevant fixed version referenced in Cisco bug IDs CSCws33583, CSCws33584, CSCws33586, CSCws93470.See Also
http://www.nessus.org/u?e8b27ea7
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCws33583
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCws33584
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCws33585
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCws33586
Plugin Details
Severity: High
ID: 299999
File Name: cisco-sa-sdwan-authbp-qwCX8D4v.nasl
Version: 1.5
Type: local
Family: CISCO
Published: 2/26/2026
Updated: 3/19/2026
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Critical
Score: 9.2
CVSS v2
Risk Factor: Critical
Base Score: 10
Temporal Score: 7.4
Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS Score Source: CVE-2026-20129
CVSS v3
Risk Factor: High
Base Score: 7.8
Temporal Score: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
CVSS Score Source: CVE-2026-20126
Vulnerability Information
CPE: cpe:/o:cisco:sd-wan_firmware
Required KB Items: Cisco/Viptela/Version
Exploit Ease: No known exploits are available
Patch Publication Date: 2/25/2026
Vulnerability Publication Date: 2/25/2026
Reference Information
CVE: CVE-2026-20122, CVE-2026-20126, CVE-2026-20128, CVE-2026-20129, CVE-2026-20133
CISCO-SA: cisco-sa-sdwan-authbp-qwCX8D4v
CISCO-BUG-ID: CSCws33583, CSCws33584, CSCws33586, CSCws93470