Detections
Analytics

Cisco Catalyst SD-WAN Manager Vulnerabilities (cisco-sa-sdwan-mltvnps2-JxpWm7R)

high Nessus Plugin ID 315344

Language:

Synopsis

The remote device is missing a vendor-supplied security patch

Description

According to its self-reported version, Cisco SD-WAN Viptela Software is affected by multiple vulnerabilities.

 - A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an unauthenticated, remote attacker to read arbitrary files that are stored in an affected system. The attacker does not need to have valid user credentials. This vulnerability is due to improper handling of XML External Entity (XXE) entries when parsing an XML file. An attacker could exploit this vulnerability by sending a crafted request to an affected system. A successful exploit could allow the attacker to read arbitrary files that are stored in the affected system. (CVE-2026-20224)

 - A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, remote attacker with read-only permissions to elevate their privileges from low to high and perform actions as a high-privileged user. This vulnerability exists because sensitive session information is recorded in audit logs. An attacker could exploit this vulnerability by elevating their read-only permissions in Cisco Catalyst SD-WAN Manager to those of a high-privileged user. A successful exploit could allow the attacker to perform actions as a high-privileged user. (CVE-2026-20209)

 - A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, remote attacker with read-only permissions to modify configurations and perform unauthorized actions on an affected system. This vulnerability exists because of a failure to redact sensitive information within device configurations and templates. An attacker could exploit this vulnerability by elevating their read-only permissions to those of a high-privileged user. A successful exploit could allow the attacker to access or modify configuration settings within Cisco Catalyst SD-WAN Manager as a high-privileged user. (CVE-2026-20210)

Please see the included Cisco BIDs and Cisco Security Advisory for more information.

Solution

Upgrade to the relevant fixed version referenced in Cisco bug IDs CSCwt38739, CSCwt38767, CSCwt55544

See Also

http://www.nessus.org/u?dd5ff77a

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwt38739

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwt38767

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwt55544

Plugin Details

Severity: High

ID: 315344

File Name: cisco-sa-sdwan-mltvnps2-JxpWm7R.nasl

Version: 1.1

Type: Local

Family: CISCO

Published: 5/19/2026

Updated: 5/19/2026

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.2

CVSS v2

Risk Factor: High

Base Score: 7.8

Temporal Score: 5.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N

CVSS Score Source: CVE-2026-20224

CVSS v3

Risk Factor: High

Base Score: 8.6

Temporal Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:cisco:sd-wan_firmware

Required KB Items: Cisco/Viptela/Version

Exploit Ease: No known exploits are available

Patch Publication Date: 5/14/2026

Vulnerability Publication Date: 5/14/2026

Reference Information

CVE: CVE-2026-20209, CVE-2026-20210, CVE-2026-20224