CVE-2026-20209
MEDIUM
5,4
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: low
User Interaction: none
Scope: unchanged
Confidentiality: low
Integrity: low
Availability: none
Description
AI Translation Available
A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, remote attacker with read-only permissions to elevate their privileges from low to high and perform actions as a high-privileged user.
This vulnerability exists because sensitive session information is recorded in audit logs. An attacker could exploit this vulnerability by elevating their read-only permissions in Cisco Catalyst SD-WAN Manager to those of a high-privileged user. A successful exploit could allow the attacker to perform actions as a high-privileged user.
EPSS (Exploit Prediction Scoring System)
Trend Analysis
EPSS (Exploit Prediction Scoring System)
Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.
EPSS Score
0,0003
Percentile
0,1th
Updated
EPSS Score Trend (Last 6 Days)
779
Logging of Excessive Data
DraftCommon Consequences
Security Scopes Affected:
Availability
Non-Repudiation
Potential Impacts:
Dos: Resource Consumption (Cpu)
Dos: Resource Consumption (Other)
Hide Activities
Applicable Platforms
All platforms may be affected
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/c…
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/c…