[Content]
Forwarded from TWCERTCC-200-202602-00000014

Cisco Catalyst SD-WAN is Cisco’s cloud-centric Software-Defined Wide Area Network (SD-WAN) architecture that provides centralized management, secure encryption, and application performance optimization to ensure reliable connectivity across multi-cloud environments. Recently, Cisco released a critical security advisory.

【CVE-2026-20127, CVSS: 10.0】 This vulnerability exists in Cisco Catalyst SD-WAN Controller (formerly vSmart). An unauthenticated remote attacker may exploit this vulnerability to bypass authentication mechanisms and obtain administrative privileges on the affected system.

【CVE-2026-20126, CVSS: 8.8】 This vulnerability exists in Cisco Catalyst SD-WAN Manager (formerly vManage). It may allow an authenticated attacker with local low privileges to send crafted requests through the REST API and gain root privileges on the underlying operating system.

【CVE-2026-20129, CVSS: 9.8】 This vulnerability exists in the API user authentication of Cisco Catalyst SD-WAN Manager. It allows an unauthenticated remote attacker to use specially crafted API requests to access the affected system with the privileges of a user assigned the netadmin role. Note: Cisco Catalyst SD-WAN Controller (formerly vSmart) and Cisco Catalyst SD-WAN Manager (formerly vManage) have been observed being actively exploited in attack activities. Please take mitigation measures as soon as possible.

(Information Sharing Level: WHITE (Information content can be publicly disclosed)

[Affected Platform]
【CVE-2026-20127】 Cisco Catalyst SD-WAN version 20.9, Cisco Catalyst SD-WAN version 20.11, Cisco Catalyst SD-WAN version 20.12.5, Cisco Catalyst SD-WAN version 20.12.6, Cisco Catalyst SD-WAN version 20.13, Cisco Catalyst SD-WAN version 20.14, Cisco Catalyst SD-WAN version 20.15, Cisco Catalyst SD-WAN version 20.16, Cisco Catalyst SD-WAN version 20.18

【CVE-2026-20126、CVE-2026-20129】 Cisco Catalyst SD-WAN Manager version 20.9, Cisco Catalyst SD-WAN Manager version 20.11, Cisco Catalyst SD-WAN Manager version 20.12.5, Cisco Catalyst SD-WAN Manager version 20.126, Cisco Catalyst SD-WAN Manager version 20.13, Cisco Catalyst SD-WAN Manager version 20.14, Cisco Catalyst SD-WAN Manager version 20.15, Cisco Catalyst SD-WAN Manager version 20.16, Cisco Catalyst SD-WAN Manager version 20.18

[Recommended Actions]
Please update to the following versions:

【CVE-2026-20127】 Cisco Catalyst SD-WAN version 20.9.8.2 and later versions Cisco Catalyst SD-WAN version 20.12.6.1 and later versions Cisco Catalyst SD-WAN version 20.12.5.3 and later versions Cisco Catalyst SD-WAN version 20.12.6.1 and later versions Cisco Catalyst SD-WAN version 20.15.4.2 and later versions Cisco Catalyst SD-WAN version 20.18.2.1 and later versions

【CVE-2026-20126、CVE-2026-20129】 Cisco Catalyst SD-WAN Manager version 20.9.8.2 and later versions Cisco Catalyst SD-WAN Manager version 20.12.6.1 and later versions Cisco Catalyst SD-WAN Manager version 20.12.5.3 and later versions Cisco Catalyst SD-WAN Manager version 20.12.6.1 and later versions Cisco Catalyst SD-WAN Manager version 20.15.4.2 and later versions Cisco Catalyst SD-WAN Manager version 20.15.4.2 and later versions Cisco Catalyst SD-WAN Manager version 20.18.2.1 and later versions