CVE-2026-20128

A vulnerability in the Data Collection Agent (DCA) feature of Cisco Catalyst SD-WAN Manager could allow an authenticated, local attacker to gain DCA user privileges on an affected system. To exploit this vulnerability, the attacker must have valid vmanage credentials on the affected system. This vulnerability is due to the presence of a credential file for the DCA user on an affected system. An attacker could exploit this vulnerability by accessing the filesystem as a low-privileged user and reading the file that contains the DCA password from that affected system. A successful exploit could allow the attacker to access another affected system and gain DCA user privileges. Note: Cisco Catalyst SD-WAN Manager releases 20.18 and later are not affected by this vulnerability.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 0.8 / Impact : 6.0

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-authbp-qwCX8D4v	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:cisco:catalyst_sd-wan_manager::::::::
	cpe:2.3:a:cisco:catalyst_sd-wan_manager::::::::
	cpe:2.3:a:cisco:catalyst_sd-wan_manager::::::::
	cpe:2.3:a:cisco:catalyst_sd-wan_manager::::::::
	cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.12.6:::::::*

History

04 Mar 2026, 21:13

Type	Values Removed	Values Added
First Time		Cisco Cisco catalyst Sd-wan Manager
CPE		cpe:2.3:a:cisco:catalyst_sd-wan_manager:::::::: cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.12.6:::::::*
References	~~() https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-authbp-qwCX8D4v -~~	() https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-authbp-qwCX8D4v - Vendor Advisory

25 Feb 2026, 17:25

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-02-25 17:25

Updated : 2026-03-04 21:13

NVD link : CVE-2026-20128

Mitre link : CVE-2026-20128

CVE.ORG link : CVE-2026-20128

JSON object : View

Products Affected

cisco

catalyst_sd-wan_manager

CWE

CWE-257

Storing Passwords in a Recoverable Format

{"id": "CVE-2026-20128", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "psirt@cisco.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 0.8}]}, "published": "2026-02-25T17:25:30.150", "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-authbp-qwCX8D4v", "tags": ["Vendor Advisory"], "source": "psirt@cisco.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "psirt@cisco.com", "description": [{"lang": "en", "value": "CWE-257"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the Data Collection Agent (DCA) feature of Cisco Catalyst SD-WAN Manager could allow an authenticated, local attacker to gain DCA user privileges on an affected system. To exploit this vulnerability, the attacker must have valid vmanage credentials on the affected system.\r\n\r\nThis vulnerability is due to the presence of a credential file for the DCA user on an affected system. An attacker could exploit this vulnerability by accessing the filesystem as a low-privileged user and reading the file that contains the DCA password from that affected system. A successful exploit could allow the attacker to access another affected system and gain DCA user privileges.\r\nNote: Cisco Catalyst SD-WAN Manager releases 20.18 and later are not affected by this vulnerability."}], "lastModified": "2026-03-04T21:13:56.113", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0388BD67-C1AD-4E47-8B1A-22EE1634190E", "versionEndExcluding": "20.9.8.2"}, {"criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "344CA479-F60F-4CD6-83F7-4DB38DF2EAEB", "versionEndExcluding": "20.12.5.3", "versionStartIncluding": "20.11"}, {"criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D284EA84-6C27-4A9C-BDA2-D1C5BF1F2356", "versionEndExcluding": "20.15.4.2", "versionStartIncluding": "20.13"}, {"criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "79B0897E-0FF3-44CA-901F-A10A6921672D", "versionEndExcluding": "20.18", "versionStartIncluding": "20.16"}, {"criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.12.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F5B6E170-73B8-4838-93B4-AD258F3BCA7C"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@cisco.com"}