CVE-2026-20128: Cisco Catalyst SD-WAN Manager Storing Passwords in a Recoverable Format Vulnerability
Summary
Cisco Catalyst SD-WAN Manager has a vulnerability that allows authenticated local attackers to gain DCA user privileges by accessing a credential file. CISA has issued guidance for assessing exposure and mitigating risks associated with affected Cisco SD-WAN devices.
IFF Assessment
The vulnerability allows an attacker to escalate privileges, which is detrimental to defenders.
Severity
The vulnerability allows for privilege escalation by an authenticated local attacker, impacting confidentiality and integrity with a moderate severity score.
CISA KEV: Listed as actively exploited. Federal patch due: April 23, 2026. Known ransomware use: Unknown.
Defender Context
This vulnerability in Cisco Catalyst SD-WAN Manager allows for privilege escalation by authenticated local attackers. Defenders should prioritize patching and follow CISA's guidance for mitigation and hardening of Cisco SD-WAN devices to prevent potential compromise and unauthorized access.