CVE-2026-20133

{"id": "CVE-2026-20133", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "psirt@cisco.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2026-02-25T17:25:30.983", "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-authbp-qwCX8D4v", "tags": ["Vendor Advisory"], "source": "psirt@cisco.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "psirt@cisco.com", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in Cisco Catalyst SD-WAN Manager could allow an unauthenticated, remote attacker to view sensitive information on an affected system.\r\n\r\nThis vulnerability is due to insufficient file system access restrictions. An attacker could exploit this vulnerability by accessing the API of an affected system. A successful exploit could allow the attacker to read sensitive information on the underlying operating system."}, {"lang": "es", "value": "Una vulnerabilidad en Cisco Catalyst SD-WAN Manager podr\u00eda permitir a un atacante remoto no autenticado ver informaci\u00f3n sensible en un sistema afectado.\n\nEsta vulnerabilidad se debe a restricciones de acceso al sistema de archivos insuficientes. Un atacante podr\u00eda explotar esta vulnerabilidad al acceder a la API de un sistema afectado. Un exploit exitoso podr\u00eda permitir al atacante leer informaci\u00f3n sensible en el sistema operativo subyacente."}], "lastModified": "2026-03-04T21:20:11.183", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0388BD67-C1AD-4E47-8B1A-22EE1634190E", "versionEndExcluding": "20.9.8.2"}, {"criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "344CA479-F60F-4CD6-83F7-4DB38DF2EAEB", "versionEndExcluding": "20.12.5.3", "versionStartIncluding": "20.11"}, {"criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D284EA84-6C27-4A9C-BDA2-D1C5BF1F2356", "versionEndExcluding": "20.15.4.2", "versionStartIncluding": "20.13"}, {"criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B94E1DC2-5DA5-4238-8040-6D524DDEAA4F", "versionEndExcluding": "20.18.2.1", "versionStartIncluding": "20.16"}, {"criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.12.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F5B6E170-73B8-4838-93B4-AD258F3BCA7C"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@cisco.com"}