← Volver a CVEs
CVE-2026-20133
MEDIUMCISA KEV6.5
Descripcion
A vulnerability in Cisco Catalyst SD-WAN Software could allow an unauthenticated, remote attacker to view sensitive information on an affected system. This vulnerability is due to insufficient file system restrictions. An authenticated attacker with netadmin privileges could exploit this vulnerability by accessing the vshell of an affected system. A successful exploit could allow the attacker to read sensitive information on the underlying operating system.
Detalles CVE
Puntuacion CVSS v3.16.5
SeveridadMEDIUM
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosLOW
Interaccion usuarioNONE
Publicado2/25/2026
Ultima modificacion4/22/2026
Fuentenvd
Avistamientos honeypot0
CISA KEV
VendedorCisco
ProductoCatalyst SD-WAN Manager
Nombre vulnerabilidadCisco Catalyst SD-WAN Manager Exposure of Sensitive Information to an Unauthorized Actor Vulnerability
Fecha inclusion KEV2026-04-20
Fecha limite remediacion2026-04-23
Uso en ransomwareUnknown
Productos afectados
cisco:catalyst_sd-wan_manager
Debilidades (CWE)
CWE-200
Referencias
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-authbp-qwCX8D4v(psirt@cisco.com)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-20133(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.