CVE-2026-20210: Logging of Excessive Data in Cisco Cisco Catalyst SD-WAN Manager
A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, remote attacker with read-only permissions to modify configurations and perform unauthorized actions on an affected system. This vulnerability exists because of a failure to redact sensitive information within device configurations and templates. An attacker could exploit this vulnerability by elevating their read-only permissions to those of a high-privileged user. A successful exploit could allow the attacker to access or modify configuration settings within Cisco Catalyst SD-WAN Manager as a high-privileged user.
AI Analysis
Technical Summary
This vulnerability in Cisco Catalyst SD-WAN Manager's web UI allows an authenticated attacker with read-only access to escalate privileges due to improper redaction of sensitive data in device configurations and templates. Exploiting this flaw could enable unauthorized modification of configuration settings by elevating the attacker's permissions to a high-privileged user level. The CVSS 3.1 base score is 5.4 (medium severity), reflecting network attack vector, low attack complexity, required privileges, no user interaction, and impact on confidentiality and integrity but not availability. Affected versions span many releases of the product. No patch or official remediation level is indicated in the provided data.
Potential Impact
Successful exploitation could allow an attacker with initially read-only access to gain high-privileged user permissions and modify configuration settings within Cisco Catalyst SD-WAN Manager. This impacts the confidentiality and integrity of the system's configuration data but does not affect availability. No known exploits in the wild have been reported to date.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, restrict read-only user access to trusted personnel and monitor for unusual privilege escalations. Follow Cisco's security advisories for updates on patches or workarounds.
CVE-2026-20210: Logging of Excessive Data in Cisco Cisco Catalyst SD-WAN Manager
Description
A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, remote attacker with read-only permissions to modify configurations and perform unauthorized actions on an affected system. This vulnerability exists because of a failure to redact sensitive information within device configurations and templates. An attacker could exploit this vulnerability by elevating their read-only permissions to those of a high-privileged user. A successful exploit could allow the attacker to access or modify configuration settings within Cisco Catalyst SD-WAN Manager as a high-privileged user.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability in Cisco Catalyst SD-WAN Manager's web UI allows an authenticated attacker with read-only access to escalate privileges due to improper redaction of sensitive data in device configurations and templates. Exploiting this flaw could enable unauthorized modification of configuration settings by elevating the attacker's permissions to a high-privileged user level. The CVSS 3.1 base score is 5.4 (medium severity), reflecting network attack vector, low attack complexity, required privileges, no user interaction, and impact on confidentiality and integrity but not availability. Affected versions span many releases of the product. No patch or official remediation level is indicated in the provided data.
Potential Impact
Successful exploitation could allow an attacker with initially read-only access to gain high-privileged user permissions and modify configuration settings within Cisco Catalyst SD-WAN Manager. This impacts the confidentiality and integrity of the system's configuration data but does not affect availability. No known exploits in the wild have been reported to date.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, restrict read-only user access to trusted personnel and monitor for unusual privilege escalations. Follow Cisco's security advisories for updates on patches or workarounds.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- cisco
- Date Reserved
- 2025-10-08T11:59:15.398Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a05fd9fec166c07b0f9316c
Added to database: 5/14/2026, 4:51:43 PM
Last enriched: 5/14/2026, 5:08:28 PM
Last updated: 5/15/2026, 6:27:13 AM
Views: 10
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.