—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256

Authentication Bypass Vulnerability in CISCO

Indian – Computer Emergency Response Team (https://www.cert-in.org.in)

Severity Rating: CRITICAL

Software Affected

Cisco Catalyst SD-WAN Controller and Cisco Catalyst SD-WAN Manager

Overview

A vulnerability has been reported in the peering authentication in Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, and Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage could allow an unauthenticated, remote attacker to bypass authentication and obtain administrative privileges on an affected system.

Target Audience: 

All IT administrators and individuals responsible for maintaining and updating in Software.

Risk Assessment:

High risk of data manipulation and service disruption.

Impact Assessment:

Potential impact on confidentiality, integrity, and availability of the system.

Description

This vulnerability exists due to the peering authentication mechanism in an affected system is not working properly. An attacker could exploit this vulnerability by sending crafted requests to an affected system.

Successful exploitation of this vulnerability could allow the attacker to log in to an affected Cisco Catalyst SD-WAN Controller as an internal, high-privileged, non-root user account. Using this account, the attacker could access NETCONF, which would then allow the attacker to manipulate network configuration for the SD-WAN fabric.

Solution

Apply appropriate updates as mentioned in Cisco Advisory

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-rpa-EHchtZk

Vendor Information

CISCO

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-rpa-EHchtZk

References

CISCO

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-rpa-EHchtZk

CVE Name

CVE-2026-20127

– —

Thanks and Regards,

CERT-In

Incident Response Help Desk

e-mail: incident@cert-in.org.in

Phone: +91-11-22902657

Toll Free Number: 1800-11-4949

Toll Free Fax : 1800-11-6969

Web: http://www.cert-in.org.in

PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4

PGP Key information:

https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS

Postal address:

Indian Computer Emergency Response Team (CERT-In)

Ministry of Electronics and Information Technology

Government of India

Electronics Niketan

6, C.G.O. Complex

New Delhi-110 003

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmmhm2cACgkQ3jCgcSdc

ys9c9A//cbv4kIicAal/tU/oghG/ejiTfvl5nRsZaXXN21kLZXBX/0eqeyTGdbOb

eP0YGklmRIkoJ6+JWKVuObJvI+x2YkXo/A0thSEB6fNDXMtktj6aSh6rNJxj/HVM

rklb8s6tlvR6Wh7tt1w5x/81TnUKR/Tr8OJ7MupQcgx6T0wx208cn+w888CuJZZ2

YL7aY+0Dm1VgTzhGkrD8qy2Q+gCmZiIDlqy96f62s7Dr6IdKUd8p7BftMGJ/qG2x

AXqJRsOj13+qQgwUj+D6BgKeFRmTK1S88yg3jJP8XgZCVOCf34Fuu7ePbXW6pe9+

9ocDIIRdd/5hA8ZTeHynQ6FbG6h9O1YqrwggfxG45nhRNK2yapHMQK6A+sc+j/4z

v8w9XD96MDUoDOIcONZhu8pArJjGCcp9SmHtfjs2GS0/k8+uf+yGxu3kA1mL7CqG

scKrVlF1yKaj2VajfalFc9+spcph07+fcwHsEm/qxSJ+3VQZW2uX25SpYGu9+1Te

0uOmcDohbVgIAV4LuSG/FEPc2SZ1nJ5ivaj2jMGfdrpj1DFyM7MXIOENOq4yn0Xh

N1TxrjQcf5BBubTuNB5Pc/QgK/Il8O+uK41o/QINZxVPRT0c6/Mh52HzHdM7CY2C

t2v6OwbFee6NzlYCUCxPTmudFIi+x99sYOdsQ+fTHpAjFsfJ6T0=

=wQ3u

—–END PGP SIGNATURE—–