—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256

Authentication Bypass Vulnerability in Cisco Catalyst SD-WAN Controller

Indian – Computer Emergency Response Team (https://www.cert-in.org.in)

Severity Rating: CRITICAL

Systems Affected

Cisco Catalyst SD-WAN Controller

Cisco Catalyst SD-WAN Manager

Cisco Catalyst SD-WAN Validator

Overview

A vulnerability has been reported in the peering authentication in Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, and Cisco Catalyst SD-WAN Validator, formerly SD-WAN vBond could allow an unauthenticated, remote attacker to bypass authentication and obtain administrative privileges on an affected system.

Target Audience: 

All IT administrators and individuals responsible for maintaining and updating in Software.

Risk Assessment:

High risk of data manipulation and service disruption.

Impact Assessment:

Potential impact on confidentiality, integrity, and availability of the system.

Description

This vulnerability exists due to peering authentication mechanism in an affected system is not working properly. An attacker could exploit this vulnerability by sending a crafted requests to the affected system.

Successful exploitation of this vulnerability could allow the attacker to obtain user-level access to the underlying operating system and then elevate privileges to root.

Solution

Apply appropriate updates as mentioned in Cisco Advisory

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-rpa2-v69WY2SW

Vendor Information

CISCO

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-rpa2-v69WY2SW

References

CISCO

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-rpa2-v69WY2SW

CVE Name

CVE-2026-20182

– —

Thanks and Regards,

CERT-In

Incident Response Help Desk

e-mail: incident@cert-in.org.in

Phone: +91-11-22902657

Toll Free Number: 1800-11-4949

Toll Free Fax : 1800-11-6969

Web: http://www.cert-in.org.in

PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4

PGP Key information:

https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS

Postal address:

Indian Computer Emergency Response Team (CERT-In)

Ministry of Electronics and Information Technology

Government of India

Electronics Niketan

6, C.G.O. Complex

New Delhi-110 003

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmo6lzwACgkQ3jCgcSdc

ys/Dqg/+M17g1/mOGbm2vB3jLa8Oz29zwaat2MEzRJil1GpUt9HSdBmWtkmfzGgy

Anu2XI0So/H/rQ305JdcRrLVY2raCm8PZZKcgi7yyvj3RfiBKounVE4+g3v/ag/M

TuIckdz7xfEP/tkLdnt2Lgcrvg57z3OB4wjbqLPTPquxiFpynSAegxaHYqYOzD23

MuaNh4FiraYZ+u7zBtSZONcrufKEnDHW0zp4+b+ZDWZGL/MOrqc7BLQPfVvVoJ7M

g+QgFWoaoyLJ/HNrwJj4UbKIeGU1rKgy+BmictHqYNZv/Avc4a6eeoqs6Iu9rZed

FqwDmCxIsrnUw3eVlhSiZsUYtGaJQHMp7DfMOP290mvVe6h2aSHVBsLqWMiEGDTD

MGNvgRtnAMR2wLI8/YFn+rXXXL3CO+HnZHSpKh8WQyFy5HzmuRGfi8NVZ/jLnVst

WrAVH5k/K9/PJS/pIYB2e18xIuUrwFGQ8hGX9q4yKu2tZ9sURmQuDkTcKkGBoFVn

PX08F3P6UM1NqauaV8gP5A9VAu6FL7riIGo2RTKdePBujg0m9riH0r5vjyEdP2Vh

Cawhqxh7uQlnZXOac5h+axN398PTSTr0HKC6wDHNufMF/37zYZAgTteo9WS4D1+r

UdmzsNumSvRyIjxASX+hgI3c4MmGL5mdTNPw3Erw5EeWN4A9NFI=

=mV5k

—–END PGP SIGNATURE—–