CVE-2026-20133
KEV
🔴 Łataj teraz
Niewystarczające ograniczenia dostępu do systemu plików w Cisco Catalyst SD-WAN Manager umożliwiają zdalne ujawnienie danych.
CVSS
6.5
EPSS
1.4%
Exploit
weaponized
Vendor
cisco
Opis źródłowy (NVD)
A vulnerability in Cisco Catalyst SD-WAN Software could allow an unauthenticated, remote attacker to view sensitive information on an affected system. This vulnerability is due to insufficient file system restrictions. An authenticated attacker with netadmin privileges could exploit this vulnerability by accessing the vshell of an affected system. A successful exploit could allow the attacker to read sensitive information on the underlying operating system.
brak
Brak patcha
Źródła i daty
| Źródło | Wartość |
|---|---|
| NVD – CVSS | 6.5 |
| CISA KEV (aktywnie wykorzystywane) | Tak |
| FIRST EPSS (prawdopodobieństwo exploita) | 1.4% |
| Opublikowano (NVD) | 2026-02-25 17:25:30 UTC |
| Ostatnia modyfikacja (NVD) | 2026-04-22 16:56:21 UTC |
Referencje
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-authbp-qwCX8D4v (psirt@cisco.com) [Vendor Advisory]
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-20133 (134c704f-9b21-4f2e-91b3-4a467353bcc0) [US Government Resource]