""A vulnerability in the peering authentication in Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, and Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an unauthenticated, remote attacker to bypass authentication and obtain administrative privileges on an affected system," Cisco said."
""The vulnerability impacts the following deployments - On-Prem Deployment Cisco SD-WAN Cloud-Pro Cisco SD-WAN Cloud (Cisco Managed) Cisco SD-WAN for Government (FedRAMP)""
""This new authentication bypass vulnerability affects the 'vdaemon' service over DTLS (UDP port 12346), which is the same service that was vulnerable to CVE-2026-20127," Rapid7 researchers Jonah Burgess and Stephen Fewer said. "The new vulnerability is not a patch bypass of CVE-2026-20127. It is a different issue located in a similar part of the 'vdaemon' networking stack.""
Cisco released updates to address a maximum-severity authentication bypass flaw in Catalyst SD-WAN Controller. The vulnerability, CVE-2026-20182 with a CVSS score of 10.0, affects Cisco Catalyst SD-WAN Controller and related components. The flaw is caused by a malfunction in the peering authentication mechanism. An unauthenticated remote attacker can exploit it by sending crafted requests to bypass authentication and obtain administrative privileges. A successful exploit can allow login as an internal high-privileged non-root user account. The attacker can then use the access to reach NETCONF and manipulate network configuration for the SD-WAN fabric. The impact includes on-prem and multiple cloud deployments, including Cisco SD-WAN Cloud-Pro, Cisco SD-WAN Cloud (Cisco Managed), and Cisco SD-WAN for Government (FedRAMP). Rapid7 linked the issue to similar behavior in CVE-2026-20127 affecting the vdaemon service over DTLS on UDP port 12346, noting the new issue is distinct and not a patch bypass.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]