VDB
CERTFR-2026-ALE-002
CERTFR-2026-ALE-002
PUBLISHED
CVSS 7.800000190734863 HIGH
Une vulnérabilité a été découverte dans Cisco Catalyst SD-WAN. Elle permet à un attaquant de provoquer un contournement de la politique de sécurité. Cisco indique que la vulnérabilité CVE-2026-20127 est activement exploitée.
Risk Scores
CVSS 3.1
7.800000190734863
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Cisco Catalyst SD-WAN Manager | 20.7.1.0.2, 20.3.3.1.10, 20.3.3.0.8 |
| Cisco | Cisco SD-WAN vEdge Cloud | 20.6.1, 18.4.3, 19.2.1 |
| Cisco | Cisco Catalyst SD-WAN | 17.3.1ESM2, 18.3.1, 19.2.1 |
| Cisco | Cisco SD-WAN vEdge Router | 20.6.3.2, 20.3.3, 20.4.1.1 |
| Cisco | Cisco SD-WAN vContainer | 20.3.1, 20.1.2, 18.3.8 |
Exploit Intelligence
- CIRCL exploited: CVE-2022-20775 (circl-sighting)
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-20775 (circl)
- 20220928 Cisco SD-WAN Software Privilege Escalation Vulnerabilities (circl)
- https://github.com/orangecertcc/security-research/security/advisories/GHSA-wmjv-552v-pxjc (circl)
- cisco-sa-sd-wan-priv-E6e8tEdF (circl)
- CIRCL seen: CVE-2022-20775 (circl-sighting)
- CIRCL seen: CVE-2022-20775 (circl-sighting)
- CIRCL seen: CVE-2022-20775 (circl-sighting)
- CIRCL seen: CVE-2022-20775 (circl-sighting)
- CIRCL seen: CVE-2022-20775 (circl-sighting)
…and 14 more exploits
Timeline
- Sep 28, 2022 CVE Published
- Feb 25, 2026 PoC Published
- Feb 25, 2026 PoC Published
- Feb 25, 2026 PoC Published
- Feb 25, 2026 PoC Published
- Feb 25, 2026 PoC Published
- Feb 26, 2026 PoC Published
- Feb 26, 2026 PoC Published
- Feb 26, 2026 PoC Published
- Feb 26, 2026 PoC Published
- Feb 26, 2026 PoC Published
- Feb 26, 2026 PoC Published