Cisco Catalyst SD-WAN Manager XSS Vulnerability
Summary
CERT-Bund has issued a security advisory for Cisco Catalyst SD-WAN Manager, detailing a Cross-Site Scripting (XSS) vulnerability. The advisory provides affected product versions and a CVSS score indicating a medium severity. Mitigation guidance is available.
What changed
CERT-Bund has published a security advisory (WID-SEC-2026-0872) concerning a Cross-Site Scripting (XSS) vulnerability in Cisco Catalyst SD-WAN Manager. The vulnerability, assigned a CVSS Base Score of 5.4 and Temporal Score of 4.7, allows a remote, authenticated attacker to execute arbitrary scripts in the user's browser. Several versions of Cisco Catalyst SD-WAN Manager are affected, including those prior to 20.12.5.3, 20.12.6.1, 20.15.4.2, and 20.18.2.1, as well as versions 20.13, 20.14, and prior to 20.15.5 and 20.16.
Organizations utilizing affected versions of Cisco Catalyst SD-WAN Manager should review the advisory for specific version information and apply available mitigations or update to patched versions as soon as possible to prevent potential exploitation. While the advisory indicates mitigation is available, the specific steps are not detailed in this summary, necessitating a review of the linked CERT-Bund advisory for actionable guidance to protect network infrastructure and data from XSS attacks.
What to do next
- Review affected Cisco Catalyst SD-WAN Manager versions
- Apply available mitigations or update to patched versions
Source document (simplified)
[WID-SEC-2026-0872] Cisco Catalyst SD-WAN Manager: Schwachstelle ermöglicht Cross-Site Scripting CVSS Base Score 5.4 (mittel) CVSS Temporal Score 4.7 (mittel) Remoteangriff ja Datum 25.03.2026 Stand 26.03.2026 Mitigation ja
Betroffene Systeme
Betriebssystem
- CISCO Appliance
Produktbeschreibung
Cisco Catalyst SD-WAN ist eine Netzwerklösung, die Software-definierte Wide-Area-Networking-Funktionen (SD-WAN) mit Cisco Catalyst Series Switches kombiniert, um die Netzwerkleistung an verteilten Standorten zu optimieren und zu sichern.
Produkte
25.03.2026
- Cisco Catalyst SD-WAN Manager <20.12.5.3
Cisco Catalyst SD-WAN Manager <20.12.6.1
Cisco Catalyst SD-WAN Manager <20.15.4.2
Cisco Catalyst SD-WAN Manager <20.18.2.1
Cisco Catalyst SD-WAN Manager 20.13
Cisco Catalyst SD-WAN Manager 20.14
Cisco Catalyst SD-WAN Manager <20.15.5
Cisco Catalyst SD-WAN Manager 20.16
Angriff
Angriff
Ein entfernter, authentisierter Angreifer kann eine Schwachstelle in Cisco Catalyst SD-WAN Manager ausnutzen, um einen Cross-Site Scripting Angriff durchzuführen. CVE Informationen Versionshistorie Feedback zum Advisory geben
Named provisions
Related changes
Source
Classification
Who this affects
Taxonomy
Browse Categories
Get Data Privacy & Cybersecurity alerts
Weekly digest. AI-summarized, no noise.
Free. Unsubscribe anytime.
Get alerts for this source
We'll email you when CERT-Bund Security Advisories publishes new changes.