Cisco Sd-Wan Vsmart Controller vulnerabilities

5 known vulnerabilities affecting cisco/sd-wan_vsmart_controller.

Total CVEs

5

CISA KEV

2

actively exploited

Public exploits

1

Exploited in wild

0

Severity breakdown

CRITICAL1HIGH3MEDIUM1

Vulnerabilities

Page 1 of 1

CVE-2026-20127CRITICALCVSS 10.0KEVPoCfixed in 20.9.8.2≥ 20.11, < 20.12.5.3+3 more2026-02-25

CVE-2026-20127 [CRITICAL] CWE-287 CVE-2026-20127: A vulnerability in the peering authentication in Cisco Catalyst SD-WAN Controller, formerly SD-WAN v A vulnerability in the peering authentication in Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, and Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an unauthenticated, remote attacker to bypass authentication and obtain administrative privileges on an affected system. This vulnerability exists because the peering au

CVE-2022-20775HIGHCVSS 7.8KEVfixed in 20.6.3≥ 20.7, < 20.7.2+1 more2022-09-30

CVE-2022-20775 [HIGH] CWE-25 CVE-2022-20775: A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain elevated privileges. This vulnerability is due to improper access controls on commands within the application CLI. An attacker could exploit this vulnerability by running a maliciously crafted command on the application CLI. A successful exploit cou

CVE-2022-20818HIGHCVSS 7.8fixed in 20.92022-09-30

CVE-2022-20818 [HIGH] CWE-25 CVE-2022-20818: Multiple vulnerabilities in the CLI of Cisco SD-WAN Software could allow an authenticated, local att Multiple vulnerabilities in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain elevated privileges. These vulnerabilities are due to improper access controls on commands within the application CLI. An attacker could exploit these vulnerabilities by running a malicious command on the application CLI. A successful explo

CVE-2022-20850HIGHCVSS 7.1fixed in 18.4.52022-09-30

CVE-2022-20850 [MEDIUM] CWE-22 CVE-2022-20850: A vulnerability in the CLI of stand-alone Cisco IOS XE SD-WAN Software and Cisco SD-WAN Software cou A vulnerability in the CLI of stand-alone Cisco IOS XE SD-WAN Software and Cisco SD-WAN Software could allow an authenticated, local attacker to delete arbitrary files from the file system of an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by injecting arbitrary file path in

CVE-2022-20930MEDIUMCVSS 6.7fixed in 20.6.2v20.8+1 more2022-09-30

CVE-2022-20930 [MEDIUM] CWE-88 CVE-2022-20930: A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to overwrite and possibly corrupt files on an affected system. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by injecting arbitrary commands that are executed as the root user account. A successful