A vulnerability in the Data Collection Agent (DCA) feature of Cisco Catalyst SD-WAN Manager could allow an unauthenticated, remote attacker to gain DCA user privileges on an affected system. This vulnerability is due to the presence of a credential file for the DCA user on an affected system. An attacker could exploit this vulnerability by sending a crafted HTTP request and reading the file that contains the DCA password from that affected system. A successful exploit could allow the attacker to access another affected system and gain DCA user privileges. Note: Cisco Catalyst SD-WAN Manager releases 20.18 and later are not affected by this vulnerability.
| Vendor | Product | Versions |
|---|---|---|
| cis | catalyst_sd-wan_manager | 20.1.12, 19.2.1, 18.4.4, 18.4.5, 20.1.1.1, 20.1.1, 19.3.0, 19.2.2, 19.2.099, 18.3.6, 18.3.7, 19.2.0, 18.3.8, 19.0.0, 19.1.0, 18.4.302, 18.4.303, 19.2.097, 19.2.098, 17.2.10, 18.3.6.1, 19.0.1a, 18.2.0, 18.4.3, 18.4.1, 17.2.8, 18.3.3.1, 18.4.0, 18.3.1, 17.2.6, 17.2.9, 18.3.4, 17.2.5, 18.3.1.1, 18.3.5, 18.4.0.1, 18.3.3, 17.2.7, 18.3.0, 19.2.3, 18.4.501_ES, 20.3.1, 20.1.2, 19.2.929, 19.2.31, 20.3.2, 19.2.32, 20.3.2.1, 20.3.2.1_927, 18.4.6, 20.3.2_928, 20.3.2_929, 20.4.1.0.1, 20.3.2.1_930, 19.2.4, 20.5.0.1.1, 20.4.1.1, 20.3.3, 19.2.4.0.1, 20.3.2_937, 20.5.1, 20.1.3, 20.3.3.0.4, 20.3.3.1.2, 20.3.3.1.1, 20.4.1.2, 20.3.3.0.2, 20.4.1.1.5, 20.4.1.0.02, 20.3.3.1.7, 20.3.3.1.5, 20.5.1.0.1, 20.3.3.1.10, 20.3.3.0.8, 20.4.2, 20.3.4, 20.3.3.0.14, 19.2.4.0.8, 19.2.4.0.9, 20.3.4.0.1, 20.3.2.0.5, 20.5.1.0.2, 20.6.1.1, 20.6.0.18.3, 20.3.2.0.6, 20.6.0.18.4, 20.4.2.0.2, 20.3.3.0.16, 20.6.1.0.1, 20.3.4.0.6, 20.7.1EFT2, 20.3.4.0.9, 20.3.4.0.11, 20.3.3.0.18, 20.6.2.1, 20.3.4.1, 20.4.2.1, 20.4.2.1.1, 20.3.4.1.1, 20.3.813, 20.3.4.0.19, 20.4.2.2.1, 20.5.1.2, 20.3.814, 20.4.2.2, 20.6.2.2, 20.3.4.2.1, 20.3.4.1.2, 20.3.4.0.20, 20.6.2.2.3, 20.4.2.2.2, 20.6.2.0.4, 20.3.4.0.24, 20.6.2.2.7, 20.3.4.2.2, 20.4.2.2.4, 20.3.5.0.8, 20.3.5.0.9, 20.3.5.0.7, 20.6.3.0.2, 20.9.1EFT2, 20.3.6, 20.3.7, 20.4.2.3, 20.3.5.1, 20.3.4.3, 20.3.3.2, 20.3.7.1, 20.3.4.0.25, 20.6.2.2.4, 20.6.1.2, 20.1.3.1, 20.6.5.1.4, 20.3.8, 20.12.501, 26.1.1 |
Downstream vendors/products affected by this vulnerability
| Vendor | Product | Source | Confidence |
|---|---|---|---|
| cis | catalyst sd-wan | cert_advisory | 90% |
Marked exploit availability as true and added new CVE tags for related vulnerabilities.
Initial creation
