Cisco Catalyst SD-WAN Manager Cross-Site Scripting Vulnerability
Summary
A vulnerability in the web-based management interface of Cisco Catalyst SD-WAN Manager could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by persuading a user of the web-based management interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based informatio…
- Scope: At the time of publication, this vulnerability affected Cisco Catalyst SD-WAN Manager, regardless of device configuration.
- Release 20.12 (first fixed: 20.12.5.3)
- Release 20.12.6.1 (first fixed: 20.131)
- Release Migrate to a fixed release (first fixed: 20.141)
- Release Migrate to a fixed release (first fixed: 20.15)
- Release 20.15.4.2 (first fixed: 20.15.5)
- 20.161 — Migrate to a fixed release
- Release 20.18 (first fixed: 20.18.2.1)
Official advisory · high-confidence parse· fetched 7 hours ago·verify at source
- 20.12.5.3
- 20.131
- 20.141
- 20.15
- 20.15.5
- 20.18.2.1
Official advisory · high-confidence parse· fetched 7 hours ago·verify at source
Mitigation checklist
- Upgrade to the first fixed release for your train per the Fixed Releases table in this advisory.
- Release 20.12: upgrade to 20.12.5.3.
- Release 20.12.6.1: upgrade to 20.131.
- Release Migrate to a fixed release: upgrade to 20.141.
- Release Migrate to a fixed release: upgrade to 20.15.
- Release 20.15.4.2: upgrade to 20.15.5.
- Release 20.161: migrate to a fixed release.
- Release 20.18: upgrade to 20.18.2.1.
- There are no workarounds that address this vulnerability.
Official advisory · high-confidence parse· fetched 7 hours ago·verify at source
Discussion(0)
No comments yet. Share field notes, upgrade gotchas, or questions — verify against the vendor advisory before acting on community advice.
Sign in to join the discussion.