Exposures › CVE-2026-20128
Cisco Catalyst SD-WAN Manager stores passwords in a recoverable format, allowing local attackers to escalate privileges by reading credential files.
This vulnerability enables local privilege escalation by exposing password files in a recoverable format, which poses a significant risk to DIB organizations relying on Cisco SD-WAN infrastructure for secure communications. While not a remote exploit, the local access vector combined with the recoverable password storage creates a high embarrassment score due to the avoidable nature of the flaw and its direct impact on authentication integrity.
Shame score — The vulnerability stems from a design flaw where passwords are stored in a recoverable format, which is a preventable security misconfiguration that undermines trust in Cisco's SD-WAN security posture.
Cisco Catalyst SD-WAN Manager contains a storing passwords in a recoverable format vulnerability that allows an authenticated, local attacker to gain DCA user privileges by accessing a credential file for the DCA user on the filesystem as a low-privileged user.
| Product | Provider | Status | Match |
|---|---|---|---|
| AppDynamics GovAPM | AppDynamics (a Cisco company) | Authorized | dex-judge · 0.95 |
| Cisco Cloudlock for Government | Cisco Systems Inc. | Authorized | vendor-exact · 0.90 |
| Cisco Meraki for Government | Cisco Systems Inc. | In Process | vendor-exact · 0.90 |
| Cisco SD-WAN for Government | Cisco Systems Inc. | In Process | vendor-exact · 0.90 |
| Cisco Umbrella for Government | Cisco Systems Inc. | In Process | vendor-exact · 0.90 |
| Cisco Unified Communications Manager Cloud for Government (Cisco UCM Cloud for Government) | Cisco Systems Inc. | Authorized | vendor-exact · 0.90 |
| Duo Federal | Duo Security (A Cisco Company) | Authorized | dex-judge · 0.95 |
| WebEx Contact Center Enterprise for Government (WxCCE-G) | Cisco Systems Inc. | In Process | vendor-exact · 0.90 |
| Webex for Government | Cisco Systems Inc. | Authorized | vendor-exact · 0.90 |