{
  "title": "Cisco Catalyst SD-WAN Manager CVE-2026-20245: KEV CLI Privilege Escalation to Root",
  "summary": "CISA added Cisco Catalyst SD-WAN Manager CVE-2026-20245 to its KEV catalog on 2026-06-09. This high-severity privilege escalation vulnerability in the CLI allows authenticated local attackers with netadmin privileges to execute arbitrary commands as the root user by uploading a crafted file.",
  "date": "2026-06-09",
  "severity": "high",
  "tags": [
    "cisco",
    "sd-wan",
    "cisa-kev",
    "privilege-escalation",
    "zero-day"
  ],
  "sources_count": 3,
  "indicators": {
    "slug": "cisco-sdwan-manager-cve-2026-20245-kev",
    "since": "2026-06-09T00:00:00Z",
    "until": "2026-06-09T23:59:59Z",
    "ecosystem": "",
    "cves": [
      "CVE-2026-20245",
      "CVE-2026-20182",
      "CVE-2026-20127"
    ],
    "cwes": [
      "CWE-116"
    ],
    "advisoryIds": [],
    "products": [
      "Catalyst SD-WAN Manager"
    ],
    "packages": [
      "cisco-sdwan-manager"
    ],
    "versions": [],
    "affectedVersions": [
      "All current Catalyst SD-WAN Manager releases"
    ],
    "fixedVersions": [
      "None (patch pending as of 2026-06-10)"
    ],
    "files": [],
    "paths": [],
    "services": [],
    "domains": [],
    "urls": [],
    "ips": [],
    "hashes": [],
    "processPatterns": [],
    "networkPatterns": [],
    "telemetrySelectors": [
      "vconfd_script_upload_tenant_list.sh",
      "/var/log/scripts.log"
    ]
  }
}