Cisco Catalyst SD-WAN Manager Cross-Site Scripting Vulnerability
Monitor5.4cisco-sa-vmanage-xss-ZqkhP9W9Mar 25, 2026
Cisco
IT in OT - Cisco networking products are commonly deployed in OT environments
Attack path
Attack VectorNetwork
Auth RequiredLow
ComplexityLow
User InteractionRequired
Summary
A cross-site scripting (XSS) vulnerability in the Cisco Catalyst SD-WAN Manager web-based management interface could allow an authenticated, remote attacker to execute arbitrary script code in the context of a user's browser session or access sensitive information. The vulnerability is due to insufficient input validation. An attacker could exploit this by crafting a malicious link and persuading a manager to click it while logged into the interface.
What this means
What could happen
An attacker with network access could trick a manager into clicking a malicious link, allowing them to execute commands in the manager's browser or steal sensitive configuration data displayed in the web interface.
Who's at risk
Network operators and engineers managing Catalyst SD-WAN infrastructure should prioritize this. It affects anyone with administrative access to the SD-WAN management interface, particularly in organizations where SD-WAN is used for WAN edge routing and site-to-site connectivity.
How it could be exploited
An attacker crafts a malicious link containing XSS payload and sends it to a network engineer or administrator managing the SD-WAN system. When the user clicks the link and is logged into the management interface, the attacker's script executes in their browser session, potentially allowing data theft or further network compromise.
Prerequisites
- Authenticated user (valid engineer or admin credentials for the management interface)
- User must be logged into the Cisco Catalyst SD-WAN Manager web interface
- User must click attacker-supplied malicious link
remotely exploitablerequires valid credentialsrequires user interaction (clicking link)cross-site scripting can lead to credential theft or further network access
Exploitability
Unlikely to be exploited — EPSS score 0.0%
Affected products (1)
ProductAffected VersionsFix Status
Catalyst SD-WAN ManagerAll versionsFix available
Remediation & Mitigation
0/3
Schedule — requires maintenance window
0/1Patching may require device reboot — plan for process interruption
HOTFIXUpdate Cisco Catalyst SD-WAN Manager to the latest patched version from Cisco
Long-term hardening
0/2HARDENINGRestrict web-based management interface access to trusted networks or administrative VLANs using firewall rules
HARDENINGRequire multi-factor authentication (MFA) for all SD-WAN Manager administrative accounts
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/8aca44d6-e321-4f99-b53a-d70cfa4fa33bGet OT security insights every Tuesday
Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.