Cisco SD-WAN Solution vManage SQL Injection Vulnerability
Description
A vulnerability in the web UI of Cisco SD-WAN Solution vManage software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. The vulnerability exists because the web UI improperly validates SQL values. An attacker could exploit this vulnerability by authenticating to the application and sending malicious SQL queries to an affected system. A successful exploit could allow the attacker to modify values on, or return values from, the underlying database as well as the operating system.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Cisco SD-WAN vManage web UI SQL injection allows authenticated remote attackers to modify or retrieve database and OS values.
Vulnerability
The vulnerability exists in the web UI of Cisco SD-WAN Solution vManage software. The web UI improperly validates SQL values, leading to SQL injection. Affected versions are those earlier than Release 19.2.2 [1].
Exploitation
An attacker must be authenticated to the application. The attacker can then send malicious SQL queries to the affected system [1].
Impact
A successful exploit allows the attacker to modify values on, or return values from, the underlying database as well as the operating system [1].
Mitigation
Cisco released a fix in Release 19.2.2. No workarounds are available [1].
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: n/a
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200318-vmanage-cypher-injectmitrevendor-advisoryx_refsource_CISCO
News mentions
0No linked articles in our index yet.