KB-2370 Information about the Cisco Adaptive Security Appliance vulnerability (CVE-2026-20127 and CVE-2022-20775)

pauline.delacruz — Wed, 04 Mar 2026 20:17:48 GMT

Current Revision posted to Appian Knowledge Base by pauline.delacruz on 3/4/2026 8:17:48 PM

On 28 September 2022, Cisco released a security advisory regarding a vulnerability within their software-defined wide-area-networking (SD-WAN) product causing potential privilege escalation. On 25 February 2026, Cisco updated their advisory, stating that they had witnessed attempted exploitation of the previous vulnerabilities, and on the same day, CISA released an Emergency Directive requiring all federal agencies and contractors to identify and mitigate the vulnerabilities identified in the advisory.

Appian has investigated these vulnerabilities and services and determined that it is not impacted, as we do not use Cisco SD-WAN. We will continue to monitor the situation and provide any updates as appropriate.

Additional Notes:

The following CVEs were released with additional information on the scope of the vulnerability:

CVE-2026-20127 - (Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability)
CVE-2022-20775 - (Cisco SD-WAN Software Privilege Escalation Vulnerability)

Supporting Documentation

Affected Versions

This article applies to all supported versions of Appian.

Last reviewed: March 3, 2026

Tags: Security

KB-2370 Information about the Cisco Adaptive Security Appliance vulnerability (CVE-2026-20127 and CVE-2022-20775)

pauline.delacruz — Wed, 04 Mar 2026 20:17:29 GMT

Revision 3 posted to Appian Knowledge Base by pauline.delacruz on 3/4/2026 8:17:29 PM

Additional Notes:

The following CVEs were released with additional information on the scope of the vulnerability:

CVE-2026-20127 - (Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability)
CVE-2022-20775 - (Cisco SD-WAN Software Privilege Escalation Vulnerability)

Supporting Documentation

Affected Versions

This article applies to all supported versions of Appian.

Last reviewed: Mar 3, 2026

KB-2370 Information about the Cisco Adaptive Security Appliance vulnerability (CVE-2026-20127 and CVE-2022-20775)

pauline.delacruz — Wed, 04 Mar 2026 20:17:21 GMT

Revision 2 posted to Appian Knowledge Base by pauline.delacruz on 3/4/2026 8:17:21 PM

Additional Notes:

The following CVEs were released with additional information on the scope of the vulnerability:

CVE-2026-20127 - (Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability)
CVE-2022-20775 - (Cisco SD-WAN Software Privilege Escalation Vulnerability)

Supporting Documentation

https://www.cisa.gov/news-events/directives/ed-26-03-mitigate-vulnerabilities-cisco-sd-wan-systems
https://www.cisco.com/c/en/us/support/docs/csa/cisco-sa-sd-wan-priv-E6e8tEdF.html

Affected Versions

This article applies to all supported versions of Appian.

Last reviewed: Mar 3, 2026

KB-2369 Information about the Cisco Adaptive Security Appliance vulnerability (CVE-2026-20127 and CVE-2022-20775)

pauline.delacruz — Wed, 04 Mar 2026 20:16:59 GMT

Revision 1 posted to Appian Knowledge Base by pauline.delacruz on 3/4/2026 8:16:59 PM

Additional Notes:

The following CVEs were released with additional information on the scope of the vulnerability:

CVE-2026-20127 - (Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability)
CVE-2022-20775 - (Cisco SD-WAN Software Privilege Escalation Vulnerability)

Supporting Documentation

https://www.cisa.gov/news-events/directives/ed-26-03-mitigate-vulnerabilities-cisco-sd-wan-systems
https://www.cisco.com/c/en/us/support/docs/csa/cisco-sa-sd-wan-priv-E6e8tEdF.html

Affected Versions

This article applies to all supported versions of Appian.

Last reviewed: Mar 3, 2026