logo

The hits keep on coming for Cisco vulnerabilities

ID: 62fd2e12-4750-5244-9658-90f1ad4e4aad

STIX ID: report--62fd2e12-4750-5244-9658-90f1ad4e4aad

Feed Name: The Register (Security)

Threat Score
85/100

Date Published: 2026-06-24

Date Updated: 2026-06-25

...
...

Two Cisco vulnerabilities are being actively exploited in the wild: CVE-2026-20230 (a WebDialer SSRF in Unified Communications Manager used to deploy a rogue Axis service and JSP file-writers) and CVE-2026-20245 (an SD-WAN zero-day that attackers used to escalate a compromised admin account to root, create a persistent 'troot' account, and exfiltrate SD‑WAN fabric configurations). Security firms Defused and Mandiant observed exploitation activity, including abuse of SD‑WAN peering/SSH for initial access and crafted payload uploads, posing significant risk to network visibility and long-term espionage on affected environments.

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.