logo

Cisco customers encounter another SD-WAN zero-day under attack

ID: f880d4cb-8a17-54d6-95bc-8f24ba9fa7c4

STIX ID: report--f880d4cb-8a17-54d6-95bc-8f24ba9fa7c4

Feed Name: CyberScoop

Threat Score
75/100

Date Published: 2026-06-09

Date Updated: 2026-06-10

Author: Matt Kapko

...
...

Cisco disclosed an actively exploited zero-day (CVE-2026-20245) in Catalyst SD‑WAN Manager that allows authenticated or local attackers to perform command-injection leading to root-level command execution; a patch is not yet available, Cisco provided limited indicators of compromise, and exploitation appears to often require valid credentials or chaining from earlier SD‑WAN vulnerabilities (e.g., CVE-2026-20182 / CVE-2026-20127).

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.