logo

Cisco SD-WAN Zero-Day Exploited in Attacks

ID: a94cd5a2-ce8b-59ce-9296-2cb55882969f

STIX ID: report--a94cd5a2-ce8b-59ce-9296-2cb55882969f

Feed Name: securityonline.info

Threat Score
88/100

Date Published: 2026-06-26

Date Updated: 2026-06-26

Author: Do Son

...
...

Mandiant documented an active exploitation of a Cisco Catalyst SD-WAN Manager zero-day (CVE-2026-20245) that allowed attackers to escalate from a compromised admin account to root by uploading a crafted CSV to bypass file-upload filtering and manipulating default credentials; the intrusion targeted a service provider, included anti-forensic actions, and the report urges immediate upgrades to specified fixed releases, active IOC hunting (e.g., using `request admin-tech`), and contacting Cisco TAC if suspicious activity is found.

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.