Cisco SD-WAN Zero-Day Exploited in Attacks
ID: a94cd5a2-ce8b-59ce-9296-2cb55882969f
STIX ID: report--a94cd5a2-ce8b-59ce-9296-2cb55882969f
Feed Name: securityonline.info
Mandiant documented an active exploitation of a Cisco Catalyst SD-WAN Manager zero-day (CVE-2026-20245) that allowed attackers to escalate from a compromised admin account to root by uploading a crafted CSV to bypass file-upload filtering and manipulating default credentials; the intrusion targeted a service provider, included anti-forensic actions, and the report urges immediate upgrades to specified fixed releases, active IOC hunting (e.g., using `request admin-tech`), and contacting Cisco TAC if suspicious activity is found.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
