Attackers Hit Cisco SD-WAN Flaw 2 Months Before Disclosure
ID: 11097408-1172-5b23-9217-ae0bbcd4f34f
STIX ID: report--11097408-1172-5b23-9217-ae0bbcd4f34f
Feed Name: Dark Reading
Mandiant reports that attackers began exploiting a critical privilege-escalation flaw (CVE-2026-20245) in Cisco Catalyst SD-WAN as early as March 2026, often after gaining initial access via rogue peering—likely through previously disclosed SD-WAN zero-days or stolen credentials—allowing authenticated attackers to execute arbitrary commands as root; the intrusions included extensive anti-forensic activity, CISA added the CVE to its known exploited vulnerabilities list, and Cisco released patches and hardening guidance.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
