CVE-2026-20245: Cisco SD-WAN Manager Zero-Day Enables Root Command Execution
ID: dc253038-4301-56fd-a7f3-86fbf7757db8
STIX ID: report--dc253038-4301-56fd-a7f3-86fbf7757db8
Feed Name: SOC Prime Blog
**Executive Summary:** Cisco disclosed CVE-2026-20245, a command-injection zero-day in the CLI of Catalyst SD-WAN Manager allowing an authenticated netadmin to execute arbitrary commands as root by uploading a crafted file; limited active exploitation was observed that resulted in configuration changes pushed to edge devices. No patch was available at disclosure, so recommended actions focus on evidence preservation (admin-tech collection), reviewing Cisco-published log indicators, verifying edge-device configurations, remediating related SD‑WAN access flaws, and engaging Cisco TAC if compromise is confirmed.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
