logo

Cisco Vulnerability Exploited Months Before Disclosure, Google Warns

ID: dbe8afc9-7897-5ef2-9f48-b3060753e8ce

STIX ID: report--dbe8afc9-7897-5ef2-9f48-b3060753e8ce

Feed Name: Infosecurity Magazine (News)

Threat Score
88/100

Date Published: 2026-06-25

Date Updated: 2026-06-25

...
...

Google/Mandiant researchers observed threat actors exploiting multiple Cisco Catalyst SD‑WAN vulnerabilities — including a high‑severity zero‑day (CVE‑2026‑20245) that allowed root command execution via a malicious CSV upload and unauthorized peering/credential theft that enabled SSH access — to gain persistent, stealthy control of SD‑WAN infrastructure; Cisco disclosed the issue in early June and began releasing fixes after exploitation had already occurred months earlier.

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.