CVE-2026-20245 Zero-Day Exploited in Cisco Catalyst SD-WAN Manager to Gain Root Access
ID: bbb7dd0f-607a-50b9-a33b-604e95954ea5
STIX ID: report--bbb7dd0f-607a-50b9-a33b-604e95954ea5
Feed Name: The Cyber Express
Mandiant reported that a threat actor exploited a newly disclosed zero-day (CVE-2026-20245) in Cisco Catalyst SD-WAN Manager by uploading a crafted CSV (evil_tenant.csv) to escalate privileges to root, create a troot account, exfiltrate SD-WAN fabric configurations, and perform extensive anti-forensic cleanup; recovered indicators include the SHA-256 b82936f37648518425c7d3cf9e09eaffa41d7cdb3840f6a40287e3a108880f7b and multiple rogue IP addresses, and Cisco has published patched versions and hardening guidance.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
