Cisco Warns of Active Exploitation of Catalyst SD-WAN Flaw With No Patch Available
ID: e8443bd6-d963-50d4-b8c2-e07c123e1b18
STIX ID: report--e8443bd6-d963-50d4-b8c2-e07c123e1b18
Feed Name: The Cyber Express
Cisco has disclosed CVE-2026-20245, a high-severity CLI input-validation vulnerability in Catalyst SD-WAN Manager that permits authenticated netadmin users to execute arbitrary commands as root; the flaw carries a CVSS 3.1 base score of 7.8, is being actively exploited in the wild, and currently has no patch. Attackers are chaining this bug with two other CVEs to obtain initial access and escalate privileges, which can allow malicious configuration pushes to thousands of edge devices across enterprise, MSP, and carrier environments; Cisco recommends restricting CLI access, enabling MFA, limiting file uploads, monitoring logs, isolating the management plane, and applying the patch when released.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
