Cyber Security News

Cisco warns of unpatched SD-WAN zero-day exploited in attacks

BleepingComputer
Cisco warns of unpatched SD-WAN zero-day exploited in attacks
Cisco warned that CVE-2026-20245 is an actively exploited zero-day in Cisco Catalyst SD-WAN Manager that can let low-privileged attackers escalate to root by uploading a crafted file. The flaw affects multiple deployment types, and Cisco recommends checking logs for suspicious tenant upload activity while waiting for a patch. #CVE-2026-20245 #CiscoCatalystSDWANManager #Mandiant #CiscoPSIRT #vManage

Keypoints

  • CVE-2026-20245 is a high-severity zero-day in Cisco Catalyst SD-WAN Manager.
  • Attackers can gain root privileges by uploading a crafted file.
  • The flaw affects on-prem, cloud, and FedRAMP SD-WAN deployments.
  • Cisco says exploitation requires netadmin privileges or related credentials.
  • Admins should review /var/log/scripts.log and contact Cisco TAC if compromise is suspected.

Read More: https://www.bleepingcomputer.com/news/security/new-cisco-sd-wan-flaw-exploited-in-zero-day-attacks-to-gain-root/

SHARE THIS STORY

WhatsAppX (Twitter)TelegramBlueskyFacebookLinkedInThreadsEmailPrint