Mandiant said an attacker used a previously unknown Cisco zero-day vulnerability to compromise a communications service provider and gain root-level access inside its network. The campaign targeted Cisco Catalyst SD-WAN Manager and related edge devices, with evidence of stealthy activity, unauthorized peering connections, password manipulation, and a rogue account named “troot.” #Cisco #Mandiant #CiscoCatalystSDWANManager #CVE-2026-20245 #CVE-2026-20127 #CVE-2026-20182
Keypoints
- An attacker exploited an unpatched Cisco vulnerability to breach a communications service provider.
- The compromise gave the attacker root-level access and broad visibility into internal network traffic.
- Mandiant said the activity was carefully hidden, limiting full assessment of the breach.
- The intrusion targeted Cisco Catalyst SD-WAN Manager and other edge devices in two waves.
- Cisco later patched the flaw and urged customers to upgrade to a fixed release.
Read More: https://cyberscoop.com/cisco-sd-wan-zero-day-exploit-communications-provider/