All Topics
All Topics
Technology
Technology
AI
AI
Business
Business
Entertainment
Entertainment
News
News
Programming
Programming
Security
Security
Science
Science
Design
Design
Environment
Environment
Finance
Finance
Crypto
Crypto
Politics
Politics
Sports
Sports
Education
Education
Gaming
Gaming
Art
Art
Music
Music
Health
Health
Books
Books
Food
Food
Travel
Travel
Personal
Personal
Bluesky
Twitter

Attackers Exploited Cisco SD-WAN Critical Flaw Two Months Before Disclosure

By

Jai Vijayan

29m ago· 6 min readenNews
technologycybersecuritynewsnetworking

Summary

Google's Mandiant threat intelligence team reported that attackers began exploiting a critical privilege escalation vulnerability (CVE-2026-20245) in Cisco Catalyst SD-WAN Controller as early as March 2026, roughly two months before Cisco disclosed the flaw in June. The vulnerability allows attackers with administrator credentials to escalate privileges to root-level access due to insufficient input validation in the CLI. Researchers believe rogue peering was used to connect to victims' SD-WAN devices to gain admin privileges and root-level access.

Source

bskyAttackers Exploited Cisco SD-WAN Critical Flaw Two Months Before Disclosuredarkreading.com

Key quotes

· 4 pulled
Attackers began exploiting a critical flaw in Cisco Catalyst SD-WAN as early as March, roughly two months before Cisco disclosed the vulnerability in early June.
The vulnerability, assigned as CVE-2026-20245, allows an attacker who already has administrator credentials on an affected system to escalate privileges to root-level access.
The vulnerability stems from insufficient input validation and affects the command line interface of Cisco Catalyst SD-WAN Controller.
Researchers believe rogue peering was used to connect to the victim's SD-WAN devices to gain admin privileges and root-level access.
Snippet from the RSS feed
Researchers believe rogue peering was used to connect to the victim's SD-WAN devices to gain admin privileges and root-level access.

You might also wanna read

Cisco discloses actively exploited zero-day affecting up to 2 million IOS and IOS XE devices

Cisco disclosed an actively exploited zero-day vulnerability (CVE-2025-20352) affecting all supported versions of Cisco IOS and IOS XE, pote

arstechnica.com·9mo ago

CVE-2026-3888: Snap Vulnerability Enables Local Privilege Escalation to Root in Ubuntu Desktop

Qualys researchers discovered a critical Local Privilege Escalation vulnerability (CVE-2026-3888) affecting Ubuntu Desktop 24.04+ that allow

blog.qualys.com·3mo ago

Proof-of-Concept Exploit Released for Critical NGINX Heap Buffer Overflow (CVE-2026-42945)

A proof-of-concept exploit for CVE-2026-42945, a critical heap buffer overflow vulnerability in NGINX's ngx_http_rewrite_module that has exi

github.com·1mo ago

CVE-2026-31431 "CopyFail": Linux Local Privilege Escalation Vulnerability Disclosed

A Linux kernel vulnerability (CVE-2026-31431), nicknamed "CopyFail," has been disclosed on the oss-security mailing list. The vulnerability

openwall.com·1mo ago

Early Exploitation of React2Shell Vulnerability (CVE-2025-55182) Targets Critical Infrastructure

The article details early exploitation activity following the public disclosure of the critical React2Shell vulnerability (CVE-2025-55182).

blog.cloudflare.com·6mo ago

Analyzing CVE-2026-31431: How Rootless Podman Containers Mitigate the "Copy Fail" Privilege Escalation

A technical deep-dive into CVE-2026-31431 ("Copy Fail"), a Linux kernel vulnerability. The author documents setting up a lab to run the expl

dragonsreach.it·1mo ago

Comments

Sign in to join the conversation.

No comments yet. Be the first.