Feed›Vulnerability›Cisco warns of unpatched SD-WAN zero-day exploited in attack...

VulnerabilityBleeping Computer

10.0 — CRITICAL

Cisco warns of unpatched SD-WAN zero-day exploited in attacks

📅 5 June 2026 at 06:24 UTC📰 Bleeping ComputerView original source ↗

On Thursday, Cisco warned of a high-severity, unpatched zero-day in the Cisco Catalyst SD-WAN Manager (tracked as CVE-2026-20245) actively exploited in attacks enabling root privilege escalation. [...]

🤖 AI BriefingAuto-generated threat analysis

🔍Threat Overview

A high-severity, unpatched zero-day vulnerability (CVE-2026-20245) in Cisco Catalyst SD-WAN Manager has been actively exploited in attacks, allowing local attackers with low privileges to execute arbitrary commands as root. This is the latest in a series of vulnerabilities in Cisco SD-WAN products that have been exploited in recent months.

⚙️Technical Details

💥Impact Assessment

Severity: Critical

🛡️Recommended Actions

1Apply the latest security patches for CVE-2026-20245 as soon as possible

2Monitor system logs for suspicious activity and report any potential incidents to Cisco TAC

3Verify that all SD-WAN devices are up-to-date with the latest software fixes

📦Affected Products

Cisco Catalyst Sd-Wan ManagerCisco Sd-Wan Vsmart ControllerCisco Catalyst SD-WAN Manager

🔐NVD Verified DataVERIFIED

CVE-2026-20245 ↗CVSS 7.8 — HIGH

Attack Vector

LOCAL

Complexity

LOW

Vector String

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Weaknesses

CWE-116

CVE-2026-20182 ↗CVSS 10 — CRITICAL

Attack Vector

NETWORK

Complexity

LOW

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Weaknesses

CWE-287

Affected Products (CPE)

Cisco Catalyst Sd-Wan ManagerCisco Sd-Wan Vsmart Controller

Advisories

📋 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityA…

CVE-2026-20127 ↗CVSS 10 — CRITICAL

Attack Vector

NETWORK

Complexity

LOW

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Weaknesses

CWE-287

Affected Products (CPE)

Cisco Catalyst Sd-Wan ManagerCisco Sd-Wan Vsmart Controller

Advisories

📋 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityA…

CVE-2026-20133 ↗CVSS 7.5 — HIGH

Attack Vector

NETWORK

Complexity

LOW

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Weaknesses

CWE-200

Affected Products (CPE)

Cisco Catalyst Sd-Wan Manager

Advisories

📋 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityA…

CVE-2026-20128 ↗CVSS 7.5 — HIGH

Attack Vector

LOCAL

Complexity

HIGH

Vector String

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

Weaknesses

CWE-257

Affected Products (CPE)

Cisco Catalyst Sd-Wan Manager

Advisories

📋 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityA…

Read the full article

This is a curated summary. The complete article is available at Bleeping Computer.

Read on Bleeping Computer ↗

← Back to feed