Thursday, June 25, 2026AboutContactDisclaimerAdvertiseNewsletterWrite for Us
Subscribe Free
Home
LIVE
Back to Home
Cisco Catalyst SD-WAN Zero-Day CVE-2026-20245 Exploited to Gain Root Access
Cybersecurity
AI-assisted

Cisco Catalyst SD-WAN Zero-Day CVE-2026-20245 Exploited to Gain Root Access

T
Techpivo News
·1 min read·0 views
This article was produced with the assistance of AI technology (gemini-grounded). It has been reviewed and edited by our editorial team to ensure accuracy and quality.
Cisco Catalyst SD-WAN Zero-Day CVE-2026-20245 Exploited to Gain Root Access  Ravie Lakshmanan  Jun 25, 2026 Vulnerability / Threat Intelligence An unknown threat actor exploited a recently disclosed high-severity security flaw impacting Cisco Catalyst SD-WAN as a zero-day at least two months before it was publicly disclosed, according to new findings from Google-owned Mandiant. The vulnerability, tracked as CVE-2026-20245 (CVSS score: 7.8), allows an authenticated, local attacker to execute arbitrary commands with elevated privileges by supplying a crafted file to the affected system by taking advantage of the device's insufficient validation of user-supplied input. Earlier this month, Cisco acknowledged that it became aware of exploitation of this vulnerability, adding that a malicious actor must have netadmin privileges on an affected system to pull off a successful attack. "Throughout the intrusion, to maintain operational security and avoid detection, the threat actor consistently employed anti-forensic techniques, selectively deleting and restoring system configuration files that were modified during their activities," Mandiant researchers Chester Sng, Pete Boonyakarn, and Logeswaran Nadarajan said . The incident, the tech giant's incident response and threat intelligence arm added, targeted an unspecified communications service provider to elevate a compromised admin account to full root-level access. Two distinct periods of unauthorized activity have been detected, one taking place between late 2025 and January 2026 and the other in March 2026. At this stage, it's unclear if these two events are connected and the work of the same threat actor. During the first wave, the victim is said to have experienced unauthorized peering connections that likely exploited one of two authentication bypass flaws in Cisco Catalyst SD-WAN controllers ( CVE-2026-20127 or CVE-2026-20182 ). It's worth noting that both the security vulnerabilities were undisclosed
T
View Profile

Related Articles

Google releases new privacy controls for activity history, personalization

Jun 24, 2026·2 min read

Cisco Unified CM flaw CVE-2026-20230 now exploited in attacks

Jun 23, 2026·1 min read

FortiBleed Targeted FortiGate Firewalls in 110 Million-Credential Harvesting Operation

Jun 23, 2026·1 min read

Comments

We use cookies and similar technologies to improve your experience, analyze traffic, and personalize content. By clicking “Accept All”, you consent to our use of cookies. See our Cookies Policy for details.