Yet another Cisco SD-WAN 0-day under attack, and no patch in sight

Good luck, sys admins

The threat is real. Unknown miscreants are exploiting a high-severity, zero-day bug in Cisco’s SD-WAN management software, and the networking giant hasn’t said when it will patch the flaw.

Cisco issued an advisory on Thursday for the Catalyst SD-WAN Manager vulnerability, tracked as CVE-2026-20245, and it sounds like attackers have been exploiting this security failure for at least the last week.

It’s due to a validation error - the software fails to properly validate user-supplied input - and an authenticated, local attacker can exploit the flaw by uploading a specially crafted file to vulnerable systems. From there, they can escalate privileges and execute commands with root privileges.

The vulnerability affects all versions of the SD-WAN software, regardless of device configuration, and across all deployment types including on-premises, cloud-based, and FedRAMP-certified deployments.

Switchzilla says it became aware of attacks against this vulnerability in June.

“To exploit this...

Copyright of this story solely belongs to theregister.com. To see the full text click HERE