URL has been copied successfully!
Cisco warns of an actively exploited SD-WAN flaw with max severity
URL has been copied successfully!

Collecting Cyber-News from over 60 sources

Cisco warns of an actively exploited SD-WAN flaw with max severity


Tags: , , , , , , , , , , , , , , , , , , ,

root user account,” Cisco said. “Using this account, the attacker could access NETCONF, which would then allow the attacker to manipulate network configuration for the SD-WAN fabric.”The issue, tracked as CVE-2026-20182, received a max-severity rating of CVSS 10.0. The company said that the issue is configuration-independent, meaning vulnerable systems remain exposed regardless of deployment-specific settings.Cisco credited Stephen Fewer, Senior Principal Security Researcher, and Jonah Burgess, Senior Security Researcher, both of Rapid7, for discovering and reporting the bug. Active exploitation kicks patching into high gear: Cisco disclosed being aware of exploitation attempts in May, urging customers to upgrade to a fixed release immediately.Shortly after the disclosure, the flaw was added to the Cybersecurity and Infrastructure Security Agency’s (CISA) known exploited vulnerabilities catalog (KEV). “Adhere to the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available,” it said.The US cybersecurity watchdog has given federal executive agencies until May 17th to patch the flaw.”Customers are advised to upgrade to an appropriate fixed software release,” Fewer and Burgess said in a blog post, citing fixed software releases that address the flaw in versions 20.9 through 26.1.1. “There are no workarounds that address this vulnerability.”Alongside software fixes, Cisco published operational guidance to help organizations identify potentially malicious control connections.The advisory instructed admins to review existing control peering relationships, using the “show control connections” command, and validate all connected peers, particularly those associated with SD-WAN Manager systems.Organizations that suspect compromise are being advised to contact Cisco Technical Assistance Center support and collect diagnostic information from affected devices.

First seen on csoonline.com

Jump to article: www.csoonline.com/article/4171694/cisco-warns-of-an-actively-exploited-sd-wan-flaw-with-max-severity.html

Loading

Share via Email
Share on Facebook
Tweet on X (Twitter)
Share on Whatsapp
Share on LinkedIn
Share on Xing
Copy link

also interesting:

  1. Cisco Firewall and VPN Zero Day Attacks: CVE-2025-20333 and CVE-2025-20362
  2. Cybersecurity Snapshot: CISA Highlights Vulnerability Management Importance in Breach Analysis, as Orgs Are Urged To Patch Cisco Zero-Days
  3. F5 Security Incident Advisory
  4. What to Know About CyberAv3ngers: The IRGC-Linked Group Targeting Critical Infrastructure