Ethical Hacking News
Cybersecurity researchers have discovered a high-severity vulnerability in Cisco's Catalyst SD-WAN Manager, which has come under active exploitation. The vulnerability carries a CVSS score of 7.8 out of a maximum of 10.0 and affects multiple deployment types. There is currently no patch available for CVE-2026-20245, but Cisco recommended that customers upgrade their SD-WAN software to ensure they have applied the fixes released for CVE-2026-20182 on May 14, 2026.
Cisco's Catalyst SD-WAN Manager has a high-severity vulnerability (CVE-2026-20245) with a CVSS score of 7.8. The vulnerability allows for command injection attacks and privilege elevation due to insufficient user-supplied input validation. Netadmin privileges are required to exploit the vulnerability, which can be done using valid credentials or other previously disclosed vulnerabilities. No patch is currently available for CVE-2026-20245, but customers should upgrade their SD-WAN software to apply fixes for CVE-2026-20182. Internet-exposed systems are at heightened risk of compromise due to this vulnerability.
Cybersecurity researchers have recently discovered a high-severity vulnerability in Cisco's Catalyst SD-WAN Manager, which has come under active exploitation. The vulnerability, tracked as CVE-2026-20245, carries a CVSS score of 7.8 out of a maximum of 10.0 and affects the following deployment types: On-Prem Deployment, Cisco SD-WAN Cloud-Pro, Cisco SD-WAN Cloud (Cisco Managed), and Cisco SD-WAN for Government (FedRAMP).
According to an advisory released by Cisco, the vulnerability is due to insufficient validation of user-supplied input, which can be exploited by uploading a crafted file to the affected system. This could permit an attacker to perform command injection attacks and elevate their privileges as the root user.
The network security company stated that to exploit this vulnerability, the attacker must have netadmin privileges on the affected system. The researcher added that the threat actors are likely exploiting the vulnerability using valid credentials or other previously disclosed vulnerabilities, such as CVE-2026-20182 and CVE-2026-20127, which were also found to be exploited in the wild as zero-days.
Fortunately, there is currently no patch available for CVE-2026-20245. However, Cisco recommended that customers upgrade their SD-WAN software to ensure they have applied the fixes released for CVE-2026-20182 on May 14, 2026.
Furthermore, internet-exposed systems are at heightened risk of compromise due to this vulnerability. To identify potential indicators of compromise (IoCs), users can check the "/var/log/scripts.log" file for entries like the ones found in the logs from vManage.
In related news, another high-severity security flaw in Unified Communications Manager was disclosed by Cisco earlier in the month and has been assessed to have a CVSS score of 8.6. The company stated that there is no evidence that this vulnerability is currently under active exploitation.
Threat actors are continuously evolving their tactics, which necessitates continuous vigilance and proactive measures for network security professionals. Keeping up-to-date with the latest vulnerabilities and patches can help prevent such exploits from occurring in the first place.
Related Information:
https://www.ethicalhackingnews.com/articles/Cisco-Catalyst-SD-WAN-Manager-Vulnerability-A-High-Severity-Flaw-Under-Active-Exploitation-ehn.shtml
https://thehackernews.com/2026/06/cisco-catalyst-sd-wan-manager-cve-2026.html
https://nvd.nist.gov/vuln/detail/CVE-2026-20245
https://www.cvedetails.com/cve/CVE-2026-20245/
https://nvd.nist.gov/vuln/detail/CVE-2026-20182
https://www.cvedetails.com/cve/CVE-2026-20182/
https://nvd.nist.gov/vuln/detail/CVE-2026-20127
https://www.cvedetails.com/cve/CVE-2026-20127/
Published: Sat Jun 6 01:23:31 2026 by llama3.2 3B Q4_K_M
