Ethical Hacking News
Cisco SD-WAN Security Alert: Exploitation of Patched Flaws Sparks Global Panic
In a recent warning from Cisco, two recently patched Catalyst SD-WAN flaws are being actively exploited in the wild. The networking giant urges organizations to apply the latest security updates to reduce the risk of compromise. Learn more about this global security alert and how it affects your organization's cybersecurity posture.
Cisco has issued a global security alert due to actively exploited Catalyst SD-WAN flaws. The two vulnerabilities, CVE-2026-20128 and CVE-2026-20122, are being exploited in the wild by attackers. The affected environments include on-prem deployments, Cisco Hosted SD-WAN Cloud, and Cisco Hosted SD-WAN Cloud – Cisco Managed. Customers running versions prior to 20.9.1 are advised to migrate to a patched release. Organizations must take proactive measures to protect themselves against exploitation, including implementing robust security controls and regular network monitoring.
Cisco has sounded the alarm on a global security alert, warning customers that two recently patched Catalyst SD-WAN flaws are being actively exploited in the wild. The networking giant urged organizations to apply the latest security updates to reduce the risk of compromise.
The two vulnerabilities, CVE-2026-20128 and CVE-2026-20122, were identified by Cisco as being exposed to attackers. The first vulnerability allows a local authenticated attacker to gain DCA privileges, while the second vulnerability enables a remote authenticated attacker to overwrite arbitrary files through the SD-WAN Manager API and escalate privileges.
This is not an isolated incident; however, it highlights a broader trend of cyber threats targeting network edge devices to gain persistent access to high-value and critical infrastructure organizations. Cisco credited the Australian Signals Directorate's Australian Cyber Security Centre (ASD-ACSC) for reporting the issue, tracking related exploitation under the name UAT-8616.
The threat actor behind this campaign is believed to be a highly sophisticated group that has been active since at least 2023. Investigators have found evidence of the malicious activity going back three years, with the group exploiting CVE-2022-20775 before restoring to the original software version, effectively allowing them to gain root access.
The vulnerability impacts all Cisco Catalyst SD-WAN deployments, regardless of configuration. Affected environments include on-prem deployments, Cisco Hosted SD-WAN Cloud, and Cisco Hosted SD-WAN Cloud – Cisco Managed. Customers running versions prior to 20.9.1 are advised to migrate to a patched release.
This incident serves as a reminder of the ongoing threat landscape and the importance of staying up-to-date with the latest security patches. Organizations must take proactive measures to protect themselves against this type of exploitation, including implementing robust security controls and regularly monitoring their networks for suspicious activity.
In conclusion, this global security alert highlights the need for organizations to prioritize their cybersecurity posture. By taking prompt action to address these vulnerabilities and maintaining a strong defense against cyber threats, organizations can minimize the risk of compromise and ensure the integrity of their critical infrastructure.
Related Information:
https://www.ethicalhackingnews.com/articles/Cisco-SD-WAN-Security-Alert-Exploitation-of-Patched-Flaws-Sparks-Global-Panic-ehn.shtml
https://securityaffairs.com/189056/security/cisco-flags-ongoing-exploitation-of-two-recently-patched-catalyst-sd-wan-flaws.html
https://www.securityweek.com/cisco-warns-of-more-catalyst-sd-wan-flaws-exploited-in-the-wild/
https://nvd.nist.gov/vuln/detail/CVE-2022-20775
https://www.cvedetails.com/cve/CVE-2022-20775/
https://nvd.nist.gov/vuln/detail/CVE-2026-20122
https://www.cvedetails.com/cve/CVE-2026-20122/
https://nvd.nist.gov/vuln/detail/CVE-2026-20128
https://www.cvedetails.com/cve/CVE-2026-20128/
Published: Fri Mar 6 11:01:44 2026 by llama3.2 3B Q4_K_M
