Ethical Hacking News
Cisco has confirmed two more vulnerabilities in its SD-WAN management software, which could allow attackers to exploit arbitrary files or gain unauthorized access to systems. Network administrators are advised to patch their deployments as soon as possible to prevent further exploitation.
Cisco has confirmed two new vulnerabilities in its SD-WAN management software, CVE-2026-20122 and CVE-2026-20128. The vulnerabilities allow authenticated remote attackers to overwrite arbitrary files and gain privileged access, respectively. Attackers are already exploiting the flaws, according to Cisco's PSIRT. The company is urging network administrators to patch their SD-WAN deployments quickly to prevent further exploitation.
Cisco, a leading provider of networking equipment and services, has recently confirmed that two more vulnerabilities have been discovered in its SD-WAN management software. The newly identified flaws, CVE-2026-20122 and CVE-2026-20128, affect the Cisco Catalyst SD-WAN Manager platform, which is widely used by organizations to manage their SD-WAN deployments.
According to Cisco's PSIRT (Product Security Incident Response Team), the two vulnerabilities were discovered in March 2026, just days after governments from the Five Eyes intelligence alliance warned that attackers were actively targeting Cisco's Catalyst SD-WAN infrastructure using two different vulnerabilities. One of the newly confirmed flaws, CVE-2026-20122, carries a CVSS score of 7.1 and allows an authenticated remote attacker to overwrite arbitrary files on the local filesystem. The second issue, CVE-2026-20128, has a lower-rated information disclosure flaw with a CVSS score of 5.5 that could allow an authenticated local attacker to gain Data Collection Agent (DCA) user privileges on an affected system.
In an advisory published this week, Cisco confirmed that attackers are already abusing the flaws: "In March 2026, the Cisco PSIRT became aware of active exploitation of the vulnerabilities that are described in CVE-2026-20128 and CVE-2026-20122 only." The company also declined to say whether the activity is linked to a cyberbaddie it warned about just days earlier.
This latest development comes as a surprise to many network administrators, who may have thought that Cisco's patch queue had finally shrunk. However, with the number of vulnerabilities under active attack now growing, defenders running Cisco's SD-WAN gear are facing an increasingly urgent patch window.
As usual with these sorts of notices, Cisco offered little detail about how the flaws are being exploited or who is behind the attacks. The company also declined to say whether the activity is linked to a cyberbaddie it warned about just days earlier. However, experts speculate that the lack of information from Cisco may be a deliberate tactic to avoid revealing sensitive details about its internal systems.
The warning comes as governments and intelligence agencies around the world are increasingly recognizing the importance of securing SD-WAN infrastructure. In recent months, there have been several high-profile breaches involving SD-WAN systems, with attackers exploiting vulnerabilities in the software to gain access to organizations' networks.
As a result, network administrators will need to act quickly to patch their SD-WAN deployments and prevent further exploitation of these vulnerabilities. With two more flaws now under active attack, it is clear that Cisco's SD-WAN management software is becoming increasingly vulnerable to attack.
In recent weeks, Cisco has confirmed several other vulnerabilities in its SD-WAN management software, including a path traversal flaw affecting the SD-WAN command-line interface that can lead to privilege escalation. The company has also warned of another vulnerability affecting the Catalyst SD-WAN Controller and Manager platforms, which has been linked to a group of highly sophisticated cyber threat actors.
The latest development highlights the growing concern among network administrators about the security of their SD-WAN infrastructure. As organizations continue to rely on these systems to manage their networks, they will need to prioritize patching and upgrading their software to stay ahead of emerging threats.
In this article, we will delve deeper into the details of the newly confirmed vulnerabilities in Cisco's SD-WAN management software, and explore the implications for network administrators and organizations that use this technology.
Related Information:
https://www.ethicalhackingnews.com/articles/Cisco-SD-WAN-Vulnerabilities-A-Growing-Concern-for-Network-Administrators-ehn.shtml
https://go.theregister.com/feed/www.theregister.com/2026/03/06/cisco_sdwan_bugs/
https://www.theregister.com/2026/03/06/cisco_sdwan_bugs/
https://www.securityweek.com/cisco-warns-of-more-catalyst-sd-wan-flaws-exploited-in-the-wild/
https://nvd.nist.gov/vuln/detail/CVE-2026-20122
https://www.cvedetails.com/cve/CVE-2026-20122/
https://nvd.nist.gov/vuln/detail/CVE-2026-20128
https://www.cvedetails.com/cve/CVE-2026-20128/
Published: Fri Mar 6 10:02:02 2026 by llama3.2 3B Q4_K_M
