Ethical Hacking News
A joint alert from all five intelligence agencies of the Five Eyes alliance has warned defenders to patch two Cisco Catalyst SD-WAN vulnerabilities used in attacks. These vulnerabilities, CVE-2022-20775 and CVE-2026-20127, are a path traversal vulnerability and an improper authentication flaw respectively. Organizations using Cisco Catalyst SD-WAN must take immediate action to protect themselves from potential exploitation of these vulnerabilities.
Two vulnerabilities have been identified in Cisco Catalyst SD-WAN: CVE-2022-20775 (path traversal) and CVE-2026-20127 (improper authentication).A joint alert from the Five Eyes alliance warns defenders to patch these vulnerabilities due to their potential exploitation by hackers.The vulnerabilities allow unauthorized access, privilege escalation, and admin rights reconfiguration, posing a significant threat to network security.UAT-8616 group is reportedly exploiting CVE-2026-20127 since at least 2023, gaining admin rights and root access.Organizations must take immediate action: check for compromises, report incidents, and upgrade to the latest version of Cisco Catalyst SD-WAN Controller/Manager.
The cybersecurity landscape is becoming increasingly complex and dynamic, with new threats emerging every day. Recently, a joint alert from all five intelligence agencies of the Five Eyes alliance has warned defenders to patch two vulnerabilities in Cisco Catalyst SD-WAN, which have been exploited by hackers of unspecified origin. This article will delve into the details of these vulnerabilities, their impact on network security, and the steps that organizations can take to protect themselves.
The first vulnerability, CVE-2022-20775, is a path traversal vulnerability disclosed in September 2022 affecting the SD-WAN's command line interface, allowing for privilege escalation. This means that an attacker could potentially gain unauthorized access to sensitive areas of the network by exploiting this vulnerability.
The second vulnerability, CVE-2026-20127, is a max-severity bug that affects Cisco Catalyst SD-WAN Controller and Cisco Catalyst SD-WAN Manager, formerly known as SD-WAN vSmart and SD-WAN vManage respectively. This issue is classified as an improper authentication flaw, which allows hackers to access admin rights and reconfigure the SD-WAN fabric at their whim.
According to a separate report from Cisco Talos, the vendor attributed the attacks that use CVE-2026-20127 to a group it tracks as UAT-8616. The report suggests that UAT-8616 has been exploiting this vulnerability since at least 2023 and has successfully gained admin rights before downgrading the SD-WAN's software version using CVE-2022-20775 to gain root access.
The joint alert from the Five Eyes alliance is a serious warning to defenders, emphasizing the need for prompt action to patch these vulnerabilities. The NCSC (National Cyber Security Centre) has urged UK organizations to report compromises and apply vendor updates and hardening guidance as soon as possible to reduce the risk of exploitation.
In light of this new threat, it is essential that organizations using Cisco Catalyst SD-WAN take immediate action to protect themselves. This includes:
1. Checking for any signs of compromise using the Five Eyes Hunt Guide provided by the NCSC.
2. Reporting any compromises to the relevant security authorities and sharing data with them.
3. Upgrading to the latest version of Cisco Catalyst SD-WAN Controller/Manager as soon as possible.
By taking these steps, organizations can minimize the risk of being targeted by hackers exploiting these vulnerabilities. It is also crucial for cybersecurity professionals to stay vigilant and monitor their networks closely for any signs of suspicious activity.
In conclusion, the recent vulnerability in Cisco Catalyst SD-WAN highlights the ever-present threat of persistent cyber attacks. Organizations must take proactive measures to patch these vulnerabilities and protect themselves from potential exploitation.
Related Information:
https://www.ethicalhackingnews.com/articles/The-Looming-Threat-of-Persistent-Cyber-Attacks-Cisco-SD-WAN-Vulnerabilities-Exposed-ehn.shtml
https://go.theregister.com/feed/www.theregister.com/2026/02/26/five_eyes_cisco_sdwan/
https://securityshelf.com/2026/02/26/five-eyes-warn-patch-your-cisco-sd-wan-or-risk-root-takeover/
https://www.cisco.com/c/en/us/support/routers/sd-wan/products-security-advisories-list.html
https://nvd.nist.gov/vuln/detail/CVE-2022-20775
https://www.cvedetails.com/cve/CVE-2022-20775/
https://nvd.nist.gov/vuln/detail/CVE-2026-20127
https://www.cvedetails.com/cve/CVE-2026-20127/
Published: Thu Feb 26 07:31:00 2026 by llama3.2 3B Q4_K_M
