"This vulnerability exists because the peering authentication mechanism in an affected system is not working properly. The threat actor could leverage the non-root user account to access NETCONF and manipulate network configuration for the SD-WAN fabric."
"The vulnerability, tracked as CVE-2026-20127 (CVSS score: 10.0), allows an unauthenticated remote attacker to bypass authentication and obtain administrative privileges on the affected system by sending a crafted request to an affected system."
"Cisco is tracking the exploitation and subsequent post-compromise activity under the moniker UAT-8616, describing the cluster as a highly sophisticated cyber threat actor."
Cisco disclosed a critical security vulnerability affecting Catalyst SD-WAN Controller and Manager that enables unauthenticated remote attackers to bypass authentication and obtain administrative privileges through crafted requests. The flaw stems from improper peering authentication mechanisms. Successful exploitation grants elevated privileges as a high-privileged non-root user account, allowing attackers to access NETCONF and manipulate SD-WAN fabric network configurations. The vulnerability affects multiple deployment types including on-premises, Cisco-hosted cloud, and FedRAMP environments. Active exploitation dating back to 2023 has been attributed to a highly sophisticated threat actor tracked as UAT-8616. Cisco has released patches across multiple software versions to address the issue.
#cisco-sd-wan-vulnerability #authentication-bypass #active-exploitation #critical-security-flaw #network-infrastructure-threat
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]