"Our new alert makes clear that organisations using Cisco Catalyst SD-WAN products should urgently investigate their exposure to network compromise and hunt for malicious activity, making use of the new threat hunting advice produced with our international partners to identify evidence of compromise."
"An attacker could exploit this vulnerability by sending crafted requests to an affected system. A successful exploit could allow the attacker to log in to an affected Cisco Catalyst SD-WAN Controller as an internal, high-privileged, non-root user account. Using this account, the attacker could access NETCONF, which would then allow the attacker to man"
The NCSC and Five Eyes intelligence partners have identified coordinated threat activity targeting Cisco Catalyst SD-WAN products. Threat actors exploit vulnerabilities to add malicious rogue peers, gain root access, and establish persistent network access. The campaign appears indiscriminate in targeting and dates back to 2023. Cisco has patched multiple vulnerabilities in Catalyst SD-WAN Manager and Controller, with CVE-2026-20127 being the most critical—an authentication bypass flaw in the peering mechanism. Organizations are urged to investigate exposure, hunt for compromise evidence, apply vendor updates, and report incidents to the NCSC.
#cisco-catalyst-sd-wan #cybersecurity-vulnerability #authentication-bypass #threat-hunting #critical-infrastructure
Read at ComputerWeekly.com
Unable to calculate read time
Collection
[
|
...
]