"Malicious cyber threat actors are targeting Cisco Catalyst SD-WAN used by organizations globally. These actors are compromising SD-WANs to add a malicious rogue peer and then conduct a range of follow-on actions to achieve root access and maintain persistent access to the SD-WAN."
"The second is CVE-2026-20127 (10.0), a max-severity bug fresh off the press this week. Classed as an improper authentication flaw, the issue affects Cisco Catalyst SD-WAN Controller and Cisco Catalyst SD-WAN Manager, formerly known as SD-WAN vSmart and SD-WAN vManage respectively."
"According to a separate report from Cisco Talos, the vendor attributed the attacks that use CVE-2026-20127 to a group it tracks as UAT-8616 and said current signals suggest it has been exploited since at least 2023."
The Five Eyes intelligence alliance has issued an urgent warning about two Cisco Catalyst SD-WAN vulnerabilities being actively exploited by threat actors. The first vulnerability, CVE-2022-20775, is a path traversal flaw affecting the command line interface enabling privilege escalation. The second, CVE-2026-20127, is a critical authentication flaw with a perfect 10.0 CVSS score affecting the SD-WAN Controller and Manager. Attackers exploit these vulnerabilities to add malicious rogue peers, achieve root access, and maintain persistent access to SD-WAN infrastructure. Cisco Talos attributes the attacks to group UAT-8616, with exploitation dating back to at least 2023. The threat actors reportedly use CVE-2026-20127 first to gain admin rights, then exploit CVE-2022-20775 to downgrade software and achieve root access.
#cisco-sd-wan-vulnerabilities #five-eyes-intelligence #critical-security-patches #persistent-threat-actors #network-infrastructure-attacks
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]