Cisco warns of unpatched SD-WAN zero-day exploited in attacks
Summary
Cisco has issued a warning about a critical, unpatched zero-day vulnerability (CVE-2026-20245) in its Catalyst SD-WAN Manager. This vulnerability allows attackers to escalate privileges to root, and it is already being actively exploited in the wild.
IFF Assessment
The active exploitation of a high-severity, unpatched zero-day vulnerability represents a significant threat to organizations relying on Cisco SD-WAN Manager.
Severity
The vulnerability allows for root privilege escalation, which is a critical impact. Given it's a zero-day actively exploited and likely has an easily accessible attack vector, a high CVSS score is appropriate.
Defender Context
Defenders should prioritize patching or implementing mitigating controls for Cisco Catalyst SD-WAN Manager immediately. This zero-day is a prime target for attackers seeking to gain deep control over network infrastructure.