Cisco Catalyst SD-WAN Manager CVE-2026-20245 Flaw Actively Exploited – No Patch Available
Summary
Cisco has issued a warning that a critical vulnerability in its Catalyst SD-WAN Manager software is being actively exploited in the wild. The flaw, identified as CVE-2026-20245, has a CVSS score of 7.8 and impacts several deployment types, with no patch currently available.
IFF Assessment
The active exploitation of a critical vulnerability with no available patch represents a significant threat to organizations using the affected Cisco SD-WAN Manager software.
Severity
The CVSS score of 7.8 indicates a high-severity vulnerability, likely due to an exploitable attack vector and significant impact on confidentiality, integrity, or availability of the affected system. The fact that it's actively exploited further increases the risk.
Defender Context
This active exploitation highlights the need for immediate vigilance regarding Cisco Catalyst SD-WAN Manager deployments. Defenders should prioritize threat hunting for indicators of compromise related to this CVE and consider implementing compensating controls or workarounds if a patch is not yet available. Staying updated on Cisco's advisories is crucial.