Attackers exploiting unpatched Cisco SD-WAN flaw
Summary
Cisco has warned of an actively exploited, high-severity vulnerability in its Catalyst SD-WAN Manager. The flaw allows authenticated attackers with netadmin privileges to escalate to root and take over the system. While a patch is not yet available, Cisco recommends upgrading to the latest version and monitoring logs for indicators of compromise.
IFF Assessment
This article details a high-severity vulnerability being actively exploited by attackers, which is bad news for defenders as it presents a direct threat to network infrastructure.
Severity
The CVSS score of 7.8 (high) is derived from the article. It's rated less than critical because it requires local access and netadmin privileges to exploit, which can be obtained through stolen credentials or by exploiting prior authentication bypass flaws.
CISA KEV: Listed as actively exploited. Federal patch due: February 27, 2026. Known ransomware use: Unknown.
Defender Context
This vulnerability in Cisco SD-WAN Manager is critical for defenders managing enterprise network infrastructure, as it allows for privilege escalation to root access. Organizations should prioritize upgrading their systems and diligently monitor logs for indicators of compromise to detect and respond to potential exploitation.