Summary
Cisco patched a critical authentication bypass (CVE-2026-20182, CVSS 10.0) in Catalyst SD-WAN components that allows remote attackers to gain administrative control and manipulate network fabric configurations. The flaw is being exploited in the wild and follows a similar critical vulnerability used by threat actors since 2023.
Take Action:
Make sure all Cisco Catalyst SD-WAN Controller and Manager components are isolated publick access and only accessible from expected peer systems and networks, especially UDP port 12346 and TCP port 830. Then do a very qick upgrade to a fixed version and check logs for unauthorized peering, suspicious SSH keys in the vmanage-admin account, and signs of log tampering.
Read the full article on BeyondMachines
This article was originally published on BeyondMachines
Top comments (0)