Summary
Cisco reports a critical authentication bypass (CVE-2026-20127) in Catalyst SD-WAN being exploited by threat actor UAT-8616 to gain root access and manipulate network fabrics. The actor uses a complex chain involving software downgrades and path traversal to maintain long-term persistence in high-value targets.
Take Action:
If you are using Cisco Catalyst SD-WAN Controller or Cisco Catalyst SD-WAN Manager this is urgent. The flaw is already exploited so your SD-WAN might already be compromised without showing obvious signs. Immediately audit your logs for unauthorized SSH keys and peering events, then apply the latest Cisco security updates. Until you patch, restrict access to ports 22 and 830 to trusted controller IPs.
Read the full article on BeyondMachines
This article was originally published on BeyondMachines
Top comments (0)