Summary

Cisco patched a critical authentication bypass (CVE-2026-20182, CVSS 10.0) in Catalyst SD-WAN components that allows remote attackers to gain administrative control and manipulate network fabric configurations. The flaw is being exploited in the wild and follows a similar critical vulnerability used by threat actors since 2023.

Take Action:

Make sure all Cisco Catalyst SD-WAN Controller and Manager components are isolated publick access and only accessible from expected peer systems and networks, especially UDP port 12346 and TCP port 830. Then do a very qick upgrade to a fixed version and check logs for unauthorized peering, suspicious SSH keys in the vmanage-admin account, and signs of log tampering.

Read the full article on BeyondMachines

This article was originally published on BeyondMachines