CISA and International Partners Warn of Major Cisco SD-WAN Vulnerability
The US Cybersecurity and Infrastructure Security Agency (CISA), along with international partner agencies, has issued an alert regarding active compromise of Cisco Catalyst SD-WAN systems.
According to the statement, malicious actors “have been observed exploiting a previously undisclosed authentication bypass vulnerability, CVE-2026-20127, for initial access before escalating privileges using CVE-2022-20775 and establishing long-term persistence in Cisco SD-WAN systems.”
The alert strongly urges network defenders to immediately:
- Inventory all in-scope Cisco SD-WAN systems.
- Collect artifacts, including virtual snapshots and logs of SD-WAN systems to support threat hunt activities.
- Fully patch Cisco SD-WAN systems with available updates.
- Hunt for evidence of compromise.
- Concurrently review Cisco’s latest security advisories and implement Cisco’s SD-WAN Hardening Guidance.
CISA has also issued the following directives to help address malicious activity involving vulnerable Cisco SD-WAN systems:
- Emergency Directive 26-03: Mitigate Vulnerabilities in Cisco SD-WAN Systems
- Supplemental Direction ED 26-03: Hunt and Hardening Guidance for Cisco SD-WAN Systems
Read more at CISA.
Subscribe to our ADMIN Newsletters
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Most Popular
Support Our Work
ADMIN content is made possible with support from readers like you. Please consider contributing when you've found an article to be beneficial.
