{"id":229433,"date":"2026-06-10T11:53:00","date_gmt":"2026-06-10T15:53:00","guid":{"rendered":"https:\/\/testing.news-you-need.com\/index.php\/2026\/06\/10\/cisa-researchers-warn-of-escalating-attacks-using-cisco-catalyst-sd-wan-flaws\/"},"modified":"2026-06-10T12:00:09","modified_gmt":"2026-06-10T16:00:09","slug":"cisa-researchers-warn-of-escalating-attacks-using-cisco-catalyst-sd-wan-flaws","status":"publish","type":"post","link":"https:\/\/testing.news-you-need.com\/index.php\/2026\/06\/10\/cisa-researchers-warn-of-escalating-attacks-using-cisco-catalyst-sd-wan-flaws\/","title":{"rendered":"CISA, researchers warn of escalating attacks using Cisco Catalyst SD-WAN flaws"},"content":{"rendered":"<p><a href=\"https:\/\/www.cybersecuritydive.com\/news\/cisa-zero-day-cisco-catalyst-vulnerabilities\/822494\/\">CISA, researchers warn of escalating attacks using Cisco Catalyst SD-WAN flaws<\/a><\/p>\n<p><a href=\"https:\/\/www.cybersecuritydive.com\/news\/cisa-zero-day-cisco-catalyst-vulnerabilities\/822494\/\">https:\/\/www.cybersecuritydive.com\/news\/cisa-zero-day-cisco-catalyst-vulnerabilities\/822494\/<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-06-10 11:53:00<\/a><\/p>\n<p>Source Domain: <a href=\"www.cybersecuritydive.com\">www.cybersecuritydive.com<\/a><\/p>\n<p>Author: <a href=\"\"><\/a><\/p>\n<p> Using an unordered list, summarize the following article with between 4 and 8 key points. <\/p>\n<p>The Cybersecurity and Infrastructure Security Agency on Tuesday added a zero-day flaw in the Cisco Catalyst SD-WAN product line to its Known Exploited Vulnerabilities catalog.\u00a0<br \/>\nThe flaw, tracked as CVE-2026-20245, could allow an attacker to execute arbitrary commands as root. The vulnerability, which has a severity score of 7.8, could enable an attacker to conduct command injection attacks on a targeted system.\u00a0<br \/>\nCisco on Thursday said it had observed limited cases where the flaw was exploited in order to push configuration changes to edge devices. Cisco said in order to exploit the vulnerability, an attacker needs to have network adminstrator privileges on an affected system.\u00a0<br \/>\nIn order to launch these attacks, a hacker would require valid credentials or have previously exploited CVE-2026-20182 or CVE-2026-20127.\u00a0<\/p>\n<p>Escalating threat<br \/>\nCisco disclosed CVE-2026-20182 in May. The authentication bypass vulnerability has a severity score of 10, the highest level on the scale.\u00a0\u00a0<br \/>\nResearchers at Rapid7 told Cybersecurity Dive the activity fits a pattern of exploitation seen in SD-WAN products.\u00a0<br \/>\n\u201cThe authentication bypasses are the front door, and once threat actors are through they chain additional vulnerabilities to deepen their access,\u201d said Jonah Burgess, senior security researcher at Rapid7.<br \/>\nCisco Talos researchers linked the May threat activity to a cluster tracked as UAT-8616.<br \/>\nCISA in May issued an updated advisory noting the exploitation of vulnerabilities in Cisco SD-WAN has been an ongoing issue. The agency warned that threat actors have been exploiting CVE-2026-20127 to gain initial access, and then used CVE-2022-20775 to escalate privileges and gain long-term persistence in Cisco SD-WAN systems.\u00a0<br \/>\nIn coordination with another federal agency, CISA found evidence of exploitation of CVE-2026-20182 starting in April.\u00a0<br \/>\nCisco on Friday said customers should upgrade to the fixed software release issued in May in response to CVE-2026-20182. The company is still working on a patch to address the newly disclosed vulnerability, CVE-2026-20245.\u00a0<\/p>\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>CISA, researchers warn of escalating attacks using Cisco Catalyst SD-WAN flaws https:\/\/www.cybersecuritydive.com\/news\/cisa-zero-day-cisco-catalyst-vulnerabilities\/822494\/ Publish Date: 2026-06-10&#8230;<\/p>\n","protected":false},"author":1,"featured_media":229434,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/imgproxy.divecdn.com\/-n9D2R0fM9WKHZ9kDUDzx7Oz-3FVcDhwUfnPySRMSnk\/g:ce\/rs:fit:770:435\/Z3M6Ly9kaXZlc2l0ZS1zdG9yYWdlL2RpdmVpbWFnZS9HZXR0eUltYWdlcy0xMTY3MTM1MzY1LmpwZw==.webp","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[24,31,35,27],"class_list":["post-229433","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-cybersecurity","tag-exploit","tag-hacker","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/229433"}],"collection":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=229433"}],"version-history":[{"count":1,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/229433\/revisions"}],"predecessor-version":[{"id":229436,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/229433\/revisions\/229436"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/229434"}],"wp:attachment":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=229433"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=229433"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=229433"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}