{"id":236828,"date":"2026-06-25T03:30:08","date_gmt":"2026-06-25T07:30:08","guid":{"rendered":"https:\/\/testing.news-you-need.com\/index.php\/2026\/06\/25\/cisco-sd-wan-zero-day-exploited-months-before-patching\/"},"modified":"2026-06-25T03:30:10","modified_gmt":"2026-06-25T07:30:10","slug":"cisco-sd-wan-zero-day-exploited-months-before-patching","status":"publish","type":"post","link":"https:\/\/testing.news-you-need.com\/index.php\/2026\/06\/25\/cisco-sd-wan-zero-day-exploited-months-before-patching\/","title":{"rendered":"Cisco SD-WAN Zero-Day Exploited Months Before Patching"},"content":{"rendered":"<p><a href=\"https:\/\/www.securityweek.com\/cisco-sd-wan-zero-day-exploited-months-before-patching\/\">Cisco SD-WAN Zero-Day Exploited Months Before Patching<\/a><\/p>\n<p><a href=\"https:\/\/www.securityweek.com\/cisco-sd-wan-zero-day-exploited-months-before-patching\/\">https:\/\/www.securityweek.com\/cisco-sd-wan-zero-day-exploited-months-before-patching\/<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-06-25 02:08:43<\/a><\/p>\n<p>Source Domain: <a href=\"www.securityweek.com\">www.securityweek.com<\/a><\/p>\n<h3>Google\u2019s Mandiant team reports a Cisco Catalyst SD-WAN zero-day attack<\/h3>\n<p>In early 2026, Google\u2019s Mandiant team investigated and documented an attack wherein an unidentified threat actor exploited a zero-day vulnerability in Cisco\u2019s Catalyst SD-WAN Manager software. The vulnerability, CVE-2026-20245, enabled the attacker unauthorized root-level access by executing arbitrary commands through the CLI. Mandiant identified this exploitation after observing attacks targeting an SD-WAN infrastructure at a service provider. Hackers initially accessed the SD-WAN Manager via SSH using the \u2018vmanage-admin\u2019 account before escalating privileges using CVE-2026-20245 and modifying the default admin password to avoid detection. The successful compromise highlighted the living off the edge tactics employed by attackers who focus on network appliances to bypass security measures. Additionally, separate reports noted attacks exploiting other zero-day vulnerabilities, suggesting an ongoing zero-day campaign against related network infrastructures.<\/p>\n<h4>Key Points:<\/h4>\n<ul>\n<li>The attacker exploited CVE-2026-20245, a zero-day vulnerability in Cisco Catalyst SD-WAN Manager, leading to full root-level access.<\/li>\n<li>Initial SSH access to the device was achieved using the \u2018vmanage-admin\u2019 account.<\/li>\n<li>To evade detection, attackers deleted attack files, altered configurations, and made sure there was no trace of their activities.<\/li>\n<li>This incident highlights a trend where adversaries target network appliances to bypass traditional security methods.<\/li>\n<li>Similar zero-day exploits have been identified in other Cisco devices, indicating widespread attempts to compromise network infrastructures.<\/li>\n<\/ul>\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Cisco SD-WAN Zero-Day Exploited Months Before Patching https:\/\/www.securityweek.com\/cisco-sd-wan-zero-day-exploited-months-before-patching\/ Publish Date: 2026-06-25 02:08:43 Source Domain: www.securityweek.com&#8230;<\/p>\n","protected":false},"author":1,"featured_media":236829,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/www.securityweek.com\/wp-content\/uploads\/2024\/07\/Cisco-switches-network.jpeg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[34,27],"class_list":["post-236828","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-threat-actor","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/236828"}],"collection":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=236828"}],"version-history":[{"count":1,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/236828\/revisions"}],"predecessor-version":[{"id":236830,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/236828\/revisions\/236830"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/236829"}],"wp:attachment":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=236828"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=236828"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=236828"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}