Cisco Catalyst SD-WAN Vulnerabilities Allow Attackers to Gain Root Access
\n \t
\n
<\/BR>
\n
\n \t
\n
<\/BR><\/p>\n
An urgent security advisory from Cisco warns that multiple vulnerabilities in Cisco Catalyst SD-WAN Manager<\/a> could allow attackers to bypass authentication, gain root access, and overwrite critical files.<\/p>\n Two of these vulnerabilities are already being exploited in the wild by hackers, making immediate remediation critical.\u200b<\/p>\n The advisory details five vulnerabilities, led by CVE-2026-20129, a critical authentication bypass flaw<\/a> with a CVSS score of 9.8.<\/p>\n This bug allows a remote, unauthenticated attacker to send crafted API requests and instantly gain\u00a0netadmin\u00a0privileges.<\/p>\n Another major threat is CVE-2026-20126, which enables a local user with low privileges to escalate their access<\/a> to root on the underlying operating system.\u200b<\/p>\n As of March 2026, Cisco warns that threat actors are actively exploiting CVE-2026-20122 and CVE-2026-20128. The first flaw allows attackers with read-only credentials to overwrite arbitrary system files and gain\u00a0vmanage\u00a0rights.<\/p>\n The second issue targets the Data Collection Agent (DCA)<\/a>, allowing low-level users to steal plaintext passwords and spread their access to other affected systems.<\/p>\n Because these are being used in real-world attacks, organizations face a high risk of compromise if they do not patch their systems immediately.<\/p>\n Because there are no workarounds to block these attacks, Cisco strongly urges administrators to upgrade their software <\/a>immediately.<\/p>\n Network defenders must apply the fixed software releases, such as versions 20.9.8.2, 20.12.5.3, or 20.18.2.1, depending on their current setup.<\/p>\n Notably, Catalyst SD-WAN Manager releases 20.18 and later are naturally immune to both the critical authentication bypass and the actively exploited DCA flaw.\u200b<\/p>\n Arthur Vidineyev from the Cisco Advanced Security Initiatives Group (ASIG) originally discovered these vulnerabilities during internal testing.<\/p>\n To harden defenses, Cisco recommends restricting internet access to the SD-WAN Manager portal, turning off unused network services such as HTTP or FTP, and implementing strict firewall rules.<\/p>\n Follow us on Google News<\/a>, LinkedIn<\/a>, and X<\/a> for daily cybersecurity updates. Contact us<\/a> to feature your stories.<\/strong><\/p>\n The post Cisco Catalyst SD-WAN Vulnerabilities Allow Attackers to Gain Root Access<\/a> appeared first on Cyber Security News<\/a>.<\/p>\n<\/div>\nCisco Catalyst SD-WAN Vulnerabilities<\/strong><\/h2>\n