{"id":265489,"date":"2026-06-06T00:19:00","date_gmt":"2026-06-06T04:19:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/06\/06\/cisco-catalyst-sd-wan-manager-cve-2026-20245-flaw-actively-exploited-no-patch-available\/"},"modified":"2026-06-06T01:25:10","modified_gmt":"2026-06-06T05:25:10","slug":"cisco-catalyst-sd-wan-manager-cve-2026-20245-flaw-actively-exploited-no-patch-available","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/06\/06\/cisco-catalyst-sd-wan-manager-cve-2026-20245-flaw-actively-exploited-no-patch-available\/","title":{"rendered":"Cisco Catalyst SD-WAN Manager CVE-2026-20245 Flaw Actively Exploited \u2013 No Patch Available"},"content":{"rendered":"<p><a href=\"https:\/\/thehackernews.com\/2026\/06\/cisco-catalyst-sd-wan-manager-cve-2026.html\">Cisco Catalyst SD-WAN Manager CVE-2026-20245 Flaw Actively Exploited \u2013 No Patch Available<\/a><\/p>\n<p><a href=\"https:\/\/thehackernews.com\/2026\/06\/cisco-catalyst-sd-wan-manager-cve-2026.html\">https:\/\/thehackernews.com\/2026\/06\/cisco-catalyst-sd-wan-manager-cve-2026.html<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-06-06 00:19:00<\/a><\/p>\n<p>Source Domain: <a href=\"thehackernews.com\">thehackernews.com<\/a><\/p>\n<p><span class=\"p-author\">\ue804<span class=\"author\">Ravie Lakshmanan<\/span>\ue802<span class=\"author\">Jun 06, 2026<\/span><\/span><span class=\"p-tags\">Vulnerability \/ Network Security<\/span><\/p>\n<p>Cisco has warned that a high-severity security flaw impacting Catalyst SD-WAN Manager has come under active exploitation.<\/p>\n<p>The vulnerability, tracked as CVE-2026-20245, carries a CVSS score of 7.8 out of a maximum of 10.0. It affects the following deployment types &#8211;<\/p>\n<ul>\n<li>On-Prem Deployment<\/li>\n<li>Cisco SD-WAN Cloud-Pro<\/li>\n<li>Cisco SD-WAN Cloud (Cisco Managed)<\/li>\n<li>Cisco SD-WAN for Government (FedRAMP)<\/li>\n<\/ul>\n<p>&#8220;A vulnerability in the CLI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, local attacker to execute arbitrary commands as root by supplying a crafted file to the affected system,&#8221; Cisco said in an advisory.<\/p>\n<p>The network security company said the vulnerability is the result of insufficient validation of user-supplied input, which an attacker could exploit by uploading a crafted file to the affected system. This, in turn, could permit the attacker to perform command injection attacks and elevate their privileges as the root user.<\/p>\n<p>&#8220;To exploit this vulnerability, the attacker must have netadmin privileges on the affected system,&#8221; Cisco added. &#8220;This would require valid credentials or exploitation of CVE-2026-20182 or CVE-2026-20127. Cisco is not aware of successful exploitation by other methods.&#8221;<\/p>\n<p>CVE-2026-20182 (CVSS score: 10.0) was disclosed last month by Rapid7, describing it as an authentication bypass that could enable unauthenticated, remote attackers to obtain administrative privileges on susceptible systems. It&#8217;s also assessed to be similar to CVE-2026-20127, another case of authentication bypass impacting the same component.<\/p>\n<p>Both vulnerabilities have been exploited in the wild as zero-days, with a threat activity cluster dubbed UAT-8616 linked to the abuse of CVE-2026-20127 as far back as 2023.<\/p>\n<p>In its advisory released Thursday, Cisco said it observed limited cases where the exploitation of CVE-2026-20245 resulted in a configuration change pushed to edge&#8230;<\/p>\n<p><a href=\"https:\/\/thehackernews.com\/2026\/06\/cisco-catalyst-sd-wan-manager-cve-2026.html\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Cisco Catalyst SD-WAN Manager CVE-2026-20245 Flaw Actively Exploited \u2013 No Patch Available https:\/\/thehackernews.com\/2026\/06\/cisco-catalyst-sd-wan-manager-cve-2026.html Publish Date:&#8230;<\/p>\n","protected":false},"author":1,"featured_media":265490,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhYckKvOFV_Xz1o-nUKCcjlMQmOxdFC6FMzIjMnE4GSPPJ9kQxDLqOmK9WhofViemB5grKkMJDV_KPnQAuLci5RtV3sCOei2Fzk31qOdIk3Jeroj_6NVxoa0VX0Bw5nwwzffBp4o3hoDysRntjOxTR7akhfDV_1ZIpmcQKFMsxdvb00KYypSv7daJTqYHXb\/s1600\/cisco-exploit.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[90,89,29,57,27],"class_list":["post-265489","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-cve","tag-flaw","tag-network-security","tag-security","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/265489"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=265489"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/265489\/revisions"}],"predecessor-version":[{"id":265491,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/265489\/revisions\/265491"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/265490"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=265489"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=265489"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=265489"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}