#cisco

3 analyses tagged cisco, sorted newest first.

high 3 sources
Cisco Catalyst SD-WAN Manager CVE-2026-20262: KEV Path Traversal in the Management Plane
CISA added Cisco Catalyst SD-WAN Manager CVE-2026-20262 to KEV on 2026-06-15 with a 2026-06-29 due date. Cisco says authenticated attackers with at least write access can abuse a web-UI file-upload path traversal to create or overwrite files on affected systems across all SD-WAN deployment types.

#cisco #sd-wan #cisa-kev #path-traversal #management-plane #zero-day

2026-06-15
high 4 sources
Cisco Catalyst SD-WAN Manager CVE-2026-20245: KEV CLI Privilege Escalation to Root
CISA added CVE-2026-20245 to KEV on 2026-06-09. Cisco scopes the authenticated local command-injection flaw to Catalyst SD-WAN Controller, Manager, and Validator and lists fixed 20.18.3.1 and 26.1.1.2 releases as of 2026-06-10.

#cisco #sd-wan #cisa-kev #privilege-escalation #zero-day

2026-06-09
critical 6 sources
Cisco Catalyst SD-WAN CVE-2026-20182: KEV Control-Plane Exposure
CISA added Cisco Catalyst SD-WAN CVE-2026-20182 to KEV on 2026-05-14. Cisco confirmed limited exploitation, published fixed releases, and documented vmanage-admin authentication and anomalous control-connection evidence for compromise review.

#cisco #sdwan #cisa-kev #zero-day #vulnerability-response

2026-05-26