Your SD-WAN management plane is facing a secondary wave of exploitation. π
CVE-2026-20122 Β· Severity 7.1 Β· Active Arbitrary File Overwrite in Cisco Catalyst SD-WAN Manager.
Following last week’s critical zero-day, @[Cisco](urn:li:organization:1063) has confirmed that two additional vulnerabilities in the Catalyst SD-WAN Manager are now under active exploitation. CVE-2026-20122 allows an authenticated, remote attacker to overwrite arbitrary files, potentially leading to a full system compromise.
A second flaw, CVE-2026-20128, allows local attackers to escalate privileges to the Data Collection Agent (DCA) user. While these require valid credentials, attackers are pairing them with previous bypasses to achieve deeper persistence and move laterally across the management network.
The uncomfortable truth: Patching the initial critical flaw is not enough when secondary vulnerabilities are already being weaponized to maintain access.
β Apply the latest maintenance updates for Cisco Catalyst SD-WAN Manager today.
β Rotate all administrative credentials used on the SD-WAN management plane.
β Monitor for unauthorized file modifications and unexpected administrative account reboots.
Are you still relying on legacy credentials for your core network management tools? π
#Cybersecurity #NetworkSecurity #PatchManagement #Infosec #SecurityLeadership #CodeDefence