Current Cisco Catalyst SD-WAN Vulnerability Now Extensively Exploited – Cyber Tech
Publicity administration firm WatchTowr experiences {that a} latest Cisco Catalyst SD-WAN vulnerability, initially exploited as a zero-day, is now getting used extra ceaselessly by risk actors.
The in-the-wild exploitation of 4 Cisco Catalyst SD-WAN vulnerabilities got here to gentle in latest weeks. Considered one of them is CVE-2026-20127, which had been exploited as a zero-day together with an older vulnerability, CVE-2022-20775, to bypass authentication, escalate privileges, and set up persistence on techniques.
Cisco Talos linked the assaults to UAT-8616, a extremely subtle risk actor of unspecified origin and motivation that has been energetic since at the least 2023.
WatchTowr’s head of proactive risk intelligence, Ryan Dewhurst, advised SecurityWeek that the tempo of exploitation for CVE-2026-20127 has — unsurprisingly — escalated rapidly.
“That is not focused exercise that was described beforehand, however now internet-wide and rising,” Dewhurst mentioned.
“In whole, the watchTowr proactive risk intelligence group has seen exploitation makes an attempt from quite a few distinctive IP addresses and noticed risk actors deploying webshells,” he defined. “The biggest spike in exercise occurred on March 4, with assaults broadly unfold throughout varied areas worldwide, and U.S.-based areas noticed barely greater exercise than others.”
The professional warned, “We count on exercise to proceed as a part of the standard lengthy tail of exploitation, as extra risk actors turn out to be concerned,” including, “With mass and opportunistic exploitation at play, any uncovered system must be thought of compromised till confirmed in any other case.”
Cisco this week up to date a February 25 advisory to tell clients concerning the exploitation of two extra Catalyst SD-WAN vulnerabilities, which might be exploited by authenticated attackers for privilege escalation: CVE-2026-20128 and CVE-2026-20122.
The corporate has not shared any particulars on the assaults exploiting these vulnerabilities, however its description signifies they’ve been chained with different flaws.
It’s unclear if the identical risk actor is behind all the campaigns concentrating on Catalyst SD-WAN vulnerabilities. Cisco not too long ago warned {that a} zero-day in Safe Electronic mail Gateway home equipment had been exploited by China-linked hackers, however once more, it’s unclear if the assaults are in any approach associated.
Associated: China-Linked Hackers Exploiting Zero-Day in Cisco Safety Gear
Associated: Cisco Patches Crucial Vulnerabilities in Enterprise Networking Merchandise
Associated: Cisco, F5 Patch Excessive-Severity Vulnerabilities
Lamborghini drops EV plan in favor of future plug-in hybrids – Cyber Tech
Information alert: Chiral publicizes $3.8m funding spherical to advance nanomaterial chip manufacturing – Cyber Tech
AIはなぜ「自分を理解できる企業」しか変革できないのか──自己認識する企業への6ステップ – Cyber Tech
About The Author
admin
Azeem Rajpoot, the author behind This Blog, is a passionate tech enthusiast with a keen interest in exploring and sharing insights about the rapidly evolving world of technology. With a background in Blogging, Azeem Rajpoot brings a unique perspective to the blog, offering in-depth analyses, reviews, and thought-provoking articles. Committed to making technology accessible to all, Azeem strives to deliver content that not only keeps readers informed about the latest trends but also sparks curiosity and discussions. Follow Azeem on this exciting tech journey to stay updated and inspired.
