THREAT OPS › Threat News › Zero-Day Exploitation of Vulnerability (CVE-2026-20245) in Cisco Catalyst SD-WAN Manager
Zero-Day Exploitation of Vulnerability (CVE-2026-20245) in Cisco Catalyst SD-WAN Manager
<div class="block-paragraph_advanced"><p>Written by: Chester Sng, Pete Boonyakarn, Logeswaran Nadarajan, Lukasz Lamparski</p> <hr /></div> <div class="block-paragraph_advanced"><h3><span style="vertical-align: baseline;">Introduction</span><strong style="vertical-align: baseline;"> </strong></h3> <p><span style="vertical-align: baseline;">In early 2026, Mandiant identified a threat actor targeting
MITRE ATT&CK techniques
Indicators of compromise
- d966161b93100fb8905b9b81bd03e57bbc93f21534acee88999e77798e913d5bsha256
- b82936f37648518425c7d3cf9e09eaffa41d7cdb3840f6a40287e3a108880f7bsha256
- CVE-2026-20245cve
- CVE-2026-20127cve
- CVE-2026-20182cve
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-privesc-4uxFrdzxurl
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-rpa-EHchtZkurl
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-rpa2-v69WY2SWurl
- https://www.cisco.com/c/en/us/td/docs/routers/sdwan/17-x/systems-interfaces/systems-interfaces-guide-17-x/users-and-access.htmlurl
- https://www.cisco.com/c/en/us/support/web/tsd-cisco-worldwide-contacts.htmlurl
- https://sec.cloudapps.cisco.com/security/center/resources/Cisco-Catalyst-SD-WAN-HardeningGuideurl
- https://www.virustotal.com/gui/collection/d966161b93100fb8905b9b81bd03e57bbc93f21534acee88999e77798e913d5b/summaryurl
- 20.9.9.2ipv4
- 20.12.7.2ipv4
- 20.15.4.5ipv4
- 20.15.5.3ipv4
- 20.18.3.1ipv4
- 26.1.1.2ipv4
- 126.51.108.152ipv4
- 76.92.245.217ipv4
- 207.190.37.94ipv4
- 23.245.7.178ipv4
- 153.186.231.233ipv4
- 167.179.79.189ipv4
- 45.32.38.160ipv4
- 209.137.225.101ipv4