Cisco SD-WAN Vulnerability Exposes Edge Device Configuration

EXECUTIVE SUMMARY:

Multiple security vulnerabilities have been identified in Cisco SD-WAN Manager (formerly vManage) versions prior to the upcoming release. The flaws include a command injection vulnerability that enables remote code execution and privilege escalation to root, as well as related weaknesses that can be leveraged for unauthorized configuration changes on edge devices. Exploitation requires an authenticated attacker with netadmin rights, but chaining with other exploits can lower the barrier. Successful attacks allow adversaries to execute arbitrary commands, alter network policies, and potentially gain full control of the SD‑WAN infrastructure, exposing corporate data and disrupting critical services.[emaillocker id="1283"]

• CVE-2026-20245 – A command injection flaw in the CLI of Cisco SD‑WAN Manager that permits an authenticated netadmin to upload a crafted file and execute arbitrary commands as root; exploitation grants full system control.
• CVE-2026-20182 – An existing vulnerability that can be chained with CVE-2026-20245 to achieve complete network takeover; it typically requires an initial foothold obtained through another exploit.

The combined risk is high and requires immediate attention, as active exploitation has been observed in the wild. If leveraged, attackers can seize control of SD‑WAN devices, disrupt connectivity, and compromise sensitive corporate data, leading to operational downtime and reputational damage.

RECOMMENDATION:

• We recommend you to update Cisco SD-WAN Manager to given version link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-privesc-4uxFrdzx https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-rpa2-v69WY2SW

REFERENCES:

The following reports contain further technical details:
https://securityonline.info/cisco-sd-wan-vulnerability-exploited/