Cisco has issued an urgent security advisory warning that a high-severity flaw in its Catalyst SD-WAN Manager is being actively exploited in the wild — and no patch is currently available.
The vulnerability, tracked as CVE-2026-20245, carries a CVSS score of 7.8 out of 10.0 and affects a broad range of deployment types, including on-premises installations, Cisco SD-WAN Cloud-Pro, Cisco SD-WAN Cloud (Cisco-managed), and the FedRAMP-accredited government variant. The breadth of affected environments means both commercial enterprises and US government networks using the platform are potentially exposed.
Management-Plane Risks Amplify the Threat
What makes this vulnerability particularly alarming is its target. SD-WAN Manager serves as the centralised management plane for Cisco's software-defined wide-area networking deployments. In many organisations, this platform controls the configuration and topology of hundreds or even thousands of network devices spanning multiple sites.
Compromising the management plane does not simply affect a single device — it can grant an attacker visibility into and control over an entire network fabric. From that vantage point, an adversary could push malicious configurations, reroute traffic, disable security policies, or move laterally with minimal resistance. In short, it is the kind of access that network defenders dread most.
Mitigations, but No Fix Yet
According to The Hacker News, which reported the advisory on 6 June 2026, Cisco has not yet released software updates to address the flaw. The company has, however, recommended that organisations take two immediate steps: disable the web-based management interface on affected deployments, and restrict access to the management platform to trusted internal IP addresses only.
These are interim measures designed to shrink the attack surface while a permanent fix is developed. Beyond Cisco's own guidance, security practitioners will likely want to layer on additional monitoring — for example, reviewing access logs for the management interface for anomalous connections and ensuring network segmentation limits what an attacker could reach even if they gain a foothold.
Part of a Broader Trend
The incident sits within a wider pattern of attackers targeting network management and orchestration platforms. Over the past several years, vulnerabilities in SD-WAN controllers, firewalls, and network monitoring tools have drawn increasing attention from both nation-state actors and cybercriminal groups. These platforms are attractive targets precisely because of the centralised control they offer — a single flaw can unlock access at scale.
Cisco's Catalyst SD-WAN Manager is widely deployed across industries including finance, healthcare, and government. Organisations running any of the affected deployment models should treat this advisory as a high-priority item and apply the recommended mitigations immediately. Given that exploitation is already underway and no patch exists, the window for preventive action is effectively now.
Cisco has not provided a timeline for when a software update will be available. The situation warrants close monitoring for further advisories and patches from the vendor.
思科發布緊急安全公告,警告其 Catalyst SD-WAN Manager 中的一個高風險漏洞正遭積極利用,且目前尚無可用的修補程式。
此漏洞編號為 CVE-2026-20245,通用漏洞評分系統(CVSS)評分為 7.8(滿分 10.0),影響多種部署類型,包括本地部署、Cisco SD-WAN Cloud-Pro、Cisco SD-WAN Cloud(由思科管理)以及獲得 FedRAMP 認證的政府版本。受影響環境範圍廣泛,意味著使用該平台的商業企業和美國政府網絡均可能面臨威脅。
管理平面風險加劇威脅
此漏洞尤為令人擔憂的原因在於其攻擊目標。SD-WAN Manager 是思科軟件定義廣域網部署的中央管理平面。在許多組織中,此平台負責管理跨多個站點的數百甚至數千台網絡設備的配置和拓撲結構。
入侵管理平面不僅影響單一設備,更可能使攻擊者獲得對整個網絡架構的可見性和控制權。憑藉此優勢,攻擊者可以推送惡意配置、重新路由流量、禁用安全策略,或以極小的阻力進行橫向移動。簡言之,這正是網絡防禦者最為恐懼的入侵級別。
緩解措施已有,但修補程式仍未就位
據 The Hacker News 於 2026 年 6 月 6 日報導此公告,思科尚未發布軟件更新來修復此漏洞。然而,公司建議各組織立即採取兩項措施:停用受影響部署的基於網頁的管理介面,並將對管理平台的存取權限限制為僅限受信任的內部 IP 位址。
這些是過渡性措施,旨在縮小攻擊面,同時等待永久修補程式的開發。除了思科自身的指導外,安全從業人員可能還希望疊加額外監控——例如,審查管理介面的存取日誌以發現異常連接,並確保網絡分段能限制攻擊者即使獲得立足點後所能觸及的範圍。
屬於更廣泛趨勢的一部分
此事件處於一個更廣泛的模式之中,即攻擊者日益瞄準網絡管理和編排平台。過去幾年,SD-WAN 控制器、防火牆和網絡監控工具中的漏洞已引起國家級行為者和網絡犯罪集團越來越多的關注。這些平台之所以成為誘人的目標,正是因為它們提供的集中控制能力——一個單一漏洞就能大規模解鎖存取權限。
思科的 Catalyst SD-WAN Manager 在金融、醫療和政府等多個行業廣泛部署。運行任何受影響部署模式的組織應將此公告視為高優先級事項,並立即實施建議的緩解措施。鑑於漏洞利用已在進行中且尚無修補程式,採取預防措施的窗口實際上就是現在。
思科尚未提供軟件更新的發佈時間表。情況需要密切關注供應商後續的安全公告和修補程式。