Prva objava: 25. februar 2026
Zadnje urejanje: 26. februar 2026
Povzetek
Podjetje Cisco je objavilo več ranljivosti Cisco Catalyst SD-WAN Controller in Cisco Catalyst SD-WAN Manager naprav, ki se že aktivno izkoriščajo za nepooblaščen dostop do naprav in trajno prisotnost (angl. persistence) storilcev na napravah.
Ranljivost vpliva na naslednje vrste namestitev:
- On-Prem Deployment
- Cisco Hosted SD-WAN Cloud – Cisco Managed
- Cisco Hosted SD-WAN Cloud – FedRAMP Environment
- Cisco Hosted SD-WAN Cloud
Ukrepanje
Proizvajalec priporoča čimprejšnjo namestitev popravkov za naštete ranljivosti. Zaznane zlorabe ranljivosti sporočite na SI-CERT.
CVE oznaka:
- CVE-2026-20127 (CVSS: 10,0).
- CVE-2026-20126 (CVSS: 8,8).
- CVE-2026-20128 (CVSS: 7,5).
- CVE-2026-20122 (CVSS: 5,4).
Povezave
- https://blog.talosintelligence.com/uat-8616-sd-wan/
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-rpa-EHchtZk
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-authbp-qwCX8D4v
- https://sec.cloudapps.cisco.com/security/center/resources/Cisco-Catalyst-SD-WAN-HardeningGuide
- https://www.cyber.gc.ca/en/alerts-advisories/cisco-security-advisory-av26-166
- https://www.cyber.gov.au/sites/default/files/2026-02/ACSC-led%20Cisco%20SD-WAN%20Hunt%20Guide.pdf