Forwarded from Taiwan Computer Network Crisis Management and Coordination Center: Cybersecurity Alert TWCERTCC-200-202605-00000011

[Content Description]
Cisco Catalyst SD-WAN is Cisco's cloud-centric software-defined wide area network (SD-WAN) architecture, providing centralized management, security encryption, and application performance optimization to ensure reliable connectivity in multi-cloud environments. Cisco recently released a major cybersecurity advisory.

【CVE-2026-20182, CVSS: 10.0】 This vulnerability exists in the Cisco Catalyst SD-WAN Controller (formerly vSmart) and Catalyst SD-WAN Manager (formerly vManage), allowing remote attackers to send specially crafted requests to bypass authentication and gain access to a high-privilege (non-root) internal account.

Attackers can then use this high-privilege account to access NETCONF, modify SD-WAN network configurations, establish malicious network nodes, and conduct in-depth attacks on enterprise/organizational networks. Note: Cisco Catalyst SD-WAN Controller (formerly vSmart) and Cisco Catalyst SD-WAN Manager (formerly vManage) have been found to be actively used in attack campaigns. Please take immediate action.

[Affected Platforms]
Cisco Catalyst SD-WAN On-Prem Deployment, Cisco SD-WAN Cloud-Pro, Cisco SD-WAN Cloud (Cisco Managed), Cisco SD-WAN for Government (FedRAMP)

[Recommended Actions]
Patch according to the solutions released on the official website:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-rpa2-v69WY2SW