05 June 2026
Reference: CVE-2026-20245
1. What is being reported?
Cisco has identified a vulnerability in their SD-WAN Manager software that lets someone with local access and certain permissions run harmful commands as the highest-level user. This happens when the software does not properly check files uploaded to it, allowing attackers to inject commands and gain full control.
2. What this means in plain English
If an attacker gains access with specific network admin rights, they could take over your network management system, change settings, and potentially disrupt your internet connections or security. This risk is serious because it could affect how your network devices operate.
3. Could this affect a small business?
Small businesses using Cisco SD-WAN Manager with network admin access could be affected, especially if their systems are not updated. If you do not use this Cisco software or do not have network admin users who upload files, you are less likely to be impacted.
4. What to do now
- Check if your organisation uses Cisco Catalyst SD-WAN Manager or the older SD-WAN vManage software.
- Ask your IT provider if your current software version is vulnerable and if updates are available.
- Apply the recommended software updates from Cisco as soon as possible to fix the vulnerability.
- Review your network device configurations after updating to ensure no unauthorised changes were made.
5. Ask your IT provider
Can you confirm whether our Cisco SD-WAN Manager software is affected by CVE-2026-20245, and have the necessary security updates been applied?
6. Bottom line
If you use Cisco SD-WAN Manager, act quickly to update the software and protect your network from potential takeover.
Information based on CISA KEV, NVD, and reputable security news reports.