A privilege escalation vulnerability in Cisco Catalyst SD-WAN Manager is being actively exploited as a zero-day, allowing attackers to gain root-level access on affected systems. This is the second Cisco Catalyst SD-WAN Manager flaw exploited in the wild this month, suggesting targeted or opportunistic campaigns against network infrastructure. SD-WAN management planes are high-value targets as compromise can provide broad visibility and control over enterprise network traffic.

Security Architect’s Take: Patch Cisco Catalyst SD-WAN Manager immediately and audit management plane access logs for any anomalous privilege escalation activity. If patching cannot be done immediately, restrict access to the SD-WAN Manager interface to trusted IP ranges only and ensure it is not exposed to the public internet.

Original advisory: Cisco SD-WAN make-me-root bug under attack