Mandiant has detailed a sophisticated attack chain targeting Cisco Catalyst SD-WAN Manager devices at a communications service provider. The threat actors exploited CVE-2026-20245, a high-severity command injection vulnerability, to escalate privileges after gaining initial access to the management platform. This flaw allowed authenticated attackers to execute arbitrary commands with root-level permissions by uploading a specially crafted CSV file. <a href="

Read the original article