Skip to content

Cisco SD-WAN: Vulnerability Exploited Two Months Before Disclosure

Bottom line: Cisco SD-WAN devices were compromised long before vulnerability disclosure through rogue peering attacks.

A security vulnerability in Cisco SD-WAN was already being exploited by attackers two months before its public disclosure. Researchers found that attackers gained admin privileges and root-level access to SD-WAN devices through rogue peering techniques.

Security researchers documented that attackers actively exploited a vulnerability in Cisco SD-WAN solutions at least two months before disclosure. The attack scenario was based on so-called rogue peering – a technique in which attackers authenticate themselves as legitimate network devices to connect to the victim’s SD-WAN systems.

Through this access, attackers were able to obtain administrator privileges and execute commands at root level. This means complete operational control over the affected SD-WAN appliances.

For CISOs, this is a critical indicator: zero-day exploits are often used weeks or months before vendor disclosure without victims being aware. This underscores the need to continuously monitor SD-WAN infrastructure for suspicious activity and accelerate patching processes – particularly for critical peering mechanisms.


Source: www.darkreading.com · Published June 24, 2026
Lumi AI News — AI-assisted curation in accordance with Article 50 EU AI Act. Paraphrasing and classification by Lumi News Pipeline v1.7.1.

Share on: