Mandiant says an attacker used rogue Cisco Catalyst SD-WAN peering, admin password manipulation, and CVE-2026-20245 to gain root access through a malicious CSV upload. The new details make the June SD-WAN advisories an incident-response problem, not just a patching task.
CISA’s June 23 remediation deadline covers three actively exploited flaws across Cisco Catalyst SD-WAN Manager, Google Chrome’s V8 engine, and Arista EOS. The useful move for security teams is not treating them as one patch chore, but triaging each layer: network control plane, browsers, and tunnel decapsulation paths.