Act now! Cisco patches ‘perfect 10’ Cisco Catalyst SD-WAN Controller vulnerability

“This vulnerability exists because the peering authentication mechanism in an affected system is not working properly. An attacker could exploit this vulnerability by sending crafted requests to the affected system,” Cisco said in a 14 May security advisory.

“A successful exploit could allow the attacker to log in to an affected Cisco Catalyst SD-WAN Controller as an internal, high-privileged, non-root user account. Using this account, the attacker could access NETCONF, which would then allow the attacker to manipulate network configuration for the SD-WAN fabric.”

The vulnerability impacts all configurations of Cisco Catalyst SD-WAN Controller and Cisco Catalyst SD-WAN Manager, regardless of deployment type.

While there is no workaround for this vulnerability, Cisco has released a series of software updates; however, some releases that are at end-of-life may require upgrades to a supported release.

Rapid7 has published a proof-of-concept exploitation of the vulnerability, which can be found here.

“Cisco values the role of the security research community in helping maintain a secure ecosystem, and we appreciate the collaboration with Rapid7. We have released a software update to remediate the identified vulnerability,” Cisco said.

VIEW ALL

“We remain committed to transparent communication and to providing our customers with the robust security and resilience they expect.”

The vulnerability is already being actively exploited, and has been added to the United States Cybersecurity and Infrastructure Security Agency’s Known Exploited Vulnerabilities Catalog as of 14 May. According to Cisco, however, the exploitation is so far “limited”.

“In May 2026, the Cisco Product Security Incident Response Team (PSIRT) became aware of limited exploitation of this vulnerability,” Cisco said.

“Cisco strongly recommends that customers upgrade to a fixed software release to remediate this vulnerability.”