N2CON
Open menu

A Rough Year for Edge Security

The last 12 months have exposed some serious holes in firewalls, VPNs, and SD-WAN equipment. Here's what IT teams need to know.

Ed Brownlee full profile photo
Ed Brownlee CTO | N2CON

If you’ve been paying attention to security news, you already know this has been a rough stretch for edge devices. But it’s worth stepping back and looking at the pattern — because there’s a clear message in all of it.

The Big Picture

What we’ve seen in the last year isn’t just bad luck. It’s a reminder that the devices sitting at the edge of your network — the things protecting your perimeter — are as vulnerable as anything else. Maybe more so.

Here’s the rundown:

  1. Cisco SD-WAN (CVE-2026-20127) — Authentication bypass, zero-day, active exploitation. This is your edge routing infrastructure being actively attacked.

  2. Cisco ASA/FTD — Three CVEs (20333, 20362, 20363) covering buffer overflow, auth bypass, and heap overflow. Real attack campaigns, real damage.

  3. Fortinet FortiOS / FortiVPN — Multiple issues including CVE-2024-21762 (SSL-VPN RCE) and CVE-2024-55591 (firewall management zero-day).

  4. FortiCloud SSO — CVE-2025-59718 and 59719 let attackers create admin access and export configs. Automated attacks, not just theoretical.

  5. FortiWeb — CVE-2025-25257, critical SQL injection in your web application firewall.

That’s a lot of firepower aimed at the perimeter.

The Vendor Myth

Here’s the thing that trips up smaller organizations: they assume big-name vendors mean fewer problems. That’s not how this works. Cisco and Fortinet are legitimate targets — in fact, their market share makes them more attractive to attackers. More compromised devices = more ROI for the bad guys.

The smaller vendors aren’t necessarily safer either. Many smaller organizations run these enterprise-grade devices without the visibility they need to detect a compromise. You might not know for months that someone’s been inside.

What You Can Actually Do

This isn’t a sales pitch — it’s just reality. The basics matter:

  • Know what you’re running — Every device, every version. If you don’t have an inventory, start one today.
  • Watch your logs — These edge devices generate a lot of noise. But the right signals — failed auth attempts from new sources, unexpected admin sessions — are worth investigating.
  • Patch or mitigate — I know, easier said than done. But when a CVE has active exploitation, the window for “wait and see” gets very small.

Related: Our Managed Security services include continuous monitoring and vulnerability management for edge infrastructure.