N2CON TECHNOLOGY
Open menu

A Rough Year for Edge Security

The last 12 months have exposed some serious holes in firewalls, VPNs, and SD-WAN equipment. Here's what IT teams need to know.

Ed Brownlee full profile photo
Ed Brownlee CTO | N2CON

If you’ve been paying attention to security news, you already know this has been a rough stretch for edge devices. But it’s worth stepping back and looking at the pattern — because there’s a clear message in all of it.

The Big Picture

What we’ve seen in the last year isn’t just bad luck. It’s a reminder that the devices sitting at the edge of your network — the things protecting your perimeter — are as vulnerable as anything else. Maybe more so.

Here’s the rundown:

  1. Cisco SD-WAN (CVE-2026-20127) — Authentication bypass, zero-day, active exploitation. This is your edge routing infrastructure being actively attacked.

  2. Cisco ASA/FTD — Three CVEs (20333, 20362, 20363) covering buffer overflow, auth bypass, and heap overflow. Real attack campaigns, real damage.

  3. Fortinet FortiOS / FortiVPN — Multiple issues including CVE-2024-21762 (SSL-VPN RCE) and CVE-2024-55591 (firewall management zero-day).

  4. FortiCloud SSO — CVE-2025-59718 and 59719 let attackers create admin access and export configs. Automated attacks, not just theoretical.

  5. FortiWeb — CVE-2025-25257, critical SQL injection in your web application firewall.

That’s a lot of firepower aimed at the perimeter.

The Vendor Myth

Here’s the thing that trips up smaller organizations: they assume big-name vendors mean fewer problems. That’s not how this works. Cisco and Fortinet are legitimate targets — in fact, their market share makes them more attractive to attackers. More compromised devices = more ROI for the bad guys.

The smaller vendors aren’t necessarily safer either. Many smaller organizations run these enterprise-grade devices without the visibility they need to detect a compromise. You might not know for months that someone’s been inside.

What You Can Actually Do

This isn’t a sales pitch — it’s just reality. The basics matter:

  • Know what you’re running — Every device, every version. If you don’t have an inventory, start one today.
  • Watch your logs — These edge devices generate a lot of noise. But the right signals — failed auth attempts from new sources, unexpected admin sessions — are worth investigating.
  • Patch or mitigate — I know, easier said than done. But when a CVE has active exploitation, the window for “wait and see” gets very small.

Related: Our Managed Security services include continuous monitoring and vulnerability management for edge infrastructure.

More from Ed Brownlee

View all →

AI Governance: Unlocking Benefits While Avoiding Disasters

AI offers incredible productivity gains, but without proper governance, it can amplify disasters instead of solving problems. Here's how to get the benefits without the breakdowns.

The Data Migration Trap: Why You Can't Just 'Move and Delete'

Moving from an on-prem server to SharePoint seems simple—until you realize all the interlinked pieces that have to come with it.