Ethical Hacking News
Cisco's Catalyst SD-WAN Manager has been hit by three newly discovered vulnerabilities, leaving federal agencies with just four days to patch these security holes before they can be exploited by malicious actors. The US Cybersecurity and Infrastructure Security Agency (CISA) has added all three vulnerabilities to its Known Exploited Vulnerabilities Catalog, underscoring the urgent need for swift action to address these security holes.
Three newly discovered vulnerabilities were found in Cisco's Catalyst SD-WAN Manager platform. The US Cybersecurity and Infrastructure Security Agency (CISA) has added these vulnerabilities to its Known Exploited Vulnerabilities Catalog, indicating they are actively being exploited. The first vulnerability allows remote attackers to access sensitive information without authentication or permission. The second vulnerability enables the viewing of sensitive information without authentication or authorization requirements. The third vulnerability can allow an attacker to upload malicious files and gain elevated access to the system. Federal agencies are urged to patch these vulnerabilities before it's too late, as the consequences of inaction could be severe.
The cybersecurity landscape is constantly evolving, and recent developments highlight the need for vigilance and proactive measures to protect against emerging threats. A growing concern has emerged in the form of three newly discovered vulnerabilities in Cisco's Catalyst SD-WAN Manager platform, which has left federal agencies scrambling to patch these security holes before it's too late.
In a move that underscores the urgency of this situation, the US Cybersecurity and Infrastructure Security Agency (CISA) has added all three vulnerabilities – CVE-2026-20128, CVE-2026-20133, and CVE-2026-20122 – to its Known Exploited Vulnerabilities Catalog. This designation indicates that these specific exploits are being actively exploited in the wild, posing a significant risk to affected systems.
The first vulnerability, CVE-2026-20128, is an information disclosure bug that allows unauthenticated, remote attackers to gain access to sensitive information on affected systems through the data collection agent (DCA) feature of Cisco Catalyst SD-WAN Manager. This means that an attacker with sufficient privileges can potentially extract confidential data from the system without being authenticated or having explicit permission.
The second vulnerability, CVE-2026-20133, is another information disclosure bug that enables unauthenticated remote attackers to view sensitive information on affected systems. This exploit takes advantage of a similar flaw in the DCA feature, allowing an attacker to access and reveal confidential data without any authentication or authorization requirements.
The third vulnerability, CVE-2026-20122, is an arbitrary file overwrite bug that could allow an authenticated remote attacker with valid read-only API credentials to upload malicious files, overwrite arbitrary local files, and gain vManage user privileges. This exploit has the potential to grant an attacker elevated access to the system, allowing them to manipulate or destroy sensitive data.
The alarming nature of these vulnerabilities is underscored by the fact that Cisco patched all three CVEs in late February but warned of attackers abusing two of the three in March 2026. Moreover, at least two other Cisco SD-WAN CVEs are already listed on CISA's Known Exploited Vulnerabilities Catalog, highlighting the growing concern surrounding this specific software.
The deadline for federal agencies to patch these vulnerabilities is Thursday, underscoring the urgent need for swift action to address these security holes before they can be exploited by malicious actors. The consequences of inaction could be severe, including potential data breaches, intellectual property theft, or even physical harm to individuals and organizations.
In light of this growing concern, it is essential that federal agencies prioritize patching these vulnerabilities as soon as possible to minimize the risk of exploitation. This proactive measure will not only protect against emerging threats but also demonstrate a commitment to cybersecurity best practices.
As the threat landscape continues to evolve, it is crucial for organizations to remain vigilant and proactive in addressing emerging security vulnerabilities. The recent discoveries of these three Cisco SD-WAN vulnerabilities serve as a stark reminder that no system is immune to exploitation, and swift action is required to stay ahead of the threats.
In conclusion, the situation surrounding the newly discovered vulnerabilities in Cisco's Catalyst SD-WAN Manager platform underscores the need for federal agencies to prioritize patching these security holes before it's too late. The consequences of inaction could be severe, highlighting the importance of proactive measures to protect against emerging threats.
Related Information:
https://www.ethicalhackingnews.com/articles/Cisco-SD-WAN-Vulnerabilities-Under-Attack-A-Growing-Concern-for-Federal-Agencies-ehn.shtml
https://go.theregister.com/feed/www.theregister.com/2026/04/21/cisco_sdwan_bugs_kev/
https://www.theregister.com/2026/04/21/cisco_sdwan_bugs_kev/
https://www.bleepingcomputer.com/news/security/cisa-flags-new-sd-wan-flaw-as-actively-exploited-in-attacks/
https://nvd.nist.gov/vuln/detail/CVE-2026-20128
https://www.cvedetails.com/cve/CVE-2026-20128/
https://nvd.nist.gov/vuln/detail/CVE-2026-20133
https://www.cvedetails.com/cve/CVE-2026-20133/
https://nvd.nist.gov/vuln/detail/CVE-2026-20122
https://www.cvedetails.com/cve/CVE-2026-20122/
Published: Tue Apr 21 14:27:43 2026 by llama3.2 3B Q4_K_M
