Ethical Hacking News
Cisco has identified two new security flaws in its Catalyst SD-WAN Manager software that have been actively exploited by remote attackers. Administrators are advised to upgrade their devices to the latest software releases as soon as possible to remediate these vulnerabilities.
Cisco has identified two new security flaws in its Catalyst SD-WAN Manager product: CVE-2026-20122 (arbitrary file overwrite) and CVE-2026-20128 (information disclosure). The vulnerabilities can be exploited by remote attackers with valid credentials, highlighting the need for immediate action to patch the vulnerabilities. A critical authentication bypass vulnerability (CVE-2026-20127) has been exploited in zero-day attacks since 2023, allowing sophisticated threat actors to compromise controllers and add malicious peers. Cisco has released security updates to patch two maximum-severity vulnerabilities in its Secure Firewall Management Center (FMC) software: CVE-2026-20079 (authentication bypass) and CVE-2026-20131 (remote code execution).
Cisco, a leading provider of network management software, has recently flagged two additional security flaws in its Catalyst SD-WAN Manager (formerly vManage) product. The newly identified vulnerabilities, CVE-2026-20122 and CVE-2026-20128, have been actively exploited by remote attackers, highlighting the need for administrators to upgrade their devices to a fixed software release to remediate these vulnerabilities.
The high-severity arbitrary file overwrite vulnerability (CVE-2026-20122) can only be exploited by remote attackers with valid read-only credentials and API access. This flaw allows attackers to manipulate system files and potentially gain unauthorized access to the device. On the other hand, the medium-severity information disclosure flaw (CVE-2026-20128) requires local attackers to have valid vmanage credentials on the targeted systems.
Cisco has emphasized that these vulnerabilities affect Catalyst SD-WAN Manager software, regardless of device configuration. This means that all devices using this management software are at risk, and immediate action is required to patch the vulnerabilities.
In a related development, Cisco has also disclosed that a critical authentication bypass vulnerability (CVE-2026-20127) has been exploited in zero-day attacks since 2023. This flaw enables highly sophisticated threat actors to compromise controllers and add malicious rogue peers to targeted networks. The rogue peers allow attackers to insert legitimate-looking malicious devices into the network, allowing them to move deeper into compromised systems.
This new information comes on the heels of a joint advisory by U.S. and U.K. authorities warning of exploitation activity related to this vulnerability. As a result, CISA (Cybersecurity and Infrastructure Security Agency) has issued Emergency Directive 26-03 requiring federal agencies to inventory Cisco SD-WAN systems, collect forensic artifacts, ensure external log storage, apply updates, and investigate potential compromises tied to attacks targeting CVE-2026-20127 and an older flaw tracked as CVE-2022-20775.
Furthermore, in a separate development, Cisco has released security updates to patch two maximum-severity vulnerabilities in its Secure Firewall Management Center (FMC) software. The first vulnerability is an authentication bypass flaw (tracked as CVE-2026-20079), which can be exploited remotely by unauthenticated attackers to gain root access to the underlying operating system and execute arbitrary Java code as root on unpatched devices. The second vulnerability is a remote code execution (RCE) vulnerability (CVE-2026-20131), which allows attackers to execute arbitrary Java code as root on unpatched devices.
The recent security issues highlighted in this article are just the latest in a series of vulnerabilities affecting Cisco's SD-WAN products. In 2023, it was reported that a critical authentication bypass vulnerability had been exploited in zero-day attacks, allowing threat actors to compromise controllers and add malicious rogue peers to targeted networks.
In response to these ongoing security issues, administrators are advised to prioritize upgrading their devices to the latest software releases as soon as possible. Furthermore, organizations should implement robust security measures, including regular vulnerability assessments, patch management, and employee training on cybersecurity best practices.
The recent security vulnerabilities highlighted in this article serve as a stark reminder of the importance of proactive cybersecurity measures. As the threat landscape continues to evolve, it is essential for organizations to stay vigilant and take immediate action to protect their networks from potential threats.
Related Information:
https://www.ethicalhackingnews.com/articles/Ciscos-SD-WAN-Troubles-Two-New-Flaws-Identified-as-Actively-Exploited-ehn.shtml
Published: Thu Mar 5 05:03:41 2026 by llama3.2 3B Q4_K_M
