Ethical Hacking News
Cisco Systems is under attack once again, with multiple vulnerabilities being exploited by malicious actors. The latest wave of attacks targets the company's Unified Communications Manager and SD-WAN infrastructure, raising concerns about the security of Cisco's network services. With no patch yet available for these vulnerabilities, users are advised to prioritize their network security and take immediate action to address these threats.
Cisco Systems is facing a barrage of vulnerabilities and exploits threatening its network security infrastructure. A server-side request forgery bug (CVE-2026-20230) in Cisco's Unified Communications Manager allows attackers to gain root privileges on compromised devices. Another SD-WAN zero-day (CVE-2026-20245) was exploited, allowing attackers to execute arbitrary commands as root by supplying a crafted file. Attackers gained initial access via an unauthorized peering connection and used the exploit to authenticate directly to the SD-WAN Manager web application interface. Cisco needs to prioritize patching these vulnerabilities immediately to prevent further exploitation.
In recent weeks, Cisco Systems has been facing an unprecedented barrage of vulnerabilities and exploits that threaten its network security infrastructure. The sheer number of attacks highlights the company's position as a prime target for malicious actors seeking to capitalize on unpatched vulnerabilities.
At the forefront of this assault is a server-side request forgery bug in Cisco's Unified Communications Manager, tracked as CVE-2026-20230. According to Defused, a threat intelligence firm that closely monitors vulnerabilities and exploits, miscreants are now exploiting this vulnerability, allowing them to gain root privileges on compromised devices. The company noted that the observed chain of attacks utilizes the WebDialer SSRF (Server-Side Request Forgery) to deploy a rogue Apache Axis service, creating a first-stage JSP file-writer before dropping a second-stage command-execution shell under /platform-services/axis2-web/.
Furthermore, a Mandiant advisory has warned that an earlier SD-WAN zero-day, CVE-2026-20245, was exploited much earlier than initially disclosed. This vulnerability allows an authenticated, local attacker to execute arbitrary commands as root by supplying a crafted file to the vulnerable system. According to Google's Mandiant incident response and consulting business, threat actors targeting SD-WAN infrastructure at a service provider exploited this bug, escalating privileges from a compromised administrative account to root-level access.
This latest exploit of CVE-2026-20245 is particularly concerning as it indicates that attackers have gained initial access via an unauthorized peering connection, abusing the SD-WAN fabric to authenticate between network components and facilitate Secure Shell (SSH) access. They authenticated to the SD-WAN manager device via SSH using the vmanage-admin account on the same victim devices before changing the default password on the admin account, authenticating directly to the SD-WAN Manager web application interface, and exfiltrating SD-WAN fabric configurations.
It is essential to note that neither the vmanage-admin nor the admin accounts on Cisco Catalyst SD-WAN controllers possess root shell access. To gain root access, attackers exploited CVE-2026-20245, which would enable them to deploy malicious code, potentially giving the attacker total visibility across an entire corporation's internet traffic.
This latest onslaught of exploits and vulnerabilities under attack highlights the ongoing struggle between cybersecurity professionals and malicious actors. Cisco has not yet responded to The Register's inquiries regarding these incidents, but it is clear that the company needs to prioritize patching these vulnerabilities immediately to prevent further exploitation.
As with many high-profile security incidents, this attack serves as a stark reminder of the importance of vigilance in the face of evolving threats. Cybersecurity professionals must remain vigilant and proactive in their efforts to protect networks from such exploits, which could potentially have disastrous consequences for businesses and organizations worldwide.
Related Information:
https://www.ethicalhackingnews.com/articles/The-Unrelenting-Assault-on-Cisco-A-Deluge-of-Vulnerabilities-and-Exploits-ehn.shtml
https://www.theregister.com/security/2026/06/24/the-hits-keep-on-coming-for-cisco-vulnerabilities/5261797
Published: Wed Jun 24 17:51:48 2026 by llama3.2 3B Q4_K_M
