Just when network admins thought the Cisco SD-WAN patch queue might finally be shrinking, Switchzilla has confirmed miscreants are exploiting more vulnerabilities in its SD-WAN management software.
The newly abused flaws affect Cisco Catalyst SD-WAN Manager, the platform formerly known as vManage that sits at the center of many organizations’ SD-WAN deployments. One of the bugs, CVE-2026-20122, carries a CVSS score of 7.1 and allows an authenticated remote attacker to overwrite arbitrary files on the local filesystem. The second issue, CVE-2026-20128, is a lower-rated information disclosure flaw with a CVSS score of 5.5.
Read more…
Source: The register News
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Google says nearly $9 million given out in 2021 vulnerability rewards
February 11, 2022
Google announced this week that its Vulnerability Reward Programs doled out $8,700,000 for vulnerability rewards in 2021. Researchers donated $300,000 of their rewards to a charity of their choice, according to a blog from Sarah Jacobus of Google’s Vulnerability Rewards Team. For Android vulnerabilities, payouts doubled compared to 2020, with almost $3 million being rewarded to researchers ...
- Apple patches new zero-day exploited to hack iPhones, iPads, Macs
February 11, 2022
Apple has released security updates to fix a new zero-day vulnerability exploited in the wild by attackers to hack iPhones, iPads, and Macs. The zero-day patched today is tracked as CVE-2022-22620 and is a WebKit Use After Free issue that could lead to OS crashes and code execution on compromised devices. Successful exploitation of this ...
- Microsoft manages a mere 51 security fixes for February update bundle
February 9, 2022
Microsoft for its February Patch Tuesday gave Windows admins just 51 fixes to apply, the smallest number of patches since the meager ration of 44 in August 2021. February tends to be a slow month for repairs because bugs left untended over the winter holidays often get dealt with in January, leaving not all that much ...
- Critical Vulnerabilities Affecting SAP Applications Employing Internet Communication Manager (ICM)
February 8, 2022
On February 8, 2022, SAP released security updates to address vulnerabilities affecting multiple products, including critical vulnerabilities affecting SAP applications using SAP Internet Communication Manager (ICM). SAP applications help organizations manage critical business processes—such as enterprise resource planning, product lifecycle management, customer relationship management, and supply chain management. Impacted organizations could experience: theft of sensitive data, financial ...
- Open-source Kubernetes tool Argo CD has a high-severity path traversal flaw: Patch now
February 4, 2022
A zero-day vulnerability in open-source Kubernetes development tool Argo lets malicious people steal passwords from git-crypt and other sensitive information by simply uploading a crafted Helm chart. Charts are the actual packaging format of ubiquitous tool-for-managing-Kubernetes applications Helm. The vuln, tracked as CVE-2022-24438, exists in Argo CD, a widely used open-source continuous delivery tool for Kubernetes. Patched ...
- Operation EmailThief: Zero-day XSS vulnerability in Zimbra email platform revealed
February 4, 2022
Researchers have uncovered an active campaign exploiting a zero-day vulnerability in the Zimbra email platform. Zimbra is an email platform available under an open source license. According to the developer, the platform supports hundreds of millions of mailboxes located in 140 countries. On February 3, cybersecurity researchers from Volexity, Steven Adair and Thomas Lancaster, said the system ...