Just when network admins thought the Cisco SD-WAN patch queue might finally be shrinking, Switchzilla has confirmed miscreants are exploiting more vulnerabilities in its SD-WAN management software.
The newly abused flaws affect Cisco Catalyst SD-WAN Manager, the platform formerly known as vManage that sits at the center of many organizations’ SD-WAN deployments. One of the bugs, CVE-2026-20122, carries a CVSS score of 7.1 and allows an authenticated remote attacker to overwrite arbitrary files on the local filesystem. The second issue, CVE-2026-20128, is a lower-rated information disclosure flaw with a CVSS score of 5.5.
Read more…
Source: The register News
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- New RCE vulnerability impacts nearly half of the internet’s email servers
June 7, 2019
A critical remote command execution (RCE) security flaw impacts over half of the Internet’s email servers, security researchers from Qualys have revealed today. The vulnerability affects Exim, a mail transfer agent (MTA), which is software that runs on email servers to relay emails from senders to recipients. According to a June 2019 survey of all mail servers ...
- MacOS Zero-Day Allows Trusted Apps to Run Malicious Code
June 3, 2019
A researcher has revealed a zero-day flaw in Apple’s Mojave operating system tied to the way the OS verifies apps. The bug allows attackers to sneak past macOS security measures and run whitelisted apps that have been manipulated to run malicious code. macOS researcher Patrick Wardle revealed the flaw Monday, describing the exploitation of the bug ...
- Gatekeeper Bug in MacOS Mojave Allows Malware to Execute
May 28, 2019
Researcher discloses vulnerability in macOS Gatekeeper security feature that allows the execution of malicious code on current version of the OS. Researcher Filippo Cavallarin disclosed a bug in the macOS security feature Gatekeeper that allows malicious code execution on systems running the most recent version of Mojave (10.14.0). MacOS Gatekeeper is an Apple security feature that enforces ...
- One Million Devices Open to Wormable Microsoft BlueKeep Flaw
May 28, 2019
Researchers have discovered one million devices that are vulnerable to a “wormable” Microsoft flaw, which could open the door to a WannaCry-like cyberattack. One million devices are still vulnerable to BlueKeep, a critical Microsoft bug with “wormable” capabilities, almost two weeks after a patch was released. The flaw (CVE-2019-0708) was fixed during Microsoft’s May Patch Tuesday Security Bulletin earlier this ...
- Intense scanning activity detected for BlueKeep RDP flaw
May 26, 2019
Threat actors have started scanning the internet for Windows systems that are vulnerable to the BlueKeep (CVE-2019-0708) vulnerability. This vulnerability impacts the Remote Desktop Protocol (RDP) service included in older versions of the Windows OS, such as XP, 7, Server 2003, and Server 2008. Microsoft released fixes for this vulnerability on May 14, as part of the ...
- Security researchers discover Linux version of Winnti malware
May 20, 2019
For the first time, security researchers have uncovered and analyzed a Linux variant of Winnti, one of the favorite hacking tools used by Beijing hackers over the past decade. Discovered by security researchers from Chronicle, Alphabet’s cyber-security division, the Linux version of the Winnti malware works as a backdoor on infected hosts, granting attackers access to ...