Just when network admins thought the Cisco SD-WAN patch queue might finally be shrinking, Switchzilla has confirmed miscreants are exploiting more vulnerabilities in its SD-WAN management software.
The newly abused flaws affect Cisco Catalyst SD-WAN Manager, the platform formerly known as vManage that sits at the center of many organizations’ SD-WAN deployments. One of the bugs, CVE-2026-20122, carries a CVSS score of 7.1 and allows an authenticated remote attacker to overwrite arbitrary files on the local filesystem. The second issue, CVE-2026-20128, is a lower-rated information disclosure flaw with a CVSS score of 5.5.
Read more…
Source: The register News
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Critical Vulnerability in Fortra FileCatalyst Workflow
June 27, 2024
Fortra has released a security update addressing a critical vulnerability found in FileCatalyst Workflow. FileCatalyst is an accelerated file transfer software solution that allows the transfer of large files over remote networks. CVE-2024-5276 is an SQL Injection vulnerability with a CVSSv3 score of 9.8 (critical), which if exploited could allow an unauthenticated attacker to modify or ...
- MerkSpy: Exploiting CVE-2021-40444 to Infiltrate Systems
June 27, 2024
Spyware is malicious software engineered to covertly monitor and gather information from a user’s computer without their awareness or consent. It can record activities like keystrokes, browsing behavior, and personal information, often transmitting this data to a third party for espionage or theft. FortiGuard Labs recently detected an attack exploiting the CVE-2021-40444 vulnerability in Microsoft Office. ...
- Critical Vulnerability in Fortra FileCatalyst Workflow
June 27, 2024
Fortra has released a security update addressing a critical vulnerability found in FileCatalyst Workflow. FileCatalyst is an accelerated file transfer software solution that allows the transfer of large files over remote networks. CVE-2024-5276 is an SQL Injection vulnerability with a CVSSv3 score of 9.8 (critical), which if exploited could allow an unauthenticated attacker to modify or ...
- Progress Software Releases Critical Security Updates for MOVEit Transfer and MOVEit Gateway
June 26, 2024
Progress (formerly Ipswitch) has released a security update for two critical vulnerabilities found in the SFTP module of the MOVEit Transfer (CVE-2024-5806) and MOVEit Gateway (CVE-2024-5805) applications. MOVEit is a managed secure file transfer tool. The improper authentication vulnerability known as CVE-2024-5806 has a CVSSv3 score of 9.1 and can lead to authentication bypass in MOVEit ...
- London Hospitals Knew of Cyber Vulnerabilities Years Before Hack
June 14, 2024
A group of London hospitals struggling to contain the fallout from a cyberattack against a critical supplier had known for years about weaknesses that left them vulnerable to hacks, according to documents reviewed by Bloomberg News. The Guy’s and St Thomas’ NHS Foundation Trust, which runs five major hospitals in the London area, has failed to ...
- Cinterion EHS5 3G UMTS/HSPA Module Research
June 13, 2024
Modems play an important role in enabling connectivity for a wide range of devices. This includes not only traditional mobile devices and household appliances, but also telecommunication systems in vehicles, ATMs and Automated Process Control Systems (APCS). When integrating the modem, many product developers do not think of protecting their device from a potential modem compromise. ...