Just when network admins thought the Cisco SD-WAN patch queue might finally be shrinking, Switchzilla has confirmed miscreants are exploiting more vulnerabilities in its SD-WAN management software.
The newly abused flaws affect Cisco Catalyst SD-WAN Manager, the platform formerly known as vManage that sits at the center of many organizations’ SD-WAN deployments. One of the bugs, CVE-2026-20122, carries a CVSS score of 7.1 and allows an authenticated remote attacker to overwrite arbitrary files on the local filesystem. The second issue, CVE-2026-20128, is a lower-rated information disclosure flaw with a CVSS score of 5.5.
Read more…
Source: The register News
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- “Dirty stream” attack: Discovering and mitigating a common vulnerability pattern in Android apps
May 1, 2024
Microsoft discovered a path traversal-affiliated vulnerability pattern in multiple popular Android applications that could enable a malicious application to overwrite files in the vulnerable application’s home directory. The implications of this vulnerability pattern include arbitrary code execution and token theft, depending on an application’s implementation. Arbitrary code execution can provide a threat actor with full control ...
- New “Goldoon” Botnet Targeting D-Link Devices
May 1, 2024
In April, FortiGuard Labs observed a new botnet targeting a D-Link vulnerability from nearly a decade ago, CVE-2015-2051. This vulnerability allows remote attackers to execute arbitrary commands via a GetDeviceSettings action on the HNAP interface. As a result, an attacker can create a crafted HTTP request with a malicious command embedded in the header. Fortinet IPS ...
- Cybersecurity researchers spotlight a new ransomware threat – be careful where you upload files
April 26, 2024
Today’s browsers are almost operating systems unto themselves. They can run software programs and encrypt files. These capabilities, combined with the browser’s access to the host computer’s files – including ones in the cloud, shared folders and external drives – via the File System Access API creates a new opportunity for ransomware. Imagine you want to ...
- Governments issue alerts after ‘sophisticated’ state-backed actor found exploiting flaws in Cisco security boxes
April 25, 2024
A previously unknown and “sophisticated” nation-state group compromised Cisco firewalls as early as November 2023 for espionage purposes — and possibly attacked network devices made by other vendors including Microsoft, according to warnings from the networking giant and three Western governments. A Cisco spokesperson declined to comment on which country the snooping crew – tracked as ...
- Almost every Chinese keyboard app has a security flaw that reveals what users type
April 24, 2024
Almost all keyboard apps used by Chinese people around the world share a security loophole that makes it possible to spy on what users are typing. The vulnerability, which allows the keystroke data that these apps send to the cloud to be intercepted, has existed for years and could have been exploited by cybercriminals and state ...
- Operation MidnightEclipse, Post-Exploitation Activity Related to CVE-2024-3400
April 22, 2024
This threat brief is frequently updated as new threat intelligence is available for us to share. The full update log is at the end of this post and offers the fullest account of all changes made. Updated April 19 to include information on observed levels of attempted exploitation and relative prevalence of those levels, with unsuccessful ...