Cisco admins face emergency patch duty after Switchzilla disclosed a max-severity make-me-admin bug affecting Catalyst SD-WAN Controller and Manager.
Switchzilla dropped an advisory for CVE-2026-20182 (10.0) on Thursday, saying that both components, formerly known as vSmart and vManage, were vulnerable in all deployment types, and that fixes were available.
The bug allows unauthenticated remote attackers to bypass authentication and gain admin privileges on an affected system.
Read more…
Source: The Register News
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Google warns Gmail users to change passwords after data breach
September 3, 2025
Google is warning about 2.5 billion Gmail users to change their passwords or install a passkey following a data breach that has led to a surge in “phishing” email attacks. The data breach that prompted the warning reportedly happened at a Salesforce database that Google uses internally. The compromised information included basic business contact information such ...
- Model Namespace Reuse: An AI Supply-Chain Attack Exploiting Model Name Trust
September 3, 2025
Palo Alto Unit 42 research uncovered a fundamental flaw in the AI supply chain that allows attackers to gain Remote Code Execution (RCE) and additional capabilities on major platforms like Microsoft’s Azure AI Foundry, Google’s Vertex AI and thousands of open-source projects. We refer to this issue as Model Namespace Reuse. Hugging Face is a platform ...
- Hackers are now hiding malware in the images served up by LLMs
August 31, 2025
As AI tools become more integrated into daily work, the security risks attached to them are also evolving in new directions. Researchers at Trail of Bits have demonstrated a method where malicious prompts are hidden inside images and then revealed during processing by large language models. The technique takes advantage of how AI platforms downscale images ...
- WhatsApp fixes ‘zero-click’ bug used to hack Apple users with spyware
August 29, 2025
WhatsApp said on Friday that it fixed a security bug in its iOS and Mac apps that was being used to stealthily hack into the Apple devices of “specific targeted users.” The Meta-owned messaging app giant said in its security advisory that it fixed the vulnerability, known officially as CVE-2025-55177, which was used alongside a separate ...
- How attackers adapt to built-in macOS protection
August 29, 2025
If a system is popular with users, you can bet it’s just as popular with cybercriminals. Although Windows still dominates, second place belongs to macOS. And this makes it a viable target for attackers. With various built-in protection mechanisms, macOS generally provides a pretty much end-to-end security for the end user. This post looks at how ...
- A critical Docker Desktop security flaw puts Windows hosts at risk of attack – patch now
August 26, 2025
Docker has patched a critical severity vulnerability in its Desktop app for Windows and macOS which could have allowed threat actors to fully take over vulnerable hosts, exfiltrate sensitive data, and more. The vulnerability is described as a server-side request forgery (SSRF) and, according to the NVD, it “allows local running Linux containers to access the ...