Cisco admins face emergency patch duty after Switchzilla disclosed a max-severity make-me-admin bug affecting Catalyst SD-WAN Controller and Manager.
Switchzilla dropped an advisory for CVE-2026-20182 (10.0) on Thursday, saying that both components, formerly known as vSmart and vManage, were vulnerable in all deployment types, and that fixes were available.
The bug allows unauthenticated remote attackers to bypass authentication and gain admin privileges on an affected system.
Read more…
Source: The Register News
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Preventing Zero-Click AI Threats: Insights from EchoLeak
July 15, 2025
EchoLeak (CVE-2025-32711) is a newly identified vulnerability in Microsoft 365 Copilot, made more nefarious by its zero-click nature, meaning it requires no user interaction to succeed. It demonstrates how helpful systems can open the door to entirely new forms of attack— no malware, no phishing required—just the unquestioning obedience of an AI agent. This new threat ...
- A major security flaw in top eSIM system could put billions of devices at risk
July 14, 2025
Security researchers have discovered a vulnerability in eSIM technology used in virtually all smartphones and many other internet-connected, smart devices. In theory, the flaw could have been abused to intercept or manipulate communications, extract sensitive data, inject malicious applets, and more. There are more than two billion eSIM-enabled devices that could be potentially impacted by this ...
- Bluetooth security flaws could affect thousands of Mercedes, Volkswagen, Skoda cars
July 11, 2025
Security researchers have discovered four vulnerabilities in the BlueSDK Bluetooth stack which could be chained together for remote code execution (RCE) attacks. This stack is used by multiple vendors across different industries – including car manufacturing giants Mercedes, Volkswagen, and Skoda (and possibly others). In theory, a threat actor could abuse these flaws to connect to ...
- CISA warns hackers are actively exploiting critical ‘Citrix Bleed 2’ security flaw
July 11, 2025
U.S. cybersecurity agency CISA says hackers are actively exploiting a critical-rated security flaw in a widely used Citrix product, and has given other federal government departments just one day to patch their systems. Security researchers have dubbed the bug “Citrix Bleed 2” for its similarity to a 2023 security flaw in Citrix NetScaler, a networking product ...
- NFC fraud threatens Philippines digital payments security
July 8, 2025
As contactless payments and digital wallets grow quickly in the Philippines, cyber-criminals are now targeting the country by abusing Near Field Communication (NFC) technologies. Resecurity, a global leader in cyber threat intelligence, issued a stark warning, urging Philippine regulators and financial institutions to heighten their defenses amid an alarming increase in NFC-enabled fraud, particularly from ...
- Several major Linux distros hit by serious Sudo security flaws
July 7, 2025
Two vulnerabilities were recently spotted in various Linux distributions which, when chained together, allow local attackers to escalate their privileges and thus run arbitrary files. The vulnerabilities are tracked as CVE-2025-32462 (severity score 2.8/10 – low severity), and CVE-2025-32463 (severity score 9.3/10 critical), and were found in the Sudo command-line utility for Linux and other Unix-like ...