Cisco admins face emergency patch duty after Switchzilla disclosed a max-severity make-me-admin bug affecting Catalyst SD-WAN Controller and Manager.
Switchzilla dropped an advisory for CVE-2026-20182 (10.0) on Thursday, saying that both components, formerly known as vSmart and vManage, were vulnerable in all deployment types, and that fixes were available.
The bug allows unauthenticated remote attackers to bypass authentication and gain admin privileges on an affected system.
Read more…
Source: The Register News
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- CISA Releases Four Industrial Control Systems Advisories
September 7, 2023
CISA released four Industrial Control Systems (ICS) advisories on September 7, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-250-01 Dover Fueling Solutions MAGLINK LX Console ICSA-23-250-02 Phoenix Contact TC ROUTER and TC CLOUD CLIENT Read more… Source: U.S. Cybersecurity and Infrastructure Security Agency
- CISA Releases Update to Threat Actors Exploiting Citrix CVE-2023-3519 to Implant Webshells
September 6, 2023
The Cybersecurity and Infrastructure Security Agency (CISA) has released an update to a previously published Cybersecurity Advisory (CSA), Threat Actors Exploiting Citrix CVE-2023-3519 to Implant Webshells. The CSA—originally released to warn network defenders of critical infrastructure organizations about threat actors exploiting CVE-2023-3519, an unauthenticated remote code execution (RCE) vulnerability affecting NetScaler (formerly Citrix) Application Delivery ...
- CISA Releases Two Industrial Control Systems Advisories
September 5, 2023
CISA released two Industrial Control Systems (ICS) advisories on September 5, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-248-01 Fujitsu Limited Real-time Video Transmission Gear IP series Read more… Source: U.S. Cybersecurity and Infrastructure Security Agency
- Rockwell Automation Integer Overflow Vulnerability
September 1, 2023
Rockwell Automation’s ThinManager is designed for managing thin clients, mobile devices, cameras, and industrial devices. Comprising both client and server components, the client facilitates device configuration while the server handles data transfer and client requests. To maintain data consistency across the system, ThinManager servers synchronize using messages sent via port TCP/2031. These messages, based on a ...
- CISA Releases Four Industrial Control Systems Advisories
August 31, 2023
CISA released four Industrial Control Systems (ICS) advisories on August 31, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-243-01 ARDEREG Sistemas SCADA ICSA-23-243-02 GE Digital CIMPLICITY Read more… Source: U.S. Cybersecurity and Infrastructure Security Agency
- Multiple Threats Target Adobe ColdFusion Vulnerabilities
August 30, 2023
This past July, Adobe responded to reports of exploits targeting pre-authentication remote code execution (RCE) vulnerabilities in their ColdFusion solution by releasing a series of security updates: APSB23-40, APSB23-41, and APSB23-47. An in-depth analysis of those exploits has been documented by Project Discovery, including a significant vulnerability in the WDDX deserialization process within Adobe ColdFusion ...