Cisco has disclosed that two extra vulnerabilities affecting Catalyst SD-WAN Supervisor (previously SD-WAN vManage) have come below lively exploitation within the wild.
The vulnerabilities in query are listed beneath –
- CVE-2026-20122 (CVSS rating: 7.1) – An arbitrary file overwrite vulnerability that would permit an authenticated, distant attacker to overwrite arbitrary information on the native file system. Profitable exploitation requires the attacker to have legitimate read-only credentials with API entry on the affected system.
- CVE-2026-20128 (CVSS rating: 5.5) – An info disclosure vulnerability that would permit an authenticated, native attacker to achieve Knowledge Assortment Agent (DCA) consumer privileges on an affected system. Profitable exploitation requires the attacker to have legitimate vManage credentials on the affected system.
Patches for the safety defects, together with CVE-2026-20126, CVE-2026-20129, and CVE-2026-20133, had been launched by Cisco late final month within the following variations –
- Sooner than Model 20.91 – Migrate to a hard and fast launch.
- Model 20.9 – Fastened in 20.9.8.2
- Model 20.11 – Fastened in 20.12.6.1
- Model 20.12 – Fastened in 20.12.5.3 and 20.12.6.1
- Model 20.13 – Fastened in 20.15.4.2
- Model 20.14 – Fastened in 20.15.4.2
- Model 20.15 – Fastened in 20.15.4.2
- Model 20.16 – Fastened in 20.18.2.1
- Model 20.18 – Fastened in 20.18.2.1
“In March 2026, the Cisco PSIRT grew to become conscious of lively exploitation of the vulnerabilities which are described in CVE-2026-20128 and CVE-2026-20122 solely,” the networking tools main stated. The corporate didn’t elaborate on the size of the exercise and who could also be behind it.
In gentle of lively exploitation, customers are beneficial to replace to a hard and fast software program launch as quickly as doable, and take steps to restrict entry from unsecured networks, safe the home equipment behind a firewall, disable HTTP for the Catalyst SD-WAN Supervisor net UI administrator portal, flip off community providers like HTTP and FTP if not required, change the default administrator password, and monitor log site visitors for any sudden site visitors to and from methods.
The disclosure comes per week after the corporate stated a important safety flaw in Cisco Catalyst SD-WAN Controller and Catalyst SD-WAN Supervisor (CVE-2026-20127, CVSS rating: 10.0) has been exploited by a extremely refined cyber menace actor tracked as UAT-8616 to determine persistent footholds into high-value organizations.
This week, Cisco additionally launched updates to deal with two maximum-severity safety vulnerabilities in Safe Firewall Administration Middle (CVE-2026-20079 and CVE-2026-20131, CVSS scores: 10.0) that would permit an unauthenticated, distant attacker to bypass authentication and execute arbitrary Java code as root on an affected machine.
Elevate your perspective with NextTech Information, the place innovation meets perception.
Uncover the most recent breakthroughs, get unique updates, and join with a worldwide community of future-focused thinkers.
Unlock tomorrow’s traits right this moment: learn extra, subscribe to our e-newsletter, and change into a part of the NextTech group at NextTech-news.com
