Cisco warns of several security holes in its Catalyst SD-WAN Manager, noting hackers have begun using at least one in live operations. Updates exist – applying them quickly reduces risk exposure. Exploitation is underway; delayed patching increases danger. Systems remain vulnerable until fixes take effect. Each unpatched flaw offers attackers a potential entry point. Action now limits future compromise chances.
Catalyst SD-WAN Manager – once called vManage – serves organizations that need oversight of extensive networks, letting them manage many devices from one location. Because it plays a key part in keeping connections running, flaws within the system can lead to serious problems when updates are delayed.
Cisco reports active exploitation of two flaws, labeled CVE-2026-20122 and CVE-2026-20128.
While one poses a higher risk by letting those with basic API access overwrite critical files, the other leaks confidential information when insiders already have login rights. Though differing in impact level, both demand attention due to ongoing attacks. Access restrictions alone do not fully block either pathway. One alters content without permission; the other quietly reveals what should remain hidden.
Regardless of how devices are set up, Cisco confirmed the flaws affect the software across the board – leaving any system without updates at risk. Though there is no current evidence of exploitation for the additional bugs listed, moving to protected releases remains advised simply because it limits exposure.
Despite earlier assurances, Cisco now admits CVE-2026-20127 has seen active exploitation beginning in 2023. Though complex, the flaw makes it possible for experienced hackers to skip authentication steps on network controllers. Unauthorized entry leads to insertion of untrusted devices within protected systems.
What was once theoretical is now observed in real attacks.
Appearing trustworthy at first glance, these unauthorized devices let intruders spread across systems, gain higher access levels, while staying hidden for long periods. Growing complexity and frequency now worry security experts worldwide.
Authorities including the Cybersecurity and Infrastructure Security Agency (CISA) have responded by issuing directives requiring organizations, particularly federal agencies, to identify affected systems, collect forensic data, apply patches, and investigate potential compromises linked to these vulnerabilities.
One step further, Cisco revealed two additional high-risk weaknesses in its Secure Firewall Management Center. Labeled CVE-2026-20079 along with CVE-2026-20131, they involve a flaw allowing login circumvention and another enabling remote command execution. When triggered, hackers might reach root privileges on compromised devices while running harmful scripts from afar – no credentials needed.
Though rare, such access opens deep control paths across networks.
When flaws carry serious risks, acting fast matters most. Those running Cisco’s network control systems should update quickly – while checking logs closely. Exploits already in motion mean delays increase exposure. Watching traffic patterns might reveal breaches hidden before now.
Facing ever-changing digital dangers, events such as these underline why staying ahead of weaknesses matters – especially when reacting quickly to warnings. A slow reaction can widen risk, while early action reduces harm before it spreads.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article:
Like this:
Like Loading...
Related
