"CVE-2026-20122 (CVSS score: 7.1) - An arbitrary file overwrite vulnerability that could allow an authenticated, remote attacker to overwrite arbitrary files on the local file system. Successful exploitation requires the attacker to have valid read-only credentials with API access on the affected system."
"CVE-2026-20128 (CVSS score: 5.5) - An information disclosure vulnerability that could allow an authenticated, local attacker to gain Data Collection Agent (DCA) user privileges on an affected system. Successful exploitation requires the attacker to have valid vManage credentials on the affected system."
"In March 2026, the Cisco PSIRT became aware of active exploitation of the vulnerabilities that are described in CVE-2026-20128 and CVE-2026-20122 only. Users are recommended to update to a fixed software release as soon as possible, and take steps to limit access from unsecured networks, secure the appliances behind a firewall."
Cisco disclosed two vulnerabilities in Catalyst SD-WAN Manager under active exploitation. CVE-2026-20122 (CVSS 7.1) permits authenticated remote attackers with read-only API credentials to overwrite arbitrary files. CVE-2026-20128 (CVSS 5.5) allows authenticated local attackers to gain Data Collection Agent privileges. Cisco released patches in March 2026 across multiple software versions, with fixes available in versions 20.9.8.2 through 20.18.2.1. Users must update immediately and implement security measures including firewall protection, disabling HTTP access, and restricting network access to mitigate exploitation risks.
#cisco-catalyst-sd-wan-manager #active-exploitation #vulnerability-disclosure #security-patches #authentication-bypass
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]