"The most severe flaw is CVE-2026-20129, an authentication bypass with a CVSS score of 9.8. An unauthenticated remote attacker can send a crafted API request to gain access with netadmin role privileges, no valid credentials required. Versions 20.18 and later are not affected by this particular CVE."
"This month, Cisco PSIRT confirmed active exploitation of two of the five flaws. These are CVE-2026-20128 and CVE-2026-20122. The other three CVEs in this advisory have not been observed in active campaigns. All five were discovered during internal security testing by Arthur Vidineyev of Cisco's Advanced Security Initiatives Group."
"The flaws range in severity from medium to critical, collectively allowing attackers to bypass authentication, escalate privileges to root, access sensitive information, and overwrite arbitrary files. All versions are affected regardless of device configuration."
Cisco disclosed five vulnerabilities in Catalyst SD-WAN Manager affecting all versions regardless of configuration. Two vulnerabilities are actively exploited in the wild: CVE-2026-20128 and CVE-2026-20122. The most critical flaw, CVE-2026-20129 with CVSS 9.8, allows unauthenticated remote attackers to bypass authentication and gain netadmin role privileges through crafted API requests. Additional vulnerabilities enable privilege escalation to root, unauthorized file access, arbitrary file overwriting, and credential exposure. All flaws were discovered during internal security testing. Cisco strongly urges immediate upgrade to fixed software releases, as no workarounds exist beyond patching.
#cisco-catalyst-sd-wan-manager #authentication-bypass #active-exploitation #privilege-escalation #security-vulnerabilities
Read at Techzine Global
Unable to calculate read time
Collection
[
|
...
]