WHAT ARE YOU LOOKING FOR?

Popular Tags

Raleigh, NC

32°F
Overcast Clouds Humidity: 67%
Wind: 4.04 M/S

Cisco Reports Active Exploitation of Two Vulnerabilities in Catalyst SD‑WAN Manager

Security Hits: 106
Cisco Reports Active Exploitation of Two Vulnerabilities in Catalyst SD‑WAN Manager

Cisco has revealed that two additional vulnerabilities in its Catalyst SD‑WAN Manager platform (formerly known as SD‑WAN vManage) are now being actively exploited in real‑world attacks. 

The flaws currently under active exploitation are:

  • CVE‑2026‑20122 (CVSS 7.1): An arbitrary file‑overwrite issue that allows a remote, authenticated attacker with read‑only API credentials to overwrite files on the system’s local filesystem.
  • CVE‑2026‑20128 (CVSS 5.5): An information‑disclosure vulnerability enabling an authenticated local user with valid vManage credentials to obtain Data Collection Agent (DCA) privileges. 

Cisco previously issued patches late last month to address these two vulnerabilities, along with CVE‑2026‑20126, CVE‑2026‑20129, and CVE‑2026‑20133. The fixes are available in the following versions:

  • Before 20.9.1: Migrate to a fixed release
  • 20.9: Fixed in 20.9.8.2
  • 20.11: Fixed in 20.12.6.1
  • 20.12: Fixed in 20.12.5.3 and 20.12.6.1
  • 20.13 / 20.14 / 20.15: Fixed in 20.15.4.2
  • 20.16 / 20.18: Fixed in 20.18.2.1 

According to Cisco, its Product Security Incident Response Team (PSIRT) first detected active exploitation of CVE‑2026‑20128 and CVE‑2026‑20122 in March 2026. The company declined to comment on the scale of the attacks or the identities of the threat actors involved. 

Given the active exploitation, Cisco advises all customers to update to a fixed software release immediately. Additional recommendations include:

  • Restricting access from untrusted networks
  • Placing the SD‑WAN Manager behind a firewall
  • Disabling HTTP access to the web‑based admin portal
  • Turning off unnecessary services such as HTTP and FTP
  • Changing default admin passwords
  • Monitoring logs for unexpected inbound or outbound traffic 

This disclosure follows a recent warning from Cisco about a separate critical vulnerability CVE‑2026‑20127 (CVSS 10.0) affecting both Catalyst SD‑WAN Controller and Catalyst SD‑WAN Manager. That flaw has been exploited by a highly advanced threat actor known as UAT‑8616 to gain persistence within high‑value networks. 

In addition, Cisco has released patches this week for two maximum‑severity vulnerabilities in Secure Firewall Management Center CVE‑2026‑20079 and CVE‑2026‑20131—that could let unauthenticated remote attackers bypass authentication and execute arbitrary Java code as root.

Found this article interesting? Follow us on X(Twitter) ,Threads and FaceBook to read more exclusive content we post. 

Image
Back To Top

Cybersecurity Insight delivers timely updates on global cybersecurity developments, including recent system breaches, cyber-attacks, advancements in artificial intelligence (AI), and emerging technology innovations. Our goal is to keep viewers well-informed about the latest trends in technology and system security, and how these changes impact our lives and the broader ecosystem

Please fill the required field.