Cisco has announced that two vulnerabilities in its Catalyst SD-WAN Manager are currently being exploited in the wild. These vulnerabilities, identified as CVE-2026-20122 and CVE-2026-20128, pose significant security risks if left unaddressed.
Details of the Vulnerabilities
The first vulnerability, CVE-2026-20122, carries a CVSS score of 7.1 and involves an arbitrary file overwrite issue. This could potentially enable a remote attacker with valid read-only credentials to overwrite files on the local system. The second vulnerability, CVE-2026-20128, which has a CVSS score of 5.5, could allow an authenticated local attacker to acquire Data Collection Agent user privileges. Both vulnerabilities require the attacker to have specific credentials to exploit successfully.
Patch Releases and Recommendations
To counteract these security threats, Cisco has released patches for the affected software versions. Users are urged to migrate to secure versions as follows: Version 20.9 to 20.9.8.2, Version 20.11 to 20.12.6.1, Version 20.12 to both 20.12.5.3 and 20.12.6.1, and versions 20.13, 20.14, and 20.15 to 20.15.4.2. Meanwhile, versions 20.16 and 20.18 should be updated to 20.18.2.1.
Cisco advises users to apply these patches promptly. Additional security measures include restricting access from unsecured networks, placing appliances behind a firewall, disabling unnecessary network services, and changing default passwords. Continuous monitoring of network logs for unusual activity is also recommended.
Ongoing Security Challenges
This announcement follows a recent disclosure by Cisco regarding a critical flaw in both the Catalyst SD-WAN Controller and Manager, which received a maximum CVSS score of 10.0. This flaw was exploited by a sophisticated cyber adversary, UAT-8616, to infiltrate high-value organizations. Further, Cisco has addressed severe vulnerabilities in its Secure Firewall Management Center, which could allow attackers to bypass authentication.
The escalation in exploitation activities highlights the importance of maintaining updated security systems and being vigilant against potential threats. As cyber threats become increasingly sophisticated, organizations are encouraged to adopt comprehensive security strategies to safeguard their digital infrastructure.
