FILTERING BY: CLEAR FILTER

CISA KEV Update: Active Exploitation of Google Chrome, Arista EOS, and Cisco Systems

CISA has updated its Known Exploited Vulnerabilities (KEV) catalog to include critical flaws in Google Chrome, Arista EOS, and Cisco Systems, transitioning these vulnerabilities from theoretical risks to confirmed active exploitations. The Chrome vulnerabilities involve sandbox escapes—addressed in the Stable Channel 149 update—allowing attackers to gain host-level execution from the browser process. Simultaneously, critical flaws in Arista EOS and Cisco networking hardware provide vectors for network-wide interception, disruption, and lateral movement. Immediate remediation via vendor patches is mandatory for federal agencies and critical for enterprise environments to mitigate the risk of perimeter breach and internal escalation.

Cisco Unified Communications Manager: Critical SSRF-to-RCE Chain CVE-2026-20230

CVE-2026-20230 is a critical vulnerability in Cisco Unified Communications Manager (Unified CM) and Session Management Edition (SME) that enables unauthenticated remote attackers to achieve root-level system compromise. The attack chain exploits improper input validation in the WebDialer service to trigger a Server-Side Request Forgery (SSRF). By leveraging the file:// URI scheme, attackers can perform arbitrary file writes to the underlying operating system, allowing for the deployment of a rogue Apache Axis service and subsequent webshell installation. Active exploitation involving automated sweeps and Tor-based activity has been observed since late June 2026. Immediate patching to versions 14SU6 or 15SU5 is required, or the WebDialer service must be disabled.

Cisco Catalyst SD-WAN: Critical Privilege Escalation via CVE-2026-20245

A zero-day vulnerability, identified as CVE-2026-20245, has been exploited in the wild to achieve local privilege escalation (LPE) and arbitrary command execution on Cisco Catalyst SD-WAN Manager and SD-WAN appliances. Rated with a CVSS score of 7.8, the vulnerability requires authenticated local access to trigger the escalation to root-level privileges. Investigations by Mandiant indicate an active exploitation window of at least 60 days prior to disclosure, primarily targeting Communications Service Providers (CSPs). Successful exploitation grants attackers full control over the management plane, facilitating deep network visibility, traffic interception, and long-term persistence within critical telecommunications infrastructure.

Cisco Catalyst SD-WAN Manager Path Traversal Vulnerability CVE-2026-20262

CVE-2026-20262 is a path traversal vulnerability in the Web UI of Cisco Catalyst SD-WAN Manager that allows authenticated remote attackers to create or overwrite arbitrary files on the underlying Linux operating system. By utilizing directory traversal sequences (e.g., ../) in HTTP requests, attackers can achieve root privilege escalation, enabling full control over the SD-WAN orchestration layer. This vulnerability is currently weaponized and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog. Successful exploitation facilitates network-wide compromise, traffic redirection, and persistent backdoor installation via the modification of system binaries or startup scripts.

Cisco Catalyst SD-WAN Authentication Bypass Zero-Day

A critical authentication bypass vulnerability, tracked as CVE-2026-20182, has been identified in the peering authentication mechanism of the Cisco Catalyst SD-WAN Controller (formerly vSmart) and Catalyst SD-WAN Manager. Exploited in the wild by the sophisticated threat actor UAT-8616, this flaw allows unauthenticated attackers to bypass security checks, facilitating unauthorized access to the SD-WAN infrastructure. The vulnerability carries a CVSS score of 10.0, posing a maximum risk of full control plane compromise, which could enable large-scale network traffic interception or redirection. Organizations are urged to apply official Cisco patches immediately to prevent targeted exploitation and potential network-wide lateral movement or data exfiltration.

Perimeter Collapse: The Erosion of Trust in Edge Gateway Architectures

The traditional "castle-and-moat" security model is undergoing a systemic collapse as edge gateways transition from defensive bastions to high-value primary targets. As recurring critical vulnerabilities in VPN and edge appliances expose the inherent fragility of network-centric trust, organizations must pivot toward identity-based Zero Trust Architectures to mitigate this growing architectural erosion.

Critical Root Privilege Escalation in Cisco Unified Communications Manager CVE-2026-20230

A critical Server-Side Request Forgery (SSRF) vulnerability, identified as CVE-2026-20230, exists in Cisco Unified Communications Manager (CUCM). An unauthenticated remote attacker can leverage a specific URI endpoint to facilitate an SSRF attack, bypassing filesystem protections to achieve arbitrary file writes on the underlying system. By injecting malicious data into critical system files—such as configuration files, cron jobs, or system binaries—the attacker can execute a secondary stage of privilege escalation to gain full root-level access. This vulnerability represents a total loss of confidentiality, integrity, and availability, necessitating immediate remediation via Cisco-provided software patches to prevent complete system compromise.

Cisco Realigns Capital: 4,000 Job Cuts Amid Record Revenue to Fuel AI Infrastructure Pivot

Cisco is executing a massive strategic pivot, cutting approximately 4,000 jobs—roughly 5% of its workforce—to accelerate investment in AI infrastructure and hyperscaler-driven demand. Despite reporting a record-breaking quarterly revenue of $15.8 billion, the company is aggressively reallocating resources from legacy networking roles toward AI-optimized hardware and silicon. For CISOs, this transition signals a significant shift in the vendor landscape toward AI-driven software-defined networking (SDN), but it also introduces immediate operational risks, including potential lapses in security oversight and the critical need for managing orphaned accounts during large-scale workforce reductions.


LINK COPIED TO CLIPBOARD