{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/sg350-managed-switch/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["Crosswork Network Controller (CNC)","IoT Field Network Director (FND)","Network Services Orchestrator (NSO)","SG350 Managed Switch","SG350X Managed Switch","Unity Connection"],"_cs_severities":["high"],"_cs_tags":["cisco","vulnerability","denial-of-service","remote-code-execution","server-side-request-forgery"],"_cs_type":"advisory","_cs_vendors":["Cisco"],"content_html":"\u003cp\u003eOn May 6, 2026, Cisco released multiple security advisories addressing vulnerabilities across several of their products. These advisories cover a range of issues, including remote code execution (RCE), server-side request forgery (SSRF), and denial-of-service (DoS) vulnerabilities. Affected products include Cisco Crosswork Network Controller (CNC) version 7.1 and prior, Cisco IoT Field Network Director (FND) version 4 and prior and versions prior to 5.0.0-117, Cisco Network Services Orchestrator (NSO) version 6.3 and prior and versions prior to 6.4.1.3, Cisco SG350 and SG350X Managed Switches (multiple versions and models), and Cisco Unity Connection versions prior to 12.5, 14SU5, and 15SU4. These vulnerabilities could allow attackers to disrupt services, gain unauthorized access, or execute arbitrary code. It is crucial for administrators to review and apply the necessary updates.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003cp\u003eSince the advisory covers multiple vulnerabilities across different products, a generalized attack chain cannot be provided. However, the following represents a plausible attack chain for a denial-of-service vulnerability in a network management platform, extrapolating from the advisories\u0026rsquo; scope:\u003c/p\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker identifies a vulnerable Cisco Crosswork Network Controller or IoT Field Network Director instance.\u003c/li\u003e\n\u003cli\u003eThe attacker sends a series of crafted network requests to the vulnerable server.\u003c/li\u003e\n\u003cli\u003eThe server improperly handles the requests, leading to excessive resource consumption.\u003c/li\u003e\n\u003cli\u003eThe server\u0026rsquo;s CPU, memory, or network bandwidth becomes saturated.\u003c/li\u003e\n\u003cli\u003eThe server becomes unresponsive to legitimate requests.\u003c/li\u003e\n\u003cli\u003eNetwork management operations are disrupted, impacting network stability.\u003c/li\u003e\n\u003cli\u003eAdministrators are unable to manage or monitor the network effectively.\u003c/li\u003e\n\u003cli\u003eThe denial-of-service condition persists until the malicious traffic is blocked or the server is restarted.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of these vulnerabilities can lead to denial of service, remote code execution, and unauthorized access. A denial-of-service condition on network management platforms like Crosswork Network Controller or IoT Field Network Director can disrupt network operations, preventing administrators from managing and monitoring the network effectively. Remote code execution on Cisco Unity Connection could allow attackers to gain complete control over the affected system. Server-Side Request Forgery can lead to internal information disclosure. The specific number of affected organizations is unknown, but given the widespread use of Cisco products, the potential impact is significant.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReview the Cisco Security Advisories and identify the products in your environment that are affected. (Reference: Cisco Security Advisories Links)\u003c/li\u003e\n\u003cli\u003eApply the recommended updates to Cisco Unity Connection to mitigate the Remote Code Execution and Server-Side Request Forgery vulnerabilities. (Reference: Cisco Unity Connection Advisory)\u003c/li\u003e\n\u003cli\u003eApply the recommended updates to Cisco SG350 and SG350X Series Managed Switches to mitigate the SNMP Denial of Service Vulnerability. (Reference: Cisco SG350 and SG350X Series Managed Switches Advisory)\u003c/li\u003e\n\u003cli\u003eApply the recommended updates to Cisco Crosswork Network Controller and Cisco Network Services Orchestrator to mitigate the Connection Exhaustion Denial of Service Vulnerability. (Reference: Cisco Crosswork Network Controller and Cisco Network Services Orchestrator Advisory)\u003c/li\u003e\n\u003cli\u003eApply the recommended updates to Cisco IoT Field Network Director to mitigate the identified vulnerabilities. (Reference: Cisco IoT Field Network Director Advisory)\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-06T19:25:00Z","date_published":"2026-05-06T19:25:00Z","id":"/briefs/2026-05-cisco-multiple-vulns/","summary":"Cisco released security advisories on May 6, 2026, addressing vulnerabilities including remote code execution, server-side request forgery, and denial of service in Crosswork Network Controller, IoT Field Network Director, Network Services Orchestrator, SG350/SG350X Managed Switches, and Unity Connection.","title":"Cisco Releases Security Advisories for Multiple Products","url":"https://feed.craftedsignal.io/briefs/2026-05-cisco-multiple-vulns/"}],"language":"en","title":"CraftedSignal Threat Feed — SG350 Managed Switch","version":"https://jsonfeed.org/version/1.1"}