Tag
Multiple Vulnerabilities in Cisco Products Allow for Remote Code Execution
2 rules 4 TTPs 3 CVEsMultiple vulnerabilities in Cisco ASA, Secure Firewall Threat Defense, IOS, IOS XE, and IOS XR allow a remote attacker to bypass authentication and execute arbitrary code with administrator privileges.
UAT-4356 FIRESTARTER Backdoor Targeting Cisco Firepower Devices
2 rules 2 TTPs 2 CVEs 2 IOCsUAT-4356 is actively targeting Cisco Firepower devices running FXOS, exploiting CVE-2025-20333 and CVE-2025-20362 to deploy the FIRESTARTER backdoor which allows remote access and control by injecting malicious shellcode into the LINA process.
Cisco Integrated Management Controller (IMC) Multiple XSS Vulnerabilities
2 rules 1 TTP 5 CVEsMultiple cross-site scripting (XSS) vulnerabilities in the web-based management interface of Cisco Integrated Management Controller (IMC) could allow a remote attacker to conduct an XSS attack against a user of the interface.
Cisco Catalyst SD-WAN Manager Password Disclosure Vulnerability (CVE-2026-20128)
2 rules 1 TTP 1 CVECisco Catalyst SD-WAN Manager stores passwords in a recoverable format, allowing an authenticated local attacker to gain DCA user privileges by accessing a credential file.
Cisco Catalyst SD-WAN Manager Multiple Vulnerabilities
2 rules 4 TTPsMultiple vulnerabilities in Cisco Catalyst SD-WAN Manager allow a remote, anonymous, or local attacker to gain administrator privileges, bypass authentication, execute commands with Netadmin rights, read sensitive system information, and overwrite arbitrary files.
Critical Certificate Validation Vulnerability in CISCO Webex Allows User Impersonation
2 rules 3 TTPs 1 CVEA critical improper certificate validation vulnerability in CISCO Webex versions 39.6 - 45.4 (CVE-2026-20184) allows a remote, unprivileged attacker to impersonate users, gain unauthorized access, and join meetings without authorization, potentially impacting confidentiality, integrity, and availability.
Multiple Vulnerabilities in Cisco Unity Connection
2 rules 1 TTPMultiple vulnerabilities in Cisco Unity Connection can be exploited by an attacker to conduct cross-site scripting attacks, redirect users to malicious websites, manipulate data, and disclose confidential information.
Critical Authentication Bypass Vulnerability in Cisco Integrated Management Controller (CVE-2026-20093)
3 rules 3 TTPs 1 CVEAn unauthenticated remote attacker can exploit CVE-2026-20093 to bypass authentication in Cisco Integrated Management Controller (IMC), gain full administrative access, and manipulate hardware settings, potentially disrupting critical infrastructure.
Cisco Smart Software Manager On-Prem RCE via Exposed API (CVE-2026-20160)
2 rules 1 TTP 1 CVECVE-2026-20160 is a critical vulnerability in Cisco Smart Software Manager On-Prem (SSM On-Prem) that allows an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system with root privileges by sending a crafted request to an exposed API.
Critical RCE Vulnerability in Cisco Catalyst SD-WAN Controller
2 rules 2 TTPs 4 IOCsA critical remote code execution vulnerability exists in Cisco Catalyst SD-WAN Controllers (CVE-2026-20127) due to improper authentication, allowing unauthenticated remote attackers to bypass authentication and gain administrative privileges, potentially leading to network configuration manipulation.
Cisco Catalyst SD-WAN Manager Information Disclosure Vulnerability (CVE-2026-20133)
2 rules 1 TTP 1 CVECisco Catalyst SD-WAN Manager contains an information disclosure vulnerability (CVE-2026-20133) that could allow remote attackers to view sensitive information on affected systems, requiring immediate patching or mitigation.