Skip to content
Threat Feed
Subscribe

Tag

Cisco

33 briefs RSS
high advisory

Cisco Privileged Account Creation Followed by HTTP Command Execution

Attackers create privileged accounts on Cisco IOS devices and then execute commands remotely via HTTP to gain privileged access.

IOS +1 cisco network privilege escalation command execution
1r 3t
critical advisory

Cisco Secure Workload Unauthorized API Access Vulnerability

Cisco Secure Workload versions 3.9 and prior, versions prior to 3.10.8.3, and versions prior to 4.0.3.17 are vulnerable to unauthorized API access, requiring an urgent update.

Secure Workload cisco vulnerability api
1r
medium advisory

Cisco ThousandEyes Enterprise Agent BrowserBot Command Injection Vulnerability

CVE-2026-20206 describes a command injection vulnerability in the BrowserBot component of Cisco ThousandEyes Enterprise Agent where an authenticated remote attacker with transaction test management privileges could execute arbitrary commands within the BrowserBot container as the node user.

ThousandEyes Enterprise Agent +1 command-injection cve cisco
2r 1t
medium threat

Cisco ThousandEyes Virtual Appliance Authenticated Remote Code Execution Vulnerability

CVE-2026-20199 - A vulnerability in the SSL certificate handling of Cisco ThousandEyes Virtual Appliance could allow an authenticated, remote attacker to execute commands on the underlying operating system as the root user.

ThousandEyes Virtual Appliance cve-2026-20199 rce cisco thousandeyes ssl
2r 1t
medium advisory

Cisco Nexus 3000 and 9000 Series Switches BGP Denial of Service Vulnerability

CVE-2026-20171 describes a vulnerability in the Border Gateway Protocol (BGP) enforce-first-as feature of Cisco Nexus 3000 and 9000 Series Switches that could allow an unauthenticated, remote attacker to trigger BGP peer flaps, resulting in a denial-of-service (DoS) condition.

Nexus 3000 Series Switches +1 bgp dos cisco network
2r 1t
critical advisory

Cisco Catalyst SD-WAN Controller Vulnerability Allows Privilege Escalation

A remote, anonymous attacker can exploit a vulnerability in the Cisco Catalyst SD-WAN Controller to gain administrator rights and manipulate the network configuration.

Catalyst SD-WAN Controller privilege-escalation network cisco
2r 1t
critical advisory

Cisco Catalyst SD-WAN Manager Multiple Vulnerabilities

Multiple vulnerabilities in Cisco Catalyst SD-WAN Manager could allow a remote attacker to gain access to sensitive information, elevate privileges, or gain unauthorized access to the application.

Catalyst SD-WAN Manager cisco sdwan vulnerability privilege-escalation initial-access
2r 2t
critical advisory

Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability

A vulnerability in the peering authentication of Cisco Catalyst SD-WAN Controller and Manager (CVE-2026-20182) could allow a remote, unauthenticated attacker to bypass authentication and obtain administrative privileges by sending crafted requests.

Catalyst SD-WAN Controller +1 authentication bypass privilege escalation cisco sd-wan
2r 2t
medium advisory

Cisco Crosswork Network Controller and Network Services Orchestrator Connection Exhaustion Denial of Service

An unauthenticated remote attacker can cause a denial-of-service condition on Cisco Crosswork Network Controller and Network Services Orchestrator by exhausting connection resources via a high volume of connection requests.

Crosswork Network Controller +1 denial-of-service cisco network
2r 1t
critical threat

Cisco Unity Connection Multiple Vulnerabilities

Multiple vulnerabilities in Cisco Unity Connection allow an attacker to execute arbitrary code with administrator privileges or perform Server-Side Request Forgery (SSRF) attacks.

Unity Connection cisco vulnerability privilege-escalation execution ssrf
2r 2t
high advisory

Cisco Releases Security Advisories for Multiple Products

Cisco released security advisories on May 6, 2026, addressing vulnerabilities including remote code execution, server-side request forgery, and denial of service in Crosswork Network Controller, IoT Field Network Director, Network Services Orchestrator, SG350/SG350X Managed Switches, and Unity Connection.

Crosswork Network Controller +5 cisco vulnerability denial-of-service remote-code-execution server-side-request-forgery
3r 3t
high advisory

Cisco Unity Connection Remote Code Execution and Server-Side Request Forgery Vulnerabilities

Multiple vulnerabilities in Cisco Unity Connection could allow a remote attacker to execute arbitrary code or conduct server-side request forgery (SSRF) attacks.

Unity Connection cisco rce ssrf vulnerability
2r 1t
medium advisory

Cisco Slido Insecure Direct Object Reference Vulnerability

An insecure direct object reference in Cisco Slido's REST API could have allowed an authenticated remote attacker to access social profile data or affect quiz/poll results.

Slido idor cisco credential-access
2r 1t
medium advisory

Cisco Prime Infrastructure Information Disclosure Vulnerability

Cisco Prime Infrastructure is vulnerable to an information disclosure vulnerability, allowing authenticated remote attackers to download arbitrary log files due to insufficient authorization checks.

Prime Infrastructure information-disclosure vulnerability cisco
2r 3t
high advisory

Cisco IoT Field Network Director Multiple Vulnerabilities

Multiple vulnerabilities in Cisco IoT Field Network Director Software could allow an authenticated, remote attacker to access files, execute commands, and cause denial-of-service (DoS) conditions on managed routers.

IoT Field Network Director Software cisco iot vulnerability dos command-execution file-access
3r 4t
medium advisory

Cisco Identity Services Engine Authentication Bypass Vulnerabilities

Multiple vulnerabilities in Cisco Identity Services Engine (ISE) could allow a remote attacker to bypass authorization mechanisms or examine error messages to gain access to sensitive information.

Identity Services Engine cisco authentication-bypass vulnerability
2r 1t
medium advisory

Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerabilities

Multiple stored cross-site scripting (XSS) vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to inject malicious code into specific pages of the interface, leading to arbitrary script execution or sensitive information access.

Identity Services Engine xss cisco web-application
2r 1t 2c
critical advisory

Multiple Vulnerabilities in Cisco Products Allow for Remote Code Execution

Multiple vulnerabilities in Cisco ASA, Secure Firewall Threat Defense, IOS, IOS XE, and IOS XR allow a remote attacker to bypass authentication and execute arbitrary code with administrator privileges.

ASA +4 cisco vulnerability rce authentication-bypass
2r 4t 3c
critical threat

UAT-4356 FIRESTARTER Backdoor Targeting Cisco Firepower Devices

UAT-4356 is actively targeting Cisco Firepower devices running FXOS, exploiting CVE-2025-20333 and CVE-2025-20362 to deploy the FIRESTARTER backdoor which allows remote access and control by injecting malicious shellcode into the LINA process.

Firepower eXtensible Operating System +2 UAT-4356 firestarter cisco backdoor network espionage
2r 2t 2c 2i
medium advisory

Cisco Integrated Management Controller (IMC) Multiple XSS Vulnerabilities

Multiple cross-site scripting (XSS) vulnerabilities in the web-based management interface of Cisco Integrated Management Controller (IMC) could allow a remote attacker to conduct an XSS attack against a user of the interface.

Integrated Management Controller xss cisco cimc vulnerability
2r 1t 5c
medium advisory

Cisco Catalyst SD-WAN Manager Password Disclosure Vulnerability (CVE-2026-20128)

Cisco Catalyst SD-WAN Manager stores passwords in a recoverable format, allowing an authenticated local attacker to gain DCA user privileges by accessing a credential file.

Catalyst SD-WAN Manager cve-2026-20128 credential-access sd-wan cisco
2r 1t 1c
critical advisory

Cisco Catalyst SD-WAN Manager Multiple Vulnerabilities

Multiple vulnerabilities in Cisco Catalyst SD-WAN Manager allow a remote, anonymous, or local attacker to gain administrator privileges, bypass authentication, execute commands with Netadmin rights, read sensitive system information, and overwrite arbitrary files.

cisco sdwan vulnerability privilege-escalation
2r 4t
critical advisory

Critical Certificate Validation Vulnerability in CISCO Webex Allows User Impersonation

A critical improper certificate validation vulnerability in CISCO Webex versions 39.6 - 45.4 (CVE-2026-20184) allows a remote, unprivileged attacker to impersonate users, gain unauthorized access, and join meetings without authorization, potentially impacting confidentiality, integrity, and availability.

cisco webex sso certificate-validation user-impersonation cve-2026-20184 cloud
2r 3t 1c
high advisory

Multiple Vulnerabilities in Cisco Unity Connection

Multiple vulnerabilities in Cisco Unity Connection can be exploited by an attacker to conduct cross-site scripting attacks, redirect users to malicious websites, manipulate data, and disclose confidential information.

cisco unity-connection vulnerability xss data-manipulation
2r 1t
critical advisory

Critical Authentication Bypass Vulnerability in Cisco Integrated Management Controller (CVE-2026-20093)

An unauthenticated remote attacker can exploit CVE-2026-20093 to bypass authentication in Cisco Integrated Management Controller (IMC), gain full administrative access, and manipulate hardware settings, potentially disrupting critical infrastructure.

authentication bypass cisco imc cve-2026-20093
3r 3t 1c
critical advisory

Cisco Smart Software Manager On-Prem RCE via Exposed API (CVE-2026-20160)

CVE-2026-20160 is a critical vulnerability in Cisco Smart Software Manager On-Prem (SSM On-Prem) that allows an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system with root privileges by sending a crafted request to an exposed API.

cve-2026-20160 cisco ssm-on-prem rce webserver
2r 1t 1c
critical advisory

Critical RCE Vulnerability in Cisco Catalyst SD-WAN Controller

A critical remote code execution vulnerability exists in Cisco Catalyst SD-WAN Controllers (CVE-2026-20127) due to improper authentication, allowing unauthenticated remote attackers to bypass authentication and gain administrative privileges, potentially leading to network configuration manipulation.

cisco sd-wan rce vulnerability
2r 2t
high advisory

Cisco Catalyst SD-WAN Manager Information Disclosure Vulnerability (CVE-2026-20133)

Cisco Catalyst SD-WAN Manager contains an information disclosure vulnerability (CVE-2026-20133) that could allow remote attackers to view sensitive information on affected systems, requiring immediate patching or mitigation.

Catalyst SD-WAN Manager cve vulnerability cisco sd-wan
2r 1t 1c
high threat

Detection of Suspicious Cisco Configuration Changes via Archive Logging

This analytic detects suspicious configuration changes on Cisco devices by analyzing archive logs for activities such as backdoor account creation, SNMP community string modifications, and TFTP server configurations, potentially indicating attacker presence and lateral movement.

IOS +3 Static Tundra cisco network-security configuration-change
3r 2t 1c
high advisory

Cisco Secure Endpoint Tampering via SFC Utility

The sfc.exe utility is being used with the '-unblock' parameter, a feature within Cisco Secure Endpoint, to remove system blocks imposed by the endpoint protection, potentially indicating an attempt to bypass security measures and execute blocked malicious payloads.

Secure Endpoint +3 defense-evasion endpoint cisco
2r
high advisory

Cisco Secure Endpoint Tampering via SFC Utility

An attacker attempts to disable the Immunet Protect service of Cisco Secure Endpoint by leveraging the `sfc.exe` utility with the `-k` parameter, potentially blinding the EDR for further compromise.

Secure Endpoint +1 defense-evasion endpoint cisco
2r 1t
medium advisory

Cisco ASA Logging Filters Configuration Tampering

Tampering with logging filter configurations on Cisco ASA devices can allow attackers to evade detection by reducing logging levels or disabling specific log categories.

ASA +3 cisco logging evasion
2r 1t
high advisory

Cisco ASA Logging Disabled via CLI

Detection of disabled logging functionality on a Cisco ASA device via CLI commands, indicating potential defense evasion by adversaries.

Adaptive Security Appliance defense-evasion cisco asa
2r