
Cisco has disclosed a high-severity vulnerability in Catalyst Center that could let an unauthenticated remote attacker read arbitrary files from a restricted container. Fixes are available, and Cisco says no workaround addresses the issue.
Tag archive

Cisco has disclosed a high-severity vulnerability in Catalyst Center that could let an unauthenticated remote attacker read arbitrary files from a restricted container. Fixes are available, and Cisco says no workaround addresses the issue.

Cisco has released updates for multiple ClamAV vulnerabilities affecting Cisco products. The issues could let a remote attacker trigger denial-of-service conditions that interrupt malware scanning operations, with higher impact noted on Windows-based platforms.

Cisco has disclosed a critical server-side request forgery vulnerability in Unified CM and Unified CM SME that could let a remote unauthenticated attacker write files to the underlying OS when WebDialer is enabled.

Cisco has disclosed a medium-severity remote file inclusion vulnerability in Cisco Finesse that could let an unauthenticated attacker load remote content into an active user session and enable browser-based attacks.

Cisco has issued an advance notification that security advisories and fixed software releases for Catalyst Center and Secure Endpoint Connectors will be published on July 1, 2026. Organizations using these products should prepare to review and apply the upcoming fixes promptly.

Cisco has disclosed multiple medium-severity cross-site scripting vulnerabilities in Packaged CCE and Unified CCE. The flaws affect the web-based management interface and require valid administrative credentials to exploit.

Cisco has addressed a medium-severity open redirect vulnerability in the browser-based Webex App that could have sent users to malicious webpages after clicking a crafted link.

Cisco has disclosed a medium-severity server-side template injection vulnerability in Cisco Crosswork Network Controller that could let an authenticated remote attacker with template write permissions execute arbitrary commands in limited areas of the underlying operating system.

Cisco has patched a medium-severity privilege escalation vulnerability in Umbrella Virtual Appliance that could allow an authenticated local attacker with vmadmin access to gain root privileges.

Cisco has disclosed a critical authentication bypass vulnerability in Catalyst SD-WAN controllers that could let a remote unauthenticated attacker gain high-privileged access and manipulate SD-WAN fabric configuration.

Cisco has disclosed a critical authentication bypass in Catalyst SD-WAN Controller components that could let a remote unauthenticated attacker gain high-privileged access and manipulate SD-WAN fabric configuration.

Cisco has released fixes for a medium-severity vulnerability in Cisco Catalyst SD-WAN Manager that could let an authenticated remote attacker create or overwrite files through the web UI upload process.

Cisco has disclosed a high-severity authenticated privilege escalation vulnerability in Catalyst SD-WAN Controller, Manager, and Validator that can allow arbitrary command execution as root under specific conditions.

Cisco has disclosed a high-severity privilege escalation flaw in Cisco Catalyst SD-WAN Manager that could let an authenticated local attacker with netadmin privileges execute commands as root. Organizations should preserve logs, collect admin-tech files, upgrade to fixed software, and verify edge device configurations.

Cisco's 2025 IKEv2 advisories are a reminder that denial-of-service on edge devices can still become a serious security and business event. This alert covers availability risk, tunnel hubs, and validation after patching.

Cisco's 2025 WebVPN advisories matter because remote access portals sit directly on the edge. This alert covers exposed VPN paths, log retention, and the right post-fix validation for internet-facing firewalls.

Cisco warned that CVE-2025-20160 could affect the trust path for administrator authentication. This alert explains why AAA infrastructure should move fast and what to review beyond a simple version upgrade.

Cisco's April 2025 ISE bulletin grouped several severe flaws around a high-trust identity platform. This alert explains why exposed policy servers deserve fast patching, evidence preservation, and post-fix validation.

Cisco disclosed CVE-2026-20182 as a critical SD-WAN controller authentication bypass with limited exploitation already observed. This guide focuses on exposure, admin-tech collection, upgrade planning, and fabric-risk containment.

A professional guide to Cisco ASA, covering its firewall architecture, VPN strengths, policy model, clustering, high availability, migration decisions, and modern security tradeoffs.