"Two high-severity issues, tracked as CVE-2026-20034 and CVE-2026-20035, which could lead to server-side request forgery (SSRF) attacks, were resolved in Cisco Unity Connection. Rooted in the insufficient validation of user-supplied input and specific HTTP requests, the flaws could be exploited by remote, authenticated attackers to execute arbitrary code as root or send network requests sourced from the affected device."
"Cisco addressed a high-severity defect (CVE-2026-20185) in the Simple Network Management Protocol (SNMP) subsystem of SG350 and SG350X switches that could be exploited to cause a denial-of-service (DoS) condition. Improper error handling during the parsing of response data for a specific SNMP request could allow attackers to reload the device."
"The Crosswork Network Controller (CNC) and Network Services Orchestrator (NSO) were found vulnerable to a high-severity DoS vulnerability tracked as CVE-2026-20188. According to Cisco, the issue exists because rate-limiting on incoming network connections was not properly implemented, allowing a remote, unauthenticated attacker to send a large number of connection requests to a vulnerable system and exhaust resources."
Cisco announced security patches addressing five high-severity vulnerabilities in multiple enterprise products. Two SSRF vulnerabilities in Cisco Unity Connection (CVE-2026-20034 and CVE-2026-20035) stem from insufficient input validation, allowing authenticated attackers to execute arbitrary code or send network requests. A DoS vulnerability in SG350/SG350X switches (CVE-2026-20185) exploits improper SNMP error handling to reload devices. Crosswork Network Controller and NSO face a DoS vulnerability (CVE-2026-20188) due to inadequate rate-limiting on connections, enabling resource exhaustion. IoT Field Network Director's web interface contains an improper error handling flaw (CVE-2026-20167) allowing crafted input to trigger device reloads.
#cisco-security-patches #high-severity-vulnerabilities #ssrf-attacks #denial-of-service #enterprise-network-security
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]