In Less Than 24 Hours, Attackers Weaponize Cisco CUCM Flaw
The flaw enables server-side request forgery (SSRF) and escalates privileges to root, impacting Cisco Unified CM and Unified CM SME deployments.
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
The flaw enables server-side request forgery (SSRF) and escalates privileges to root, impacting Cisco Unified CM and Unified CM SME deployments.
An unknown threat actor exploited a recently disclosed high-severity security flaw impacting Cisco Catalyst SD-WAN as a zero-day at least two months before it was publicly disclosed, according to new findings from Google-owned Mandiant
Researchers believe rogue peering was used to connect to the victim's SD-WAN devices to gain admin privileges and root-level access.
Threat actors have begun to exploit a recently disclosed critical security flaw impacting Cisco Unified Communications Manager (Unified CM) and Unified Communications Manager Session Management Edition (Unified CM SME)
Cisco addressed CVE-2026-20181, a critical ISE vulnerability that lets authenticated admins execute commands and gain root access. Cisco addressed a critical command execution vulnerability, tracked as CVE-2026-20181 (CVSS score of 9.1), affecting Identity Services Engine (ISE) and ISE-PIC. The flaw stems from improper validation of user-supplied input, allowing an authenticated attacker with administrative credentials to […]
Second Catalyst SD-WAN Manager flaw exploited as an 0-day this month
Cisco has released security updates to address a vulnerability in the Catalyst SD-WAN Manager, tracked as CVE-2026-20262, that was exploited in attacks to escalate to root privileges. [...]
Cisco warns of CVE-2026-20245 in SD-WAN Manager, a flaw that can lead to root access via file upload command injection; no patch or workaround yet. Cisco warns of a privilege escalation flaw, tracked as CVE-2026-20245 (CVSS base score of 7.8), in Cisco Catalyst SD-WAN Manager, the platform formerly known as SD-WAN vManage. An authenticated local […]
On Thursday, Cisco warned of a high-severity, unpatched zero-day in the Cisco Catalyst SD-WAN Manager (tracked as CVE-2026-20245) actively exploited in attacks enabling root privilege escalation. [...]
Cisco has patched a bug in Unified Communications Manager that lets an unauthenticated attacker on the network write files to the box and, from there, climb to root
Cisco has released security updates to patch a critical-severity Unified Communications Manager (Unified CM) flaw that allows attackers to gain root privileges. [...]
Amazon Threat Intelligence is warning of an active Interlock ransomware campaign that's exploiting a recently disclosed critical security flaw in Cisco Secure Firewall Management Center (FMC) Software
Cisco has released security updates to patch two maximum-severity vulnerabilities in its Secure Firewall Management Center (FMC) software. [...]
A rare joint alert from all five spy agencies means serious business The Five Eyes intelligence alliance is urgently warning defenders to patch two Cisco Catalyst SD-WAN vulnerabilities used in attacks.…
Vendor Ships Emergency Fixes, Warning Flaw Facilitates Full System CompromiseAttackers are targeting a zero-day vulnerability in Cisco's Unified Communications and Webex products that facilitates remote code execution and root-level access to the underlying operating system, risking full system compromise. Cisco has released patches, warning that no workarounds exist.
Cisco has released security updates to patch a critical vulnerability in the Unified Contact Center Express (UCCX) software, which could enable attackers to execute commands with root privileges. [...]
The latest in a run of serious networking bugs gives attackers root if they have SNMP access Cisco has confirmed a new IOS and IOS XE zero-day, the latest in a string of flaws that attackers have been quick to weaponize.…
Shadowserver claims miscreants were already poking at a critical hole in early July, long before Switchzilla patched it Threat actors have actively exploited a newly patched vulnerability in Cisco's Identity Services Engine (ISE) software since early July, weeks before the networking giant got around to issuing a fix.…
Cisco on Monday updated its advisory of a set of recently disclosed security flaws in Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) to acknowledge active exploitation
Three perfect 10s in the last month - ISE, ISE, baby Cisco has issued a patch for a critical 10 out of 10 severity bug in its Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) that could allow an unauthenticated, remote attacker to run arbitrary code on the operating system with root-level privileges. …