好的,我现在需要帮用户总结一篇文章的内容,控制在100个字以内。用户给的文章是关于Cisco发现的两个安全漏洞,被积极利用的情况。首先,我得通读全文,抓住主要信息。 文章提到Cisco的Catalyst SD-WAN Manager软件有两个漏洞CVE-2026-20128和CVE-2026-20122被利用。这两个漏洞分别属于中等和高危级别,影响管理软件,不管设备配置如何。同时,还有其他漏洞未被利用,但建议升级。 另外,文章还提到自2023年以来,另一个零日漏洞CVE-2026-20127被利用,导致恶意设备进入网络。美国和英国的机构发布了联合警告,并要求联邦机构采取措施应对。 最后,Cisco还修复了防火墙管理软件中的两个严重漏洞。 现在需要把这些信息浓缩到100字以内。重点包括:两个漏洞被利用、影响范围、其他漏洞未被利用、建议升级、零日攻击的影响以及修复措施。 可能的结构:Cisco报告两个漏洞被利用,影响SD-WAN Manager软件;建议升级;还有零日攻击导致恶意设备进入网络;修复了其他严重漏洞。 检查字数是否合适,并确保涵盖关键点:漏洞名称、级别、影响范围、建议措施、零日攻击的影响和修复。 </think> Cisco报告称其Catalyst SD-WAN Manager软件存在两个被积极利用的安全漏洞(CVE-2026-20128和CVE-20128),分别涉及信息泄露和任意文件覆盖问题。这些漏洞影响管理软件功能,无论设备配置如何。 Cisco建议用户升级至最新版本以修复问题。 2026-3-5 10:45:31 Author: www.bleepingcomputer.com(查看原文) 阅读量:13 收藏
Cisco has flagged two additional Catalyst SD-WAN Manager security flaws as actively exploited in the wild, urging administrators to upgrade vulnerable devices.
Catalyst SD-WAN Manager (formerly vManage) is network management software that enables admins to monitor and manage up to 6,000 Catalyst SD-WAN devices from a single centralized dashboard.
"In March 2026, the Cisco PSIRT became aware of active exploitation of the vulnerabilities that are described in CVE-2026-20128 and CVE-2026-20122 only," the company warned in an update to a February 25 advisory.
"The vulnerabilities that are described in the other CVEs in this advisory are not known to have been compromised. Cisco strongly recommends that customers upgrade to a fixed software release to remediate these vulnerabilities."
The high-severity arbitrary file overwrite vulnerability (CVE-2026-20122) can only be exploited by remote attackers with valid read-only credentials with API access, while the medium-severity information disclosure flaw (CVE-2026-20128) requires local attackers to have valid vmanage credentials on the targeted systems.
Cisco added that these vulnerabilities affect Catalyst SD-WAN Manager software, regardless of device configuration.
SD-WAN zero-days exploited since 2023
Last week, the company also disclosed that a critical authentication bypass vulnerability (CVE-2026-20127) has been exploited in zero-day attacks since at least 2023, enabling highly sophisticated threat actors to compromise controllers and add malicious rogue peers to targeted networks.
The rogue peers allow the attackers to insert legitimate-looking malicious devices, enabling them to move deeper into compromised networks.
After joint advisories by U.S. and U.K. authorities warning of the exploitation activity, CISA issued Emergency Directive 26-03 requiring federal agencies to inventory Cisco SD-WAN systems, collect forensic artifacts, ensure external log storage, apply updates, and investigate potential compromises tied to attacks targeting CVE-2026-20127 and an older flaw tracked as CVE-2022-20775.
More recently, on Wednesday, Cisco released security updates to patch two maximum-severity vulnerabilities in its Secure Firewall Management Center (FMC) software.
These security flaws, an authentication bypass flaw (tracked as CVE-2026-20079) and a remote code execution (RCE) vulnerability (CVE-2026-20131), can be exploited remotely by unauthenticated attackers to gain root access to the underlying operating system and execute arbitrary Java code as root on unpatched devices, respectively.
Red Report 2026: Why Ransomware Encryption Dropped 38%
Malware is getting smarter. The Red Report 2026 reveals how new threats use math to detect sandboxes and hide in plain sight.
Download our analysis of 1.1 million malicious samples to uncover the top 10 techniques and see if your security stack is blinded.
如有侵权请联系:admin#unsafe.sh