Cisco Fixes Critical Flaws in Enterprise Network Equipment

Post Views: 8

Cisco Patches Multiple High-Severity Vulnerabilities Across Its Enterprise Portfolio

In a recent update, Cisco has released patches for several high-severity vulnerabilities affecting its enterprise-grade products.

Multiple Critical Weaknesses Resolved

Among the issues addressed are five critical weaknesses that could potentially enable remote attackers to gain unauthorized access to sensitive systems or disrupt service delivery.

CVE-2026-20034 and CVE-2026-20035: Insufficient validation of user-supplied input and specific HTTP requests in Cisco Unity Connection enable attackers to execute arbitrary code as root or send network requests sourced from the affected device.
CVE-2026-20185: A high-severity defect in the Simple Network Management Protocol (SNMP) subsystem of SG350 and SG350X switches could be exploited to cause a denial-of-service (DoS) condition by improperly handling error responses during the parsing of data for a specific SNMP request.
CVE-2026-20188: Inadequate rate limiting on incoming network connections in the Crosswork Network Controller (CNC) and Network Services Orchestrator (NSO) permits a remote, unauthenticated attacker to send a large number of connection requests to a vulnerable system and exhaust resources.
CVE-2026-20167: Improper error handling in the web interface of IoT Field Network Director allows attackers to submit crafted input and cause the router to reload, leading to a DoS condition.

Cisco has resolved all five critical weaknesses, and none have been observed in the wild.

According to Cisco, none of the patched vulnerabilities have been observed in the wild. For more information, users can consult the company’s security advisories page.

Medium-Security Bugs Addressed

Beyond these high-severity vulnerabilities, Cisco also addressed seven medium-severity bugs across various products, including IoT Field Network Director, Slido, Prime Infrastructure, Identity Services Engine (ISE), and Enterprise Chat and (ECE).

IoT Field Network Director: File reads, command execution, information disclosure, and arbitrary log file manipulation vulnerabilities were patched.
Slido: Medium-severity bugs were fixed, but no further details were provided.
Prime Infrastructure: Medium-severity bugs were patched, but no further details were provided.
Identity Services Engine (ISE): Medium-security bugs were addressed, but no additional information was provided.
Enterprise Chat and (ECE): Medium-security bugs were fixed, but no further details were available.

Cisco recommends that customers review their security configurations and apply the necessary patches to protect against these vulnerabilities.