These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
CVE-2026-20262 is a vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage. The vulnerability allows an authenticated, remote attacker to create a file or overwrite any file on the filesystem of an affected system. This is possible due to improper validation of user-supplied input during a file upload process. An attacker could exploit this vulnerability by sending a crafted [truncated]
CVE-2026-20223 is a critical authentication and access-validation flaw affecting Cisco Secure Workload’s internal REST APIs. According to the CVE record, an unauthenticated remote attacker who can reach a vulnerable endpoint may be able to access site resources as a Site Admin, including sensitive data exposure and configuration changes across tenant boundaries.
CVE-2026-20206 is a command-injection vulnerability in the BrowserBot component of Cisco ThousandEyes Enterprise Agent. Cisco states that an authenticated, remote attacker with valid ThousandEyes SaaS credentials and permission to manage transaction tests could submit crafted input and potentially execute arbitrary commands inside the BrowserBot container as the node user. Cisco has already addressed the [truncated]
CVE-2026-20199 is a vulnerability in SSL certificate handling for Cisco ThousandEyes Virtual Appliance. The provided source states that insufficient validation of user-supplied input may allow an authenticated remote attacker with valid administrative credentials to upload a crafted certificate and execute arbitrary code on the underlying operating system as root. NVD lists the record as Awaiting Analysis [truncated]
CVE-2026-20171 is a Cisco-reported BGP denial-of-service issue affecting Nexus 3000 Series and Nexus 9000 Series Switches in standalone NX-OS mode. A remote attacker who can get a crafted BGP update delivered through an established peer session may cause incorrect parsing of a transitive BGP attribute, leading the device to drop the BGP session and flap with the forwarding peer. The practical impact is di [truncated]
CVE-2026-20182 is a Cisco Catalyst SD-WAN Controller authentication bypass vulnerability that CISA added to its Known Exploited Vulnerabilities catalog on 2026-05-14. Because it is on the KEV list, defenders should treat it as a priority exposure and follow CISA’s ED-26-03 and Cisco SD-WAN hunt-and-hardening guidance without delay. CISA’s metadata also notes that, where mitigations are not available, orga [truncated]
CVE-2026-20133 is a Cisco Catalyst SD-WAN Manager vulnerability that CISA has added to its Known Exploited Vulnerabilities catalog. The supplied source material indicates the issue involves exposure of sensitive information to an unauthorized actor and directs defenders to Cisco and CISA mitigation guidance. Because CISA assigned a near-term remediation deadline, this should be treated as an urgent exposu [truncated]
CVE-2026-20128 is a Cisco Catalyst SD-WAN Manager vulnerability involving passwords stored in a recoverable format. CISA added it to the Known Exploited Vulnerabilities catalog on 2026-04-20 and set a remediation due date of 2026-04-23, so it should be treated as urgent. The supplied record does not include a CVSS score, so operational priority should be driven by the KEV listing and the potential exposur [truncated]
CVE-2026-20122 is a Cisco Catalyst SD-WAN Manager vulnerability described as an incorrect use of privileged APIs. CISA added it to the Known Exploited Vulnerabilities catalog on 2026-04-20 and set a remediation due date of 2026-04-23, which means defenders should treat it as urgent.
CVE-2026-20131 is a Cisco Secure Firewall Management Center (FMC) and Cisco Security Cloud Control (SCC) Firewall Management deserialization of untrusted data vulnerability. CISA added it to the Known Exploited Vulnerabilities catalog on 2026-03-19 and marked known ransomware campaign use, with a remediation due date of 2026-03-22. Treat this as an active exposure requiring immediate defensive review of a [truncated]
A vulnerability in the Cisco FXOS Software CLI feature for Cisco Secure Firewall ASA Software and Secure FTD Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system with root-level privileges. To exploit this vulnerability, the attacker must have valid administrative credentials on an affected device. This vulnerability is due to insufficient [truncated]
CVE-2026-20127 is a Cisco Catalyst SD-WAN Controller and Manager authentication bypass vulnerability that CISA added to the Known Exploited Vulnerabilities catalog on 2026-02-25. CISA set a remediation due date of 2026-02-27 and pointed defenders to Emergency Directive 26-03 and Cisco’s hunt-and-hardening guidance, so exposed environments should be treated as time-sensitive.
CVE-2022-20775 is a Cisco SD-WAN path traversal vulnerability that CISA added to the Known Exploited Vulnerabilities catalog on 2026-02-25, with a mitigation due date of 2026-02-27. Because the supplied source corpus is limited to catalog and record metadata, this brief focuses on defensive prioritization: confirm whether any Cisco SD-WAN devices are exposed, follow Cisco’s official advisory and CISA’s Em [truncated]
CVE-2026-20045 is a Cisco Unified Communications Products code injection vulnerability affecting Cisco Unified Communications Manager and listed by CISA in the Known Exploited Vulnerabilities (KEV) catalog. Because it is already in KEV, this should be treated as a high-priority remediation item. The supplied corpus does not include CVSS data or deeper technical detail, so the safest response is to invento [truncated]
CVE-2025-20393 is a Cisco Multiple Products improper input validation vulnerability that CISA added to the Known Exploited Vulnerabilities catalog on 2025-12-17. Because it is a KEV-listed issue, defenders should treat it as actively exploited or otherwise confirmed by CISA as requiring prompt remediation. The supplied corpus does not identify the exact affected Cisco products or versions, so exposure ass [truncated]
CVE-2025-20352 affects Cisco IOS and IOS XE software and is listed by CISA in the Known Exploited Vulnerabilities catalog. The supplied title identifies the issue as an SNMP vulnerability that can lead to denial of service or remote code execution, so exposed Cisco network devices should be treated as urgent remediation candidates.
CVE-2025-20362 is a Cisco Secure Firewall Adaptive Security Appliance (ASA) and Secure Firewall Threat Defense (FTD) missing authorization vulnerability. CISA added it to the Known Exploited Vulnerabilities catalog on 2025-09-25, which indicates known exploitation and makes it an urgent remediation item. For U.S. federal agencies, the KEV due date is 2025-09-26, tied to Emergency Directive 25-03 and the a [truncated]
CVE-2025-20333 affects Cisco Secure Firewall Adaptive Security Appliance (ASA) and Secure Firewall Threat Defense (FTD) and is described by CISA as a buffer overflow vulnerability. CISA added the issue to its Known Exploited Vulnerabilities catalog on 2025-09-25 and set a due date of 2025-09-26 for federal agencies to begin following the required mitigation guidance. Because the vulnerability is in KEV, d [truncated]
CVE-2025-20337 is a Cisco Identity Services Engine injection vulnerability that CISA added to its Known Exploited Vulnerabilities catalog on 2025-07-28. The public record in this corpus does not include a CVSS score or deeper technical exploitation detail, so the strongest defensive signal is its KEV status and the required remediation deadline of 2025-08-18.
CVE-2025-20281 is a Cisco Identity Services Engine injection vulnerability that CISA added to the Known Exploited Vulnerabilities catalog on 2025-07-28. Because it is a KEV-listed issue, affected Cisco ISE deployments should be treated as urgent remediation targets. The supplied corpus does not include a CVSS score or detailed impact analysis, so defensive action should be driven by Cisco guidance and exp [truncated]
CVE-2023-20032 appears in the 2025-04-07 CISA CSAF advisory for ABB M2M Gateway products, including ARM600 and ABB M2M Gateway SW. The source record describes a missing buffer size check that can lead to a heap buffer overflow write, and recommends reducing external exposure, using VPN/DMZ controls, allowlisting, credential hardening, and continuous monitoring. The supplied corpus also contains an importa [truncated]
CVE-2024-20439 is a Cisco Smart Licensing Utility static credential vulnerability that CISA added to the Known Exploited Vulnerabilities catalog. Because it is a KEV-listed issue, defenders should treat it as urgent and follow Cisco’s mitigation guidance or discontinue use if mitigation is not available.
CVE-2023-20118 is a Cisco Small Business RV Series Routers command injection vulnerability that CISA added to its Known Exploited Vulnerabilities (KEV) catalog on 2025-03-03. KEV inclusion means CISA has confirmed known exploitation and set a remediation due date of 2025-03-24. The supplied source metadata does not provide a CVSS score, so prioritization here is driven by KEV status and the affected produ [truncated]
CVE-2014-2120 is a Cisco Adaptive Security Appliance (ASA) cross-site scripting (XSS) vulnerability that CISA lists in the Known Exploited Vulnerabilities catalog. For defenders, the key takeaway is operational urgency: CISA’s record directs organizations to apply mitigations per Cisco’s instructions or discontinue use of the product if mitigations are unavailable.
CVE-2024-20481 is a Cisco ASA and Firepower Threat Defense denial-of-service vulnerability that CISA has added to its Known Exploited Vulnerabilities catalog. That KEV listing makes this a priority for defenders because it is treated as actively exploited. The supplied corpus does not include affected versions, attack preconditions, or a CVSS score, so remediation should follow Cisco’s official guidance a [truncated]
CVE-2024-20399 is a Cisco NX-OS command injection vulnerability that CISA added to its Known Exploited Vulnerabilities catalog on 2024-07-02. That KEV listing means defenders should treat it as urgently actionable, even though the supplied corpus does not include a CVSS score or the full vendor-advisory technical details. Cisco’s official advisory and the NVD entry are the primary public references in the [truncated]
CVE-2024-20359 is a Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) privilege escalation vulnerability that CISA added to its Known Exploited Vulnerabilities catalog on 2024-04-24. Because it is listed in KEV, defenders should treat it as actively exploited or otherwise confirmed in the wild and prioritize remediation quickly. CISA’s required action is to apply mitigations per v [truncated]
CVE-2024-20353 is a Cisco ASA and Firepower Threat Defense (FTD) denial-of-service vulnerability that CISA added to the Known Exploited Vulnerabilities catalog on 2024-04-24. Because it is a KEV-listed issue, defenders should treat it as operationally urgent and follow Cisco’s mitigation guidance or remove the product from use if mitigations are unavailable. The supplied corpus does not include deeper tec [truncated]
CVE-2020-3259 is a Cisco ASA and Firepower Threat Defense information disclosure vulnerability. CISA added it to the Known Exploited Vulnerabilities catalog on 2024-02-15, and the KEV entry marks it as associated with known ransomware campaign use. For defenders, this makes the issue a priority even though the supplied corpus does not include full vendor advisory details or CVSS scoring.
CVE-2023-20273 is a Cisco IOS XE Web UI command injection vulnerability that CISA added to its Known Exploited Vulnerabilities catalog on 2023-10-23, with a remediation due date of 2023-10-27. Because CISA placed it in KEV, defenders should treat it as an urgent exposure review item, especially for systems exposed to the internet or other untrusted networks.
CVE-2023-20198 is a Cisco IOS XE Web UI privilege escalation issue that CISA added to its Known Exploited Vulnerabilities catalog on 2023-10-16. For defenders, the key signal is not just the vulnerability name, but the KEV status: CISA’s record requires organizations to verify compliance with BOD 23-02, apply vendor mitigations, and, for affected products exposed to the internet or untrusted networks, fol [truncated]
CVE-2023-20109 is a Cisco IOS and IOS XE vulnerability affecting Group Encrypted Transport VPN (GETVPN). CISA added it to the Known Exploited Vulnerabilities catalog on 2023-10-10, indicating it has been observed as exploited in the wild. The available official records emphasize defensive action: apply vendor mitigations or discontinue use of the product if mitigations are unavailable.
CVE-2023-20269 is a Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) unauthorized access vulnerability that CISA added to its Known Exploited Vulnerabilities catalog on 2023-09-13. The supplied KEV metadata marks it as known exploited and notes known ransomware campaign use. Defenders should treat this as an urgent remediation item and follow Cisco’s mitigation guidance, includin [truncated]
CVE-2016-6415 is a Cisco IKEv1 information disclosure vulnerability affecting Cisco IOS, IOS XR, and IOS XE. CISA has listed it in the Known Exploited Vulnerabilities catalog, which means defenders should treat it as actively important to remediate on any exposed or still-supported Cisco systems. The supplied source data does not provide deeper technical detail, so the safest response is to verify device [truncated]
CVE-2004-1464 is a Cisco IOS denial-of-service vulnerability that appears in CISA’s Known Exploited Vulnerabilities catalog. That KEV listing means defenders should treat it as a real-world risk, even though the supplied record set does not include deeper technical detail or a CVSS score. The safest response is to follow Cisco’s update guidance, verify whether any IOS systems are exposed, and prioritize r [truncated]
CVE-2017-6742 is identified in the supplied official records as a Cisco IOS and IOS XE Software SNMP remote code execution vulnerability. CISA added it to the Known Exploited Vulnerabilities catalog on 2023-04-19 and set a remediation due date of 2023-05-10, which makes it a priority for defenders managing Cisco network infrastructure. The supplied corpus does not include affected-version details or explo [truncated]
CVE-2020-3433 is a Cisco AnyConnect Secure Mobility Client for Windows DLL hijacking vulnerability that CISA lists in its Known Exploited Vulnerabilities catalog. The KEV entry indicates known exploitation and notes known ransomware campaign use, so defenders should treat this as a high-priority endpoint remediation item.
CVE-2020-3153 is a Cisco AnyConnect Secure Mobility Client for Windows uncontrolled search path vulnerability. CISA lists it in the Known Exploited Vulnerabilities catalog and notes known ransomware campaign use, which makes it a high-priority issue for organizations that still have affected Windows installations.
CVE-2019-15271 is a Cisco RV Series Routers deserialization of untrusted data vulnerability. CISA lists it in the Known Exploited Vulnerabilities catalog, which means it should be treated as an active defensive priority. The supplied record directs defenders to apply updates per vendor instructions.
CVE-2016-6367 is a Cisco Adaptive Security Appliance (ASA) CLI remote code execution vulnerability that CISA has listed in its Known Exploited Vulnerabilities catalog. That KEV inclusion means defenders should treat it as a known-exploited issue and prioritize vendor-guided remediation. The available official sources provided here do not include exploitable details, but they do confirm the vulnerability n [truncated]
CVE-2016-6366 is a Cisco Adaptive Security Appliance (ASA) SNMP buffer overflow vulnerability that CISA has listed in its Known Exploited Vulnerabilities catalog. Because CISA marked it as known to be exploited in the wild, organizations should treat Cisco ASA devices as a priority for review, patching, and exposure reduction.
CVE-2022-20821 is identified by CISA as the "Cisco IOS XR Open Port Vulnerability" and was added to the Known Exploited Vulnerabilities catalog on 2022-05-23. CISA’s record directs organizations to apply updates per vendor instructions, with a remediation due date of 2022-06-13. The source corpus does not include a vendor advisory or deeper technical write-up, so this debrief is limited to the official CV [truncated]
CVE-2018-0147 is identified in the supplied official records as a Java deserialization vulnerability affecting Cisco Secure Access Control System (ACS). CISA has added it to the Known Exploited Vulnerabilities catalog, which means it is treated as a known exploitation risk rather than a purely theoretical issue. The KEV entry directs organizations to apply updates per vendor instructions, so any active Ci [truncated]
CVE-2018-0125 is a Cisco VPN Routers remote code execution vulnerability that CISA lists in its Known Exploited Vulnerabilities catalog. For defenders, the important signal is not just the vulnerability type, but the fact that it is treated as known exploited and comes with a remediation deadline in the KEV entry.
CVE-2017-3881 is identified in the supplied official records as a remote code execution vulnerability affecting Cisco IOS and IOS XE. CISA has listed it in the Known Exploited Vulnerabilities catalog, which makes it a high-priority remediation item for any organization running the affected Cisco platform family. The supplied metadata directs defenders to apply vendor updates per Cisco instructions, with a [truncated]
CVE-2015-0666 affects Cisco Prime Data Center Network Manager (DCNM) and is described as a directory traversal vulnerability. It is listed in CISA’s Known Exploited Vulnerabilities catalog, which means defenders should treat it as an active risk and prioritize remediation. CISA’s entry directs organizations to apply updates per vendor instructions.
CVE-2010-3035 is a Cisco IOS XR Border Gateway Protocol (BGP) denial-of-service vulnerability that CISA added to the Known Exploited Vulnerabilities (KEV) catalog on 2022-03-25. Because it is in KEV, it should be treated as a prioritized remediation item for any environment running affected Cisco IOS XR systems. CISA’s listed required action is to apply updates per vendor instructions.
CVE-2009-2055 is a Cisco IOS XR Border Gateway Protocol (BGP) denial-of-service vulnerability that CISA lists in its Known Exploited Vulnerabilities catalog. For defenders, the key takeaway is that this issue is treated as actively exploited and should be prioritized for remediation using Cisco’s vendor guidance.
CVE-2022-20708 is a Cisco Small Business RV Series router vulnerability described as a stack-based buffer overflow affecting RV160, RV260, RV340, and RV345 series devices. It was added to CISA’s Known Exploited Vulnerabilities catalog on 2022-03-03, which indicates active exploitation or evidence of exploitation significant enough to require prioritized remediation. Organizations using the affected router [truncated]
CVE-2022-20703 is a Cisco Small Business RV Series Routers stack-based buffer overflow vulnerability that CISA has added to its Known Exploited Vulnerabilities catalog. Because it is on the KEV list, defenders should treat it as an actively exploited issue and prioritize remediation on affected RV160, RV260, RV340, and RV345 Series Routers.
