[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f4M4328r9x5h8kX28-diCEbC7EUQJYzyLL53mE_2TMcc":3},{"article":4,"iocs":40},{"id":5,"title":6,"slug":7,"summary":8,"ai_summary":9,"brief":10,"full_text":11,"url":12,"image_url":13,"published_at":14,"ingested_at":15,"relevance_score":16,"entities":17,"category_id":32,"category":33,"article_tags":37},"de54cf47-cb58-4ae2-8ae6-b90b86f0b7aa","Cisco Patches High-Severity Vulnerabilities in Enterprise Products","cisco-patches-high-severity-vulnerabilities-in-enterprise-products-94beed","Successful exploitation of the flaws could lead to code execution, server-side request forgery attacks, and denial-of-service conditions. The post Cisco Patches High-Severity Vulnerabilities in Enterprise Products appeared first on SecurityWeek.","Cisco released patches for multiple vulnerabilities across its enterprise product line, addressing five high-severity bugs that could enable code execution, SSRF attacks, and denial-of-service conditions. The flaws affect Cisco Unity Connection, SG350\u002FSG350X switches, Crosswork Network Controller, Network Services Orchestrator, and IoT Field Network Director. Cisco states no active exploitation has been observed in the wild.","Cisco patches five high-severity vulnerabilities in enterprise products including Unity Connection and network switches.","Cisco on Wednesday announced patches for multiple vulnerabilities across its enterprise products, including five high-severity bugs. Two high-severity issues, tracked as CVE-2026-20034 and CVE-2026-20035, which could lead to server-side request forgery (SSRF) attacks, were resolved in Cisco Unity Connection. Rooted in the insufficient validation of user-supplied input and specific HTTP requests, the flaws could be exploited by remote, authenticated attackers to execute arbitrary code as root or send network requests sourced from the affected device. Cisco addressed a high-severity defect (CVE-2026-20185) in the Simple Network Management Protocol (SNMP) subsystem of SG350 and SG350X switches that could be exploited to cause a denial-of-service (DoS) condition. Improper error handling during the parsing of response data for a specific SNMP request could allow attackers to reload the device, the company explains. “This vulnerability affects SNMP versions 1, 2c, and 3. To exploit this vulnerability through SNMPv2c or earlier, the attacker must know a valid read-write or read-only SNMP community string for the affected system. To exploit this vulnerability through SNMPv3, the attacker must have valid SNMP user credentials for the affected system,” Cisco notes.Advertisement. Scroll to continue reading. The Crosswork Network Controller (CNC) and Network Services Orchestrator (NSO) were found vulnerable to a high-severity DoS vulnerability tracked as CVE-2026-20188. According to Cisco, the issue exists because rate-limiting on incoming network connections was not properly implemented, allowing a remote, unauthenticated attacker to send a large number of connection requests to a vulnerable system and exhaust resources. The fifth high-severity bug, tracked as CVE-2026-20167, was addressed in the web interface of IoT Field Network Director. Due to improper error handling, the weakness allows attackers to submit crafted input and cause the router to reload, leading to a DoS condition. On Wednesday, Cisco also resolved seven medium-severity vulnerabilities in IoT Field Network Director, Slido, Prime Infrastructure, Identity Services Engine (ISE), and Enterprise Chat and Email (ECE). The bugs could lead to file reads, command execution, information disclosure, arbitrary log file downloads, and browser-based attacks. Cisco says it is not aware of any of these vulnerabilities being exploited in the wild. Additional information can be found on the company’s security advisories page. Related: Apple Patches iOS Flaw Allowing Recovery of Deleted Chats Related: Oracle Patches 450 Vulnerabilities With April 2026 CPU Related: Progress Patches Multiple Vulnerabilities in MOVEit WAF, LoadMaster Related: Splunk Enterprise Update Patches Code Execution Vulnerability Written By Ionut Arghire Ionut Arghire is an international correspondent for SecurityWeek. More from Ionut Arghire Sophisticated Quasar Linux RAT Targets Software DevelopersGovernment, Scientific Entities Hit via Daemon Tools Supply Chain AttackOracle Debuts Monthly Critical Security Patch UpdatesCritical Bug Could Expose 300,000 Ollama Deployments to Information TheftCritical, High-Severity Vulnerabilities Patched in Apache MINA, HTTP ServerKarakurt Ransomware Negotiator Sentenced to PrisonMetInfo, Weaver E-cology Vulnerabilities in Attackers’ CrosshairsDigiCert Revokes Certificates After Support Portal Hack Latest News Webinar Today: Securing Identity Across Humans, Machines and AIGemini CLI Vulnerability Could Have Led to Code Execution, Supply Chain AttackClaude AI Guided Hackers Toward OT Assets During Water Utility IntrusionAutonomous Offensive Security Firm XBOW Raises $35 MillionHerd Security Raises $3 Million for AI-Powered Training PlatformIranian APT Intrusion Masquerades as Chaos Ransomware AttackRomanian Man Extradited to US for Role in Hacking Scheme 17 Years AgoCISA Launches ‘CI Fortify’ to Prepare Critical Infrastructure for Geopolitical Cyber Conflict Trending Daily Briefing NewsletterSubscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts. Webinar: ROSI for CPS Security Programs May 13, 2026 In cyber-physical systems (CPS), just one hour of downtime can outweigh an entire annual security budget. Learn how to master the Return on Security Investment (ROSI) to align security goals with the bottom-line priorities. Register Virtual Event: Threat Detection and Incident Response Summit May 20, 2026 Delve into big-picture strategies to reduce attack surfaces, improve patch management, conduct post-incident forensics, and tools and tricks needed in a modern organization. Register People on the MoveRemedio has appointed of Cynthia Stanton as Chief Marketing Officer.Jacki Monson has joined CVS Health as SVP, Deputy CISO.Gigi Schumm has been promoted to Chief Revenue Officer at Securonix.More People On The MoveExpert Insights The Mythos Moment: Enterprises Must Fight Agents with Agents Only with the right platform and an agentic, AI-driven defense, will enterprises be able to protect themselves in the agentic era. (Etay Maor) Why Cybersecurity Must Rethink Defense in the Age of Autonomous Agents From autonomous code generation to decision-making systems that initiate actions without human intervention, the industry is entering a new phase. (Torsten George) Government Can’t Win the Cyber War Without the Private Sector Securing national resilience now depends on faster, deeper partnerships with the private sector. (Steve Durbin) The Hidden ROI of Visibility: Better Decisions, Better Behavior, Better Security Beyond monitoring and compliance, visibility acts as a powerful deterrent, shaping user behavior, improving collaboration, and enabling more accurate, data-driven security decisions. (Joshua Goldfarb) The New Rules of Engagement: Matching Agentic Attack Speed The cybersecurity response to AI-enabled nation-state threats cannot be incremental. It must be architectural. (Nadir Izrael) Flipboard Reddit Whatsapp Whatsapp Email","https:\u002F\u002Fwww.securityweek.com\u002Fcisco-patches-high-severity-vulnerabilities-in-enterprise-products\u002F","https:\u002F\u002Fwww.securityweek.com\u002Fwp-content\u002Fuploads\u002F2023\u002F04\u002FCisco_router_hack-1-e1741873110363.jpg","2026-05-07T11:24:01+00:00","2026-05-07T12:00:24.28272+00:00",8,[18,21,24,26,28,30],{"name":19,"type":20},"Cisco","vendor",{"name":22,"type":23},"Cisco Unity Connection","product",{"name":25,"type":23},"Cisco SG350 Switches",{"name":27,"type":23},"Cisco Crosswork Network Controller",{"name":29,"type":23},"Cisco Network Services Orchestrator",{"name":31,"type":23},"Cisco IoT Field Network Director","80544778-fabb-4dcd-aa35-17492e5dcf4f",{"id":32,"icon":34,"name":35,"slug":36},null,"Vulnerabilities","vulnerabilities",[38],{"category":39},{"id":32,"icon":34,"name":35,"slug":36},[41,45,47,50,53],{"type":42,"value":43,"context":44},"cve","CVE-2026-20034","High-severity SSRF vulnerability in Cisco Unity Connection",{"type":42,"value":46,"context":44},"CVE-2026-20035",{"type":42,"value":48,"context":49},"CVE-2026-20185","High-severity DoS vulnerability in Cisco SG350\u002FSG350X SNMP subsystem",{"type":42,"value":51,"context":52},"CVE-2026-20188","High-severity DoS vulnerability in Cisco Crosswork Network Controller and NSO",{"type":42,"value":54,"context":55},"CVE-2026-20167","High-severity DoS vulnerability in Cisco IoT Field Network Director web interface"]