Cisco Patches Unauthorized Access and Authentication Bypass Flaws
Cisco disclosed two security vulnerabilities affecting enterprise products: an unauthorized access flaw in the Cisco Nexus Dashboard Configuration Backup REST API and an authentication bypass flaw in Cisco Secure Web Appliance. The Nexus Dashboard issue could expose backup-related functionality through the REST API without proper access controls, while the Secure Web Appliance flaw could allow an attacker to bypass authentication protections and gain access to affected systems.
The advisories indicate separate weaknesses in Cisco infrastructure and security platforms that could undermine administrative boundaries and trusted access if left unpatched. Organizations using Cisco Nexus Dashboard or Cisco Secure Web Appliance should review Cisco's product advisories, identify affected deployments, and prioritize remediation to prevent unauthorized access to management or security enforcement functions.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
4 events from the most recent confirmed update back to the earliest known activity.
Cisco discloses Unity Connection arbitrary file download vulnerabilities
Cisco published a security advisory for arbitrary file download vulnerabilities affecting Cisco Unity Connection. The reference includes the advisory topic and publication date but no additional details on exploitation, impact, or remediation.
Cisco discloses Identity Services Engine multiple XSS vulnerabilities
Cisco published a security advisory for multiple cross-site scripting vulnerabilities affecting Cisco Identity Services Engine. The reference provides the advisory topic and publication date but no additional exploitation or remediation details.
Cisco discloses Secure Web Appliance authentication bypass flaw
Cisco published a security advisory for a Cisco Secure Web Appliance authentication bypass vulnerability. The reference does not include further details on exploitation, impact, or patch timing.
Cisco discloses Nexus Dashboard backup API unauthorized access flaw
Cisco published a security advisory for a Cisco Nexus Dashboard Configuration Backup REST API unauthorized access vulnerability. No additional technical details or remediation timeline are provided in the reference.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
4 references tracked. Mallory keeps watching after this page renders.
Cisco Secure Web Appliance Authentication Bypass Vulnerability
sec.cloudapps.cisco.com
Open sourceCisco Identity Services Engine Multiple Cross-Site Scripting Vulnerabilities
sec.cloudapps.cisco.com
Open sourceCisco Unity Connection Arbitrary File Download Vulnerabilities
sec.cloudapps.cisco.com
Open sourceCisco Nexus Dashboard Configuration Backup REST API Unauthorized Access Vulnerability
sec.cloudapps.cisco.com
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Cisco Discloses XSS in Catalyst SD-WAN Manager and SSRF in Nexus Dashboard
Cisco published security advisories for two enterprise management platforms: a cross-site scripting (**XSS**) flaw in **Cisco Catalyst SD-WAN Manager** and a server-side request forgery (**SSRF**) flaw affecting **Cisco Nexus Dashboard** and **Cisco Nexus Dashboard Insights**. The issues affect products used to centrally manage networking infrastructure, raising the risk that attackers could target administrative interfaces and backend request handling in high-value environments. The advisories identify separate web-application security weaknesses in Cisco's network management stack, with one issue tied to malicious script execution in the SD-WAN management interface and the other to unauthorized server-side requests from Nexus Dashboard components. Organizations using these platforms should review Cisco's product advisories, determine affected deployments, and prioritize remediation or mitigations for exposed management systems.
Apr 1, 2026
Cisco Patches Critical Firewall Management RCE Vulnerabilities
Cisco released emergency fixes for two **critical (CVSS 10.0)** vulnerabilities in its firewall management software that could allow **remote, unauthenticated attackers** to execute code and gain **root-level** access to the underlying operating system. The issues are tracked as `CVE-2026-20079` and `CVE-2026-20131`, and reporting emphasized the risk profile given Cisco’s widespread deployment in large enterprises and the historical interest of sophisticated actors in rapidly weaponizing Cisco bugs. Available reporting stated there were **no confirmed in-the-wild exploitation** reports at the time of publication, but urged rapid patching due to the combination of unauthenticated reachability and full compromise potential. Separate coverage packaged the Cisco flaws alongside other weekly security items (e.g., Tycoon2FA infrastructure takedown and other incidents), but the Cisco item consistently described the same two maximum-severity firewall management vulnerabilities and their impact (RCE leading to root access).
Mar 21, 2026
Cisco ISE Flaws Expose Authentication Bypass, Root RCE, and Path Traversal
Cisco disclosed multiple vulnerabilities in **Identity Services Engine (ISE)** and **ISE-PIC** that could let attackers compromise deployments through **authentication bypass**, **unauthenticated remote code execution**, and **path traversal**. One of the issues, tracked as **`CVE-2025-20281`**, was described in public research as allowing unauthenticated attackers to achieve **remote code execution as root** because of insufficient input validation in a specific API, significantly raising the risk to exposed management infrastructure. Separate Cisco advisories also detailed additional **authentication bypass** weaknesses and a combination of **remote code execution and path traversal** flaws affecting the same product line, indicating broad attack surface concerns in enterprise identity and access control environments. The publication of a public GitHub checker for `CVE-2025-20281` increases the likelihood of rapid defender validation and potential attacker reconnaissance, making prompt patching, exposure review, and monitoring of Cisco ISE systems a priority for security teams.
May 25, 2026