Cisco patches security hole with top rating in Secure Workload
Cisco is providing an update that closes a security vulnerability with the highest possible risk assessment in Secure Workload.
(Image: Sashkin/Shutterstock.com)
Network equipment provider Cisco has released several updates to close security vulnerabilities. The most serious reaches the highest possible risk classification and affects Cisco's Secure Workload.
In the Cisco security advisory, the developers explain that it is a vulnerability in internal REST APIs. It allows attackers from the network, without prior login, to access resources with the rights of the “Site Admin” role (CVE-2026-20223, CVSS 10.0, risk “critical”). Due to insufficient checks and lack of authentication, attackers can exploit the vulnerability with manipulated API requests to vulnerable endpoints. This allows read access and configuration changes, even across tenant boundaries. Cisco does not mention any countermeasures other than the provided updates. Versions 3.10.8.3 and 4.0.3.17 and newer of Cisco Secure Workload correct the security-relevant errors. Those still using older versions must migrate to these versions.
Further security vulnerabilities in Cisco products
Cisco has also issued advisories for vulnerabilities in other products. A Denial-of-Service vulnerability exists in Cisco Nexus switches of the 3000 and 9000 series, which unauthenticated attackers from the network can trigger by sending manipulated BGP packets (CVE-2026-20171, CVSS 6.8, risk “medium”). Although Cisco states that the vulnerability has not been exploited in the wild, it does mention indicators of compromise (IOC). In the BrowserBot component of Cisco's ThousandEyes Enterprise Agent, authenticated attackers from the network can execute arbitrary commands in the name of the BrowserBot “Synthetics Orchestration Process” (CVE-2026-20206, CVSS 6.3, risk “medium”). Cisco has apparently already distributed the update to fix the error automatically; the developers state that customers do not need to do anything further. In the ThousandEyes Virtual Appliance, authenticated attackers can also execute arbitrary commands as root in the underlying operating system due to a vulnerability in certificate handling (CVE-2026-20199, CVSS 4.7, risk “medium”). The update to version 0.262.0 or newer fixes the vulnerability.
Videos by heise
IT managers should not delay applying the updates. Last week, for example, attacks on a critical vulnerability in Cisco's Catalyst SD-WAN controllers became known – security vulnerabilities in network products, including those from Cisco, are highly sought after by cybercriminals.
(dmk)
