Cisco issues eight separate security advisories alerting customers to array of vulnerabilities
The advisory marks the end of a troubling week for Cisco with regard to security concerns


Cisco has released security advisories amid the discovery of vulnerabilities affecting a slew of products across its portfolio.
The vulnerabilities disclosed by Cisco vary in severity and include flaws spanning Cisco’s Catalyst SD-WAN Manager line and in the web UI of Cisco IOS XE Software.
The most serious of the issues raised in the eight separate security advisories was the set of vulnerabilities in the firm’s Catalyst SD-WAN manager.
Among the five flaws identified by Cisco was CVE-2023-20252, an authorized access vulnerability given a near-maximum CVSS score of 9.8.
This vulnerability affects the security assertion markup language (SAML) APIs of the SD-WAN Manager, which Cisco said could enable an unauthenticated, remote attacker to “gain unauthorized access to the application as an arbitrary user”.
“This vulnerability is due to improper authentication checks for SAML APIs,” Cisco said in its security notice. “An attacker could exploit this vulnerability by sending requests directly to the SAML APIs. A successful exploit could allow the attacker to generate an authorization token sufficient to access the application.”
Cisco said it has released a patch that remediates the vulnerability, and warned customers there are no current workarounds to address the flaw.
Get the ITPro daily newsletter
Sign up today and you will receive a free copy of our Future Focus 2025 report - the leading guidance on AI, cybersecurity and other IT challenges as per 700+ senior executives
The firm also reiterated that the vulnerability was isolated to this product line, adding that other products including SD-WAN cEdge Routers and SD-WAN vEdge Routers are not affected.
RELATED RESOURCE
This webinar shares why businesses are choosing Cloudflare as the foundation for their security modernization
WATCH FOR FREE
A separate vulnerability in SD-WAN flagged by Cisco, tracked as CVE-2023-20253, could also allow an attacker with read-only privileges to bypass authorization and “rollback controller configurations”, the firm said.
Attackers could deploy this configuration rollback to downstream routers, Cisco warned.
All flaws relating to its SD-WAN manager have also been addressed, Cisco confirmed.
Each of the other seven products that have received security advisories is impacted by their own product-specific flaws, many of which were given ‘high’ severity ratings.
A complete list of affected products can be found below:
- Cisco IOS XE Software Web UI
- Cisco IOS XE Software for ASR 1000 Series Aggregation Services Routers
- Cisco IOS XE Software Layer 2 Tunneling Protocol
- Cisco DNA Center API Insufficient Access Control
- Cisco IOS XE Software for Catalyst 3650 and Catalyst 3850 Series Switches
- Cisco IOS XE Software Application Quality of Experience and Unified Threat Defense
- Cisco IOS and IOS XE Software
Cisco router vulnerabilities
The flurry of security updates for Cisco comes in the wake of a joint advisory over ongoing threats to the firm’s router firmware.
An advisory earlier this week from the NSA, FBI, CISA, and Japan’s NISC security agency warned that a Chinese-linked threat group had been observed modifying firmware on Cisco routers to target US and Japanese organizations.
The group, known as ‘BlackTech’, was found to have specifically targeted routers at divisional branch offices to gain a deeper foothold in corporate networks.
Cisco issued an update to customers in the wake of the advisory, advising that recorded attacks involved stolen - or weak - admin credentials.
The firm reassured customers that there was no evidence of vulnerabilities being actively exploited.

Ross Kelly is ITPro's News & Analysis Editor, responsible for leading the brand's news output and in-depth reporting on the latest stories from across the business technology landscape. Ross was previously a Staff Writer, during which time he developed a keen interest in cyber security, business leadership, and emerging technologies.
He graduated from Edinburgh Napier University in 2016 with a BA (Hons) in Journalism, and joined ITPro in 2022 after four years working in technology conference research.
For news pitches, you can contact Ross at ross.kelly@futurenet.com, or on Twitter and LinkedIn.
-
Cisco takes aim at AI security at RSAC with ServiceNow partnership
News The companies claim Cisco AI Defense and ServiceNow SecOps will help address new challenges raised by AI
By Jane McCallion
-
Cisco claims new smart switches provide next-level perimeter defense
News Cisco’s ‘security everywhere’ mantra has just taken on new meaning with the launch of a series of smart network switches.
By Solomon Klappholz
-
Cisco is jailbreaking AI models so you don’t have to worry about it
News Cisco's new AI Defense security solution helps organizations shore up LLM security by identifying potential flaws.
By Solomon Klappholz
-
Cisco dispels Kraken data breach claims, insists stolen data came from old attack
News Cisco has refuted claims it has suffered a data breach after the Kraken threat group posted stolen data online.
By Solomon Klappholz
-
Cisco patches critical flaws in Identity Services Engine
News Cisco has issued patches for a pair of critical vulnerabilities affecting its Identity Service Engine (ISE).
By Nicole Kobie
-
Your office is now absolutely riddled with surveillance equipment
News While workplace monitoring is shown to have a detrimental effect on morale, many firms are still charging ahead
By Nicole Kobie
-
Cisco confirms attackers stole data, shuts down access to compromised DevHub environment
News The tech giant insists that no sensitive customer information has been compromised
By Solomon Klappholz
-
Cisco confirms investigation amid data breach claims
News The networking giant says its probe is ongoing amid claims a threat actors accessed company data
By Nicole Kobie