- 70/2026
- High
Cisco has released security updates to fix several vulnerabilities across multiple Cisco products.
The addressed vulnerabilities could allow the attacker to execute arbitrary code, gain elevated privileges, obtain sensitive information, bypass security restrictions, conduct cross-site scripting, and perform denial-of-service attacks on the affected systems.
Sample of addressed vulnerabilities:
1. Cisco IOS, IOS XE, Secure Firewall Adaptive Security Appliance, and Secure Firewall Threat Defense Software IKEv2 Denial of Service Vulnerability (CVE- 2026-20012):
- CVSS: 8.6
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Denial of Service
2. Cisco IOS XE Software Secure Channel for Meraki Information Disclosure Vulnerability (CVE-2026-20115):
- CVSS: 6.1
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: None
- User Interaction: Required
- Consequences: Obtain Information
Vulnerabilities
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.