Feed›Vulnerability›New Cisco DoS flaw requires manual reboot to revive devices...

VulnerabilityBleeping Computer

9.9 — CRITICAL

New Cisco DoS flaw requires manual reboot to revive devices

📅 6 May 2026 at 18:06 UTC📰 Bleeping ComputerView original source ↗

Cisco patched a Crosswork Network Controller and Network Services Orchestrator denial-of-service vulnerability that requires manually rebooting targeted systems for recovery. [...]

🤖 AI BriefingAuto-generated threat analysis

🔍Threat Overview

A high-severity denial-of-service (DoS) vulnerability was discovered in Cisco Crosswork Network Controller and Network Services Orchestrator, allowing unauthenticated remote attackers to cause a DoS condition on affected systems requiring manual reboot for recovery.

⚙️Technical Details

CVEs

CVE-2026-20188CVE-2025-20362CVE-2025-20333CVE-2022-20653CVE-2024-20401

Affected Systems

Cisco Crosswork Network ControllerCisco Network Services Orchestrator

Attack Vectors

NETWORK

💥Impact Assessment

Severity: HIGH

Who Is at Risk

Large enterprises and service providers leveraging Cisco CNC software suite, particularly those with unpatched systems

🛡️Recommended Actions

1Immediately apply the security updates for affected systems to prevent exploitation

2Implement rate limiting on incoming network connections to mitigate potential attacks

3Regularly monitor system logs and perform manual reboots as necessary to recover from DoS conditions

📦Affected Products

Cisco Adaptive Security Appliance SoftwareCisco Firepower Threat DefenseCisco AsyncosCisco Secure Email GatewayCisco Crosswork Network ControllerCisco Network Services Orchestrator

🔐NVD Verified DataVERIFIED

CVE-2026-20188 ↗CVSS 7.5 — HIGH

Attack Vector

NETWORK

Complexity

LOW

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Weaknesses

CWE-400

CVE-2025-20362 ↗CVSS 8.6 — HIGH

Attack Vector

NETWORK

Complexity

LOW

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

Weaknesses

CWE-862

Affected Products (CPE)

Cisco Adaptive Security Appliance SoftwareCisco Firepower Threat Defense

Advisories

📋 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityA…📋 https://sec.cloudapps.cisco.com/security/center/resources/asa_ftd_cont…

CVE-2025-20333 ↗CVSS 9.9 — CRITICAL

Attack Vector

NETWORK

Complexity

LOW

Vector String

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Weaknesses

CWE-120

Affected Products (CPE)

Cisco Adaptive Security Appliance SoftwareCisco Firepower Threat Defense

Advisories

📋 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityA…📋 https://sec.cloudapps.cisco.com/security/center/resources/asa_ftd_cont…

CVE-2022-20653 ↗CVSS 7.5 — HIGH

Attack Vector

NETWORK

Complexity

LOW

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Weaknesses

CWE-399

Affected Products (CPE)

Cisco Asyncos

Advisories

📋 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/…📋 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/…

CVE-2024-20401 ↗CVSS 9.8 — CRITICAL

Attack Vector

NETWORK

Complexity

LOW

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Weaknesses

CWE-36

Affected Products (CPE)

Cisco Secure Email Gateway

Advisories

📋 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityA…📋 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityA…

Read the full article

This is a curated summary. The complete article is available at Bleeping Computer.

Read on Bleeping Computer ↗

← Back to feed