Critical vulnerability in Cisco Secure Workload rated at maximum severity

Source: Critical vulnerability in Cisco Secure Workload rated at maximum severity | CSO Online

Author: unknown

URL: https://www.csoonline.com/article/4175913/critical-vulnerability-in-cisco-secure-workload-rated-at-maximum-severity.html

ONE SENTENCE SUMMARY:

Cisco Secure Workload on-prem has a CVSS 10 auth-bypass REST API flaw granting site-admin control, requiring immediate patching.

MAIN POINTS:

1. Vulnerability enables attackers to gain site admin privileges and compromise endpoints.
2. Cisco Secure Workload controls zero trust, micro-segmentation, and network visibility across enterprises.
3. Threat actors likely will scan aggressively for exposed, unpatched internal API endpoints.
4. Site-admin access could modify or dismantle security policies, opening previously restricted pathways.
5. Multi-tenant deployments face cross-tenant impact, expanding potential exposure across business units or customers.
6. CVE-2026-20223 has CVSS 10.0, allowing unauthenticated remote authentication bypass.
7. Crafted HTTP requests to internal REST APIs instantly confer site admin privileges.
8. Root cause is insufficient validation and authentication on REST API endpoint access.
9. No workarounds exist; only software updates remediate the issue.
10. SaaS is already patched, while on-prem customers must upgrade to fixed releases.

TAKEAWAYS:

1. Prioritize emergency patching for on-prem Secure Workload as if responding to an active incident.
2. Upgrade targets: 4.0→4.0.3.17, 3.10→3.10.8.3, 3.9 and earlier→migrate forward.
3. Focus assessment on internal REST API exposure rather than the web management interface.
4. Treat multi-tenant environments as higher-risk due to potential cross-tenant “blast radius.”
5. Verify patch status promptly despite no known exploitation reported at disclosure time.