Cisco CNC and NSO Flaw Allows Remote Attackers to Lock Down Network Management
Ddos 
Cisco has issued a high-priority security advisory for a vulnerability in its network management and orchestration platforms that could allow remote attackers to freeze critical infrastructure. The flaw, tracked as CVE-2026-20188 with a CVSS score of 7.5, impacts both the Cisco Crosswork Network Controller (CNC) and Cisco Network Services Orchestrator (NSO).
The vulnerability targets the core connection-handling mechanism of these systems, potentially leaving service providers and large enterprises unable to manage their networks until a manual intervention is performed.
The security flaw stems from how these platforms manage incoming network traffic. Specifically, researchers identified an “inadequate implementation of rate-limiting on incoming network connections”. This lack of a “throttle” means that an unauthenticated, remote attacker can flood the system with a massive volume of connection requests.
According to the Cisco advisory, “An attacker could exploit this vulnerability by sending a large number of connection requests to an affected system. A successful exploit could allow the attacker to exhaust available connection resources, causing Cisco CNC and Cisco NSO to become unresponsive”.
Once the connection pool is exhausted, the platforms become deaf to legitimate users and dependent services. This creates a complete Denial of Service (DoS) condition that cannot self-correct. As Cisco warns, “a manual reboot of the system is required to recover from this condition”.
The vulnerability is particularly concerning because it “affects Cisco CNC and Cisco NSO, regardless of device configuration”. This means any exposed instance is potentially at risk if it falls within the affected version ranges.
Vulnerable Products & Fixes:
- Cisco CNC: Versions 7.1 and earlier are vulnerable. Cisco recommends that users on these versions “migrate to a fixed release” as version 7.2 is not affected.
- Cisco NSO: Versions 6.3 and earlier are impacted. A fix has been released in version 6.4.1.3, while version 6.5 is confirmed to be unaffected.
Network administrators are urged to audit their current deployments and upgrade to the fixed releasesβCNC 7.2 or NSO 6.4.1.3/6.5βimmediately.
Support Our Threat Intelligence
If you find our CVE report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
