CISA flags new SD-WAN flaw as actively exploited in attacks
Federal agencies ordered to patch until Friday
On Monday, CISA added CVE-2026-20133 to its Known Exploited Vulnerabilities (KEV) Catalog, "based on evidence of active exploitation," and ordered Federal Civilian Executive Branch (FCEB) agencies to secure their networks until Friday, April 24.
"Please adhere to CISA's guidelines to assess exposure and mitigate risks associated with Cisco SD-WAN devices as outlined in CISA's Emergency Directive 26-03 and CISA's Hunt & Hardening Guidance for Cisco SD-WAN Devices," CISA said. "Adhere to the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available."
Cisco has yet to confirm the U.S. cybersecurity agency's report that the flaw is being exploited in attacks, with its security advisory still saying that its Product Security Incident Response Team (PSIRT) is "not aware of any public announcements or malicious use of the vulnerabilities that are described in CVE-2026-20133."
In February, Cisco also tagged a critical authentication bypass vulnerability (CVE-2026-20127) as exploited in zero-day attacks that were enabling threat actors to add malicious rogue peers to targeted networks since at least 2023.
More recently, in early March, the company released security updates to address two maximum-severity vulnerabilities in its Secure Firewall Management Center (FMC) software that can allow attackers to gain root access to the underlying operating system and execute arbitrary Java code with root privileges.
Over the last several years, CISA has tagged 91 Cisco vulnerabilities as exploited in the wild, six of which have been used by various ransomware operations.
==
No comments:
Post a Comment