TL;DR
['CISA adds two critical vulnerabilities to its KEV catalog, affecting Cisco products. Organizations are advised to prioritize remediation for these issues as part of their vulnerability management practice.', "Two new vulnerabilities in Cisco Catalyst SD-WAN software have been added to CISA's KEV Catalog based on evid
What happened
['CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. These include CVE-2022-20775 and CVE-2026-20127, both impacting Cisco SD-WAN products.']
Why it matters for ops
['These vulnerabilities are significant attack vectors for malicious actors and require urgent remediation to protect against active threats.', 'Federal Civilian Executive Branch (FCEB) agencies must comply with Binding Operational Directive (BOD) 22-01 to mitigate these risks by the specified deadlines.']
Mitigation
- Apply available patches from Cisco for affected products.
- Implement strict authentication protocols and monitor for unauthorized access attempts.
Action items
- Prioritize remediation of identified vulnerabilities as per the KEV catalog recommendations.
- Review and update security policies to address newly added KEVs based on CISA advisories.
Detection IOCs
- CVE-2022-20775
- CVE-2026-20127
- Path traversal attempts in Cisco SD-WAN
- Unauthenticated access to management interfaces in Cisco Catalyst SD-WAN Controller and Manager