CISA Warns of Active Cisco SD-WAN Exploits

The US Cybersecurity and Infrastructure Security Agency (CISA) has issued a high-priority warning to federal agencies, ordering them to patch three critical Cisco SD-WAN vulnerabilities within four days after discovering they're being actively exploited by hackers. This urgent directive comes after Cisco patched the flaws in its Catalyst SD-WAN Manager platform.

https://osintsights.com/cisa-warns-of-active-cisco-sd-wan-exploits?utm_source=mastodon&utm_medium=social

#Cisco #Sdwan #Cve202620128 #Cve202620122 #Cisa

🚨 [CISA-2026:0420] CISA Adds 8 Known Exploited Vulnerabilities to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0420)

CISA has added 8 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.

⚠️ CVE-2023-27351 (https://secdb.nttzen.cloud/cve/detail/CVE-2023-27351)
- Name: PaperCut NG/MF Improper Authentication Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: PaperCut
- Product: NG/MF
- Notes: https://www.papercut.com/kb/Main/PO-1216-and-PO-1219 ; https://nvd.nist.gov/vuln/detail/CVE-2023-27351

⚠️ CVE-2024-27199 (https://secdb.nttzen.cloud/cve/detail/CVE-2024-27199)
- Name: JetBrains TeamCity Relative Path Traversal Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: JetBrains
- Product: TeamCity
- Notes: https://www.jetbrains.com/privacy-security/issues-fixed/ ; https://nvd.nist.gov/vuln/detail/CVE-2024-27199

⚠️ CVE-2025-2749 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-2749)
- Name: Kentico Xperience Path Traversal Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Kentico
- Product: Kentico Xperience
- Notes: https://devnet.kentico.com/download/hotfixes ; https://nvd.nist.gov/vuln/detail/CVE-2025-2749

⚠️ CVE-2025-32975 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-32975)
- Name: Quest KACE Systems Management Appliance (SMA) Improper Authentication Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Quest
- Product: KACE Systems Management Appliance (SMA)
- Notes: https://support.quest.com/kb/4379499/quest-response-to-kace-sma-vulnerabilities-cve-2025-32975-cve-2025-32976-cve-2025-32977-cve-2025-32978 ; https://nvd.nist.gov/vuln/detail/CVE-2025-32975

⚠️ CVE-2025-48700 (https://secdb.nttzen.cloud/cve/detail/CVE-2025-48700)
- Name: Synacor Zimbra Collaboration Suite (ZCS) Cross-site Scripting Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Synacor
- Product: Zimbra Collaboration Suite (ZCS)
- Notes: https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories ; https://nvd.nist.gov/vuln/detail/CVE-2025-48700

⚠️ CVE-2026-20122 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-20122)
- Name: Cisco Catalyst SD-WAN Manager Incorrect Use of Privileged APIs Vulnerability
- Action: Please adhere to CISA’s guidelines to assess exposure and mitigate risks associated with Cisco SD-WAN devices as outlines in CISA’s Emergency Directive 26-03 (URL listed below in Notes) and CISA’s “Hunt & Hardening Guidance for Cisco SD-WAN Devices (URL listed below in Notes). Adhere to the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Cisco
- Product: Catalyst SD-WAN Manger
- Notes: CISA Mitigation Instructions: https://www.cisa.gov/news-events/directives/ed-26-03-mitigate-vulnerabilities-cisco-sd-wan-systems ; https://www.cisa.gov/news-events/directives/supplemental-direction-ed-26-03-hunt-and-hardening-guidance-cisco-sd-wan-systems ; https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-authbp-qwCX8D4v ; https://nvd.nist.gov/vuln/detail/ CVE-2026-20122

⚠️ CVE-2026-20128 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-20128)
- Name: Cisco Catalyst SD-WAN Manager Storing Passwords in a Recoverable Format Vulnerability
- Action: Please adhere to CISA’s guidelines to assess exposure and mitigate risks associated with Cisco SD-WAN devices as outlines in CISA’s Emergency Directive 26-03 (URL listed below in Notes) and CISA’s “Hunt & Hardening Guidance for Cisco SD-WAN Devices (URL listed below in Notes). Adhere to the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Cisco
- Product: Catalyst SD-WAN Manager
- Notes: CISA Mitigation Instructions: https://www.cisa.gov/news-events/directives/ed-26-03-mitigate-vulnerabilities-cisco-sd-wan-systems ; https://www.cisa.gov/news-events/directives/supplemental-direction-ed-26-03-hunt-and-hardening-guidance-cisco-sd-wan-systems ; https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-authbp-qwCX8D4v ; https://nvd.nist.gov/vuln/detail/CVE-2026-20128

⚠️ CVE-2026-20133 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-20133)
- Name: Cisco Catalyst SD-WAN Manager Exposure of Sensitive Information to an Unauthorized Actor Vulnerability
- Action: Please adhere to CISA’s guidelines to assess exposure and mitigate risks associated with Cisco SD-WAN devices as outlines in CISA’s Emergency Directive 26-03 (URL listed below in Notes) and CISA’s “Hunt & Hardening Guidance for Cisco SD-WAN Devices (URL listed below in Notes). Adhere to the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Cisco
- Product: Catalyst SD-WAN Manager
- Notes: CISA Mitigation Instructions: https://www.cisa.gov/news-events/directives/ed-26-03-mitigate-vulnerabilities-cisco-sd-wan-systems ; https://www.cisa.gov/news-events/directives/supplemental-direction-ed-26-03-hunt-and-hardening-guidance-cisco-sd-wan-systems ; https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-authbp-qwCX8D4v ; https://nvd.nist.gov/vuln/detail/CVE-2026-20133

#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260420 #cisa20260420 #cve_2023_27351 #cve_2024_27199 #cve_2025_2749 #cve_2025_32975 #cve_2025_48700 #cve_2026_20122 #cve_2026_20128 #cve_2026_20133 #cve202327351 #cve202427199 #cve20252749 #cve202532975 #cve202548700 #cve202620122 #cve202620128 #cve202620133