The Cybersecurity and Infrastructure Security Agency (CISA) has highlighted three critical security flaws in the Cisco Catalyst SD-WAN Manager. These vulnerabilities have been added to the Known Exploited Vulnerabilities (KEV) catalog, with CISA emphasizing the need for swift action from federal agencies and organizations.
Urgent Remediation Deadline
These vulnerabilities were included in the KEV catalog on April 20, 2026, with a strict remediation deadline set for April 23, 2026. The flaws impact the Cisco Catalyst SD-WAN Manager, a key tool used for managing enterprise SD-WAN infrastructure, making it crucial for organizations to address these issues promptly.
Details of the Vulnerabilities
The vulnerabilities in question include: CVE-2026-20133, which permits remote attackers to access sensitive information without authentication; CVE-2026-20122, allowing malicious file uploads through the API interface, potentially leading to extensive control over the SD-WAN environment; and CVE-2026-20128, which involves passwords being stored in a recoverable format, facilitating privilege escalation.
The exploitation of these vulnerabilities could lead to significant network intrusions, as the SD-WAN Manager is essential for managing network routing and policies across multiple locations. While the connection to ransomware attacks remains uncertain, the risk of network compromise is high.
Actions and Recommendations
In response, CISA has issued Emergency Directive 26-03, alongside detailed Hunt & Hardening Guidance for Cisco SD-WAN Devices. Organizations unable to implement mitigations are advised to cease using the affected product according to BOD 22-01 guidelines for cloud services.
CISA’s recommendations include applying all available Cisco security patches, reviewing the Emergency Directive for specific risk assessments, following the provided guidance to detect compromises, restricting API access, and auditing file system permissions. Monitoring for unauthorized actions is also advised.
Implications and Urgency
With the deadline fast approaching, Federal Civilian Executive Branch (FCEB) agencies have little time to act. However, private sector entities managing Cisco SD-WAN deployments should also prioritize these measures due to the immediate threat these vulnerabilities pose to network integrity.
Stay updated with the latest cybersecurity news by following us on Google News, LinkedIn, and X. For more information or to share your stories, please contact us.
