CISA Adds Two Known Exploited Vulnerabilities to Catalog
Summary
CISA added two new vulnerabilities, CVE-2022-20775 and CVE-2026-20127, to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. These vulnerabilities affect Cisco Catalyst SD-WAN and pose significant risks, especially to the federal enterprise. CISA urges all organizations to prioritize remediation of KEV Catalog vulnerabilities.
IFF Assessment
The addition of actively exploited vulnerabilities to the KEV catalog indicates increased risk for organizations using the affected software.
Severity
Defender Context
Defenders need to promptly patch or mitigate these vulnerabilities, especially if using Cisco Catalyst SD-WAN. The KEV catalog is a prioritized list of vulnerabilities that are actively being exploited, meaning they are high-risk and should be addressed quickly. Regular vulnerability scanning and patching processes are essential to stay ahead of these threats.