CISA warns of actively exploited Ivanti EPM and Cisco SD-WAN flaws
Summary
CISA has issued warnings about actively exploited vulnerabilities in Ivanti Endpoint Manager (EPM) and Cisco SD-WAN systems. The Ivanti EPM flaw, CVE-2026-1603, allows attackers to leak credentials and has been added to CISA's Known Exploited Vulnerabilities catalog. Additionally, CISA updated its directive on two Cisco Catalyst SD-WAN flaws, CVE-2026-20127 and CVE-2022-20775, which were previously used in zero-day attacks.
IFF Assessment
The article details actively exploited vulnerabilities, indicating a direct threat to systems and potential for successful attacks against organizations.
Severity
Defender Context
Defenders need to prioritize patching these vulnerabilities in Ivanti EPM and Cisco SD-WAN systems, as they are being actively exploited. Organizations should also monitor for indicators of compromise related to these specific CVEs and consider enhanced security measures for critical infrastructure.