CISA Orders US Federal Agencies to Patch Exploited Cisco SD-WAN Flaws

The Cybersecurity and Infrastructure Security Agency (CISA) has ordered all U.S. federal agencies to patch three exploited Cisco SD-WAN vulnerabilities ^[1].

This directive is critical because the flaws allow unauthenticated remote attackers to bypass security protocols and seize full control of affected systems. Because the vulnerabilities are being actively exploited in the wild, the federal government faces an immediate risk of unauthorized network intrusions.

CISA issued Emergency Directive ED 26-03, requiring agencies to apply the necessary patches by this Sunday ^[2]. The directive targets Cisco Catalyst SD-WAN Manager systems across federal networks ^[3].

According to a Cisco security advisory, the vulnerabilities could "allow an unauthenticated, remote attacker to bypass authentication and obtain administrative privileges on an affected system" ^[4]. This level of access would give an attacker the ability to modify network configurations, or steal sensitive data, without needing valid credentials.

One of the identified flaws is particularly severe. It received a perfect 10.0 CVSS severity score ^[5], the highest possible rating for a security vulnerability. This score indicates that the flaw is easy to exploit and has a devastating impact on the confidentiality, integrity, and availability of the system.

Federal agencies must complete the updates to secure their SD-WAN infrastructure by the Sunday deadline ^[2]. CISA added these specific flaws to its list of known exploited vulnerabilities to alert the broader public and private sectors to the risk ^[5].

CISA said the urgency of the timeline is a direct response to the active exploitation of the bugs ^[4].