Close Menu
Most Read

CISA Adds 8 Exploited Flaws to KEV, Federal Deadlines Approaching

Staff WriterBy No Comments2 Mins Read1 Views

Summary Points

  1. Multiple critical vulnerabilities in Cisco Catalyst SD-WAN Manager (CVE-2026-20122, CVE-2026-20128, CVE-2026-20133) are actively exploited to gain remote, elevated privileges and access sensitive information.
  2. Attackers are weaponizing CVE-2025-32975 in Quest KACE Systems Management Appliance to impersonate users and potentially execute malicious activities without authentication.
  3. Known exploitation of CVE-2023-27351 in PaperCut NG/MF is linked to ransomware attacks by groups like Lace Tempest, highlighting targeted credential bypass risks.

Threat, Attack Techniques, and Targets

CISA has added eight new vulnerabilities to its list of actively exploited flaws, known as the KEV. These flaws include issues in products from Cisco, JetBrains, Kentico, Quest, and Zimbra. The vulnerabilities have different levels of severity and exploitation risks. Notably, attackers are exploiting flaws like CVE-2023-27351 in PaperCut and CVE-2025-32975 in Quest KACE appliances. Exploits often involve unauthorized access or privilege escalation. Attackers are using these vulnerabilities to bypass authentication, execute limited admin actions, or upload and overwrite data. For example, CVE-2026-20122 and CVE-2026-20128 in Cisco SD-WAN Manager allow attackers to increase user privileges or access stored credentials. Threat actors such as Lace Tempest are exploiting CVE-2023-27351, especially in ransomware campaigns like Cl0p and LockBit. These threats target systems used in enterprise environments, which include network management, collaboration platforms, and system management tools.

Impact, Security Implications, and Remediation Guidance

The exploitation of these vulnerabilities can lead to serious security issues. Attackers might bypass authentication, leak sensitive information, or gain unauthorized control over affected systems. For example, CVE-2025-32975 can allow impersonation of users without valid credentials. Other flaws, like CVE-2026-20122 and CVE-2026-20128, can enable privilege escalation, giving attackers full control over affected devices. These risks can result in data theft, system compromise, or disruption of services. Because these vulnerabilities are actively exploited, fast action is needed. Federal agencies are advised to patch the Cisco vulnerabilities by April 23, 2026, and address others by May 4, 2026. If you need guidance, it is best to check with the relevant vendor or security authority for specific remediation steps.

Expand Your Tech Knowledge

Stay informed on the revolutionary breakthroughs in Quantum Computing research.

Discover archived knowledge and digital history on the Internet Archive.

ThreatIntel-V1

Share.
Avatar photo

John Marcelli is a staff writer for the CISO Brief, with a passion for exploring and writing about the ever-evolving world of technology. From emerging trends to in-depth reviews of the latest gadgets, John stays at the forefront of innovation, delivering engaging content that informs and inspires readers. When he's not writing, he enjoys experimenting with new tech tools and diving into the digital landscape.

Related Posts

Comments are closed.