.jpg)
Patched vulnerabilities in Ivanti Endpoint Manager and Cisco Catalyst SD-WAN are under attack, according to the US security agency, which added reporting requirements to its previous Cisco directive.
The US Cybersecurity and Infrastructure Security Agency (CISA) has warned that an authentication bypass vulnerability patched in Ivanti Endpoint Manager (EPM) last month is now being exploited in the wild. The agency has also updated its directive related to two Cisco Catalyst SD-WAN flaws that were also fixed last month after being used in zero-day attacks.
The Ivanti EPM vulnerability, tracked as CVE-2026-1603, impacts EPM versions prior to 2024 SU5. It allows a remote, unauthenticated attacker to leak stored credential data and was patched on Feb. 9 along with another EPM SQL injection flaw tracked as CVE-2026-1602.
At the time, Ivanti credited a researcher working with Trend Micro’s Zero Day Initiative program for reporting the vulnerabilities and said that it was not aware of customers being exploited by those vulnerabilities.
Also this week, CISA updated its emergency directive related to CVE-2026-20127 and CVE-2022-20775 — an authentication bypass flaw and a privilege escalation issue in Cisco SD-WAN Controller and software. Cybersecurity agencies from the Five Eyes alliance issued a joint advisory about CVE-2026-20127 last month after the flaw was identified in active attacks.
What makes it worse is that there were signs the vulnerability had been exploited since 2023, so the attacks managed to fly under the radar for almost 3 years.
CISA issued a directive to federal government agencies to identify impacted systems on their networks, patch the flaws, and hunt for compromises. The updated version of the directive issued this week adds requirements regarding reporting and actions. Specifically, federal agencies must submit collected logs from SD-WAN deployments to CISA by March 26.
SUBSCRIBE TO OUR NEWSLETTER
From our editors straight to your inbox
Get started by entering your email address below.
.jpeg)
