dChan
Anonymous ID: c7f23c Feb. 25, 2026, 2:04 p.m. No.24308128   🗄️.is đź”—kun   >>8435 >>8803 >>8882 >>8885

https://x.com/CISACyber/status/2026701341683335608

 

https://www.cisa.gov/news-events/alerts/2026/02/25/cisa-and-partners-release-guidance-ongoing-global-exploitation-cisco-sd-wan-systems

 

🚨 Cyber threat actors are exploiting multiple Cisco vulnerabilities, including CVE-2026-20127 and CVE-2022-20775, to ultimately establish long-term persistence in SD-WAN systems across multinational organizations. Review our Alert & act immediately.

 

11:50 AM · Feb 25, 2026

·

6,987 Views

 

 

Alert

 

CISA and Partners Release Guidance for Ongoing Global Exploitation of Cisco SD-WAN Systems

 

Release DateFebruary 25, 2026

 

The purpose of this Alert is to provide resources for organizations with Cisco Software-Defined Wide-Area Networking (SD-WAN) systems, including Federal Civilian Executive Branch (FCEB) agencies, to address ongoing exploitation of multiple vulnerabilities. Notably, the Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2026-20127 and CVE-2022-20775 to its Known Exploited Vulnerabilities (KEV) Catalog on Feb. 25, 2026. As a result of the malicious cyber activity and vulnerabilities involving Cisco SD-WAN systems, CISA has outlined requirements for FCEB agencies in Emergency Directive (ED) 26-03 to inventory Cisco SD-WAN systems, update them, and assess compromise.

 

CISA and partners have observed malicious cyber actors targeting and compromising Cisco SD-WAN systems of organizations, globally. These actors have been observed exploiting a previously undisclosed authentication bypass vulnerability, CVE-2026-20127, for initial access before escalating privileges using CVE-2022-20775 and establishing long-term persistence in Cisco SD-WAN systems.

 

CISA, National Security Agency (NSA), and international partners Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC), Canadian Centre for Cyber Security (Cyber Centre), New Zealand National Cyber Security Centre (NCSC-NZ), and United Kingdom National Cyber Security Centre (NCSC-UK), hereafter the “authoring organizations,” strongly urge network defenders to immediately 1) inventory all in-scope Cisco SD-WAN systems, 2) collect artifacts, including virtual snapshots and logs off of SD-WAN systems to support threat hunt activities, 3) fully patch Cisco SD-WAN systems with available updates, 4) hunt for evidence of compromise, and 5) concurrently review Cisco’s latest security advisories, Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability and Cisco Catalyst SD-WAN Vulnerabilities, and implement Cisco’s SD-WAN Hardening Guidance.1

 

To address malicious activity involving vulnerable Cisco SD-WAN systems, CISA issued Emergency Directive 26-03: Mitigate Vulnerabilities in Cisco SD-WAN Systems, which outlines requirements for FCEB agencies to inventory Cisco SD-WAN systems, update them, and assess compromise. Further, CISA released Supplemental Direction ED 26-03: Hunt and Hardening Guidance for Cisco SD-WAN Systems to provide prescriptive actions for FCEB agencies.

 

Cisco’s Catalyst SD-WAN Hardening Guide recommends that network defenders address:

 

Network perimeter controls: Ensure control components are behind a firewall, isolate virtual private network (VPN) 512 interfaces, and use internet protocol (IP) blocks for manually provisioned edge IPs.

SD-WAN manager access: Replace the self-signed certificate for the web user interface.

Control and data plane security: Use pairwise keys.

Session timeout: Limit to the shortest period possible.

Logging: Forward to a remote syslog server.

CISA and the authoring organizations are providing the following resources: 

 

CISA: Emergency Directive 26-03: Mitigate Vulnerabilities in Cisco SD-WAN Systems

CISA: Supplemental Direction ED 26-03: Hunt and Hardening Guidance for Cisco SD-WAN Systems

Cisco: Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability

Cisco: Cisco Catalyst SD-WAN Vulnerabilities

Cisco: Cisco Catalyst SD-WAN Hardening Guide

ASD’s ACSC: Cisco SD-WAN Threat Hunt Guide, co-sealed by CISA, NSA, Cyber Centre, NCSC-NZ, and NCSC-UK. This guide, based on investigative data, supports network defenders’ detection of and response to the malicious actors’ threat activity

Anonymous ID: c7f23c Feb. 25, 2026, 2:49 p.m. No.24308298   🗄️.is đź”—kun   >>8341 >>8435 >>8803 >>8882

https://x.com/TravelGov/status/2026775337171140878

 

Feb. 25 Update: All restrictions on U.S. government staff in Mexico have been lifted.

 

The U.S. Embassy and all consulates in Mexico are operating normally. While flight schedules have returned to normal, if your direct flight to the United States is cancelled, you might consider booking a connecting flight through another Mexican or U.S. city. We have no reports of road closures directed by local authorities. U.S. citizens in Mexico should resume standard levels of precaution. See our travel advisory for Mexico at http://travel.state.gov/mexico for more information. https://mx.usembassy.gov/security-alert-final-update-ongoing-security-operations-u-s-mission-mexico-february-25-2026/

 

4:44 PM · Feb 25, 2026

·

11.6K Views