BACK TO NEWS
CERT Advisories

CISA Flags Two Actively Exploited Vulnerabilities in Latest KEV Update

2 min readSource: CISA Cybersecurity Advisories
CVE-2022-20775

CISA adds CVE-2022-20775 and CVE-2024-21412 to its Known Exploited Vulnerabilities Catalog due to confirmed in-the-wild attacks.

CISA Adds Two Critical Vulnerabilities to Exploited Catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has updated its Known Exploited Vulnerabilities (KEV) Catalog with two new vulnerabilities after confirming their active exploitation in the wild. Federal agencies and private organizations are urged to prioritize patching these flaws to mitigate ongoing threats.

Technical Details

The newly added vulnerabilities include:

  1. CVE-2022-20775 – A path traversal vulnerability in Cisco Catalyst SD-WAN Manager (formerly Cisco Viptela vManage) that could allow unauthenticated attackers to access sensitive files on vulnerable systems. The flaw affects:

    • Cisco SD-WAN vManage Software versions 20.6.3.3 and earlier
    • Cisco SD-WAN vManage Software versions 20.6.4 and 20.6.5

    Exploitation requires network access to the vulnerable device, and successful attacks could lead to unauthorized data exposure or further compromise.

  2. CVE-2024-21412 – A Microsoft Windows Internet Shortcut Files Security Feature Bypass Vulnerability that enables attackers to bypass security warnings when downloading and executing malicious files. The flaw stems from improper handling of internet shortcuts (.URL files) and has been exploited in phishing campaigns to deliver malware.

Impact Analysis

  • CVE-2022-20775 poses a significant risk to enterprises using Cisco’s SD-WAN solutions, particularly in environments where network segmentation is insufficient. Attackers could leverage this flaw to escalate privileges or move laterally within a network.

  • CVE-2024-21412 lowers the barrier for social engineering attacks, as victims may unknowingly execute malicious payloads without triggering standard security warnings. This vulnerability has been linked to recent DarkGate malware campaigns.

Recommendations

  • Patch Immediately: Federal agencies under CISA’s Binding Operational Directive (BOD) 22-01 must remediate these vulnerabilities by March 18, 2026. Private organizations should prioritize updates as part of their vulnerability management programs.

  • Cisco Users: Upgrade to Cisco SD-WAN vManage Software version 20.6.6 or later to mitigate CVE-2022-20775. Apply network access controls to limit exposure.

  • Microsoft Users: Apply the latest security updates for Windows to address CVE-2024-21412. Educate users on the risks of opening untrusted internet shortcut files.

  • Monitor for Exploitation: Deploy endpoint detection and response (EDR) tools to identify signs of compromise, such as unusual file access patterns or unexpected process execution.

For further details, refer to CISA’s official alert.

Share

TwitterLinkedIn