CISA Flags Critical Vulnerabilities in Cisco Catalyst SD‑WAN, Arista EOS, and Google Chromium V8
What Happened – The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added three actively‑exploited flaws – CVE‑2026‑20245 (Cisco Catalyst SD‑WAN Manager), CVE‑2026‑7473 (Arista Extensible Operating System), and CVE‑2026‑11645 (Google Chromium V8) – to its Known Exploited Vulnerabilities (KEV) catalog. The Cisco and Arista bugs enable privilege escalation or traffic‑misrouting, while the Chrome V8 flaw is an out‑of‑bounds memory access that can lead to remote code execution.
Why It Matters for TPRM
- These vulnerabilities affect core networking and browser components that third‑party vendors embed in customer environments.
- Active exploitation raises the likelihood of supply‑chain compromise or lateral movement through a vendor’s infrastructure.
- No patches or work‑arounds are currently available, increasing exposure for organizations that rely on these products.
Who Is Affected – Enterprises using Cisco SD‑WAN, Arista switches, or any application that bundles Chromium‑based browsers (e.g., Chrome, Edge).
Recommended Actions –
- Validate that your vendors have a remediation timeline for the three CVEs.
- Implement compensating controls (network segmentation, strict credential hygiene, application sandboxing).
- Monitor CISA KEV updates and threat‑intel feeds for exploitation indicators.
Technical Notes –
- CVE‑2026‑20245: Improper output encoding in Cisco SD‑WAN Manager; local authenticated attacker can execute commands as root.
- CVE‑2026‑7473: Incomplete comparison in Arista EOS tunnel decapsulation; allows malicious packets to bypass protocol checks.
- CVE‑2026‑11645: Out‑of‑bounds read/write in Chromium V8 engine; enables denial‑of‑service, privilege escalation, or remote code execution.
Source: SecurityAffairs