Ethical Hacking News
U.S. CISA adds three new vulnerabilities to its Known Exploited Vulnerabilities catalog, highlighting the ongoing threat landscape in cybersecurity. The additions include a vulnerability in Arista EOS, an out-of-bounds memory access flaw in Google Chromium V8, and a privilege escalation flaw in Cisco Catalyst SD-WAN Manager. Federal agencies are urged to address these vulnerabilities by June 23, 2026, as part of their obligations under Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities.
CISA has added three new known exploited vulnerabilities to its catalog, highlighting the ongoing threat landscape in cybersecurity. CVE-2026-7473: A vulnerability in Arista EOS allows incorrect processing and forwarding of tunneled packets, potentially leading to traffic misrouting or security bypass. CVE-2026-11645: An out-of-bounds memory access flaw in Google Chromium V8 can lead to denial of service conditions, privilege escalation, and remote code execution (RCE). CVE-2026-20245: A privilege escalation flaw in Cisco Catalyst SD-WAN Manager allows an authenticated local attacker to run arbitrary commands as root.
The United States Cybersecurity and Infrastructure Security Agency (CISA) recently added three new known exploited vulnerabilities to its catalog of identified risks, highlighting the ongoing threat landscape in the cybersecurity world. The additions include CVE-2026-7473, a vulnerability in Arista EOS, CVE-2026-11645, an out-of-bounds memory access flaw in Google Chromium V8, and CVE-2026-20245, a privilege escalation flaw in Cisco Catalyst SD-WAN Manager.
CVE-2026-7473 is particularly noteworthy due to its potential impact on the security of networks configured for tunnel decapsulation. This vulnerability allows the Arista Extensible Operating System (EOS) switch to incorrectly process and forward unexpected tunneled packets if they match a configured decapsulation IP, without properly verifying the tunnel protocol type. As a result, traffic that was not intended for decapsulation can be accepted and handled, potentially leading to traffic misrouting or security bypass.
On the other hand, CVE-2026-11645 is an out-of-bounds memory access flaw in Google Chromium V8. Out-of-bounds memory access occurs when a program reads from or writes to a memory location outside the boundaries of an allocated buffer, array, or memory region. This can lead to denial of service conditions (application crashes), privilege escalation, and remote code execution (RCE). Notably, this flaw is being exploited in the wild, with Google not sharing technical details about the attacks exploiting this vulnerability.
Lastly, CVE-2026-20245 is a privilege escalation flaw in Cisco Catalyst SD-WAN Manager. This allows an authenticated local attacker to trigger the vulnerability and run arbitrary commands as root. The mechanics of this flaw are straightforward: bad input validation. Although the flaw requires netadmin privileges, attackers can obtain them using stolen credentials or by exploiting previously disclosed vulnerabilities such as CVE-2026-20182 and CVE-2026-20127.
These additions serve as a reminder to federal agencies of their obligations under Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities. According to this directive, these agencies must address the identified vulnerabilities by June 23, 2026. Private organizations are also advised to review the CISA catalog and take steps to address the vulnerabilities in their infrastructure.
The inclusion of these new known exploited vulnerabilities in the CISA catalog underscores the need for ongoing vigilance and proactive measures to prevent and mitigate cyber threats. As cybersecurity threats continue to evolve, it is essential for individuals and organizations to stay informed and up-to-date on the latest developments and best practices.
In recent days, there have been numerous high-profile breaches and exploits reported in various sectors. For instance, Russian APTs are still exploiting a patched WinRAR flaw, while Chaotic Eclipse has unveiled an exploit targeting fully patched Windows. Moreover, France's government messaging app Tchap was breached, and researchers demonstrated autonomous malware capable of adapting to any online device.
These incidents highlight the importance of staying informed about potential vulnerabilities and taking proactive steps to address them before they can be exploited. By doing so, individuals and organizations can significantly reduce their risk exposure and protect themselves against the ever-evolving threat landscape.
In conclusion, the recent additions to the CISA catalog of known exploited vulnerabilities serve as a reminder of the ongoing threats in the cybersecurity world. It is essential for federal agencies and private organizations alike to take these updates seriously and take proactive measures to address the identified vulnerabilities before it's too late.
Related Information:
https://www.ethicalhackingnews.com/articles/The-US-CISA-Catalogs-Three-New-Known-Exploited-Vulnerabilities-A-Call-to-Action-for-Federal-Agencies-ehn.shtml
https://securityaffairs.com/193464/security/u-s-cisa-adds-cisco-catalyst-sd-wan-arista-extensible-operating-system-eos-and-google-chromium-v8-flaws-to-its-known-exploited-vulnerabilities-catalog.html
https://nvd.nist.gov/vuln/detail/CVE-2026-7473
https://www.cvedetails.com/cve/CVE-2026-7473/
https://nvd.nist.gov/vuln/detail/CVE-2026-11645
https://www.cvedetails.com/cve/CVE-2026-11645/
https://nvd.nist.gov/vuln/detail/CVE-2026-20245
https://www.cvedetails.com/cve/CVE-2026-20245/
https://nvd.nist.gov/vuln/detail/CVE-2026-20182
https://www.cvedetails.com/cve/CVE-2026-20182/
https://nvd.nist.gov/vuln/detail/CVE-2026-20127
https://www.cvedetails.com/cve/CVE-2026-20127/
Published: Wed Jun 10 17:43:09 2026 by llama3.2 3B Q4_K_M
