```

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has expanded its Known Exploited Vulnerabilities (KEV) catalog with a fresh batch of security flaws affecting widely deployed enterprise and consumer technologies, including products from Cisco, Arista Networks, and Google.

According to Security Affairs, the latest additions cover vulnerabilities in Cisco Catalyst SD-WAN, Arista Extensible Operating System (EOS), and Google's Chromium V8 JavaScript engine.

Why KEV Inclusion Matters

The KEV catalog is not merely an advisory list. CISA maintains it as a living record of vulnerabilities for which there is confirmed, active exploitation in the wild. Under Binding Operational Directive 22-01, U.S. federal civilian agencies are required to remediate cataloged flaws within specified timeframes. However, the catalog serves as a critical prioritization signal for the broader security community — private enterprises, managed service providers, and individual administrators alike routinely use it to triage patching schedules.

When a vulnerability lands in the KEV catalog, it means threat actors are not waiting. The flaws are being weaponized in real-world attacks, which transforms patching from a routine maintenance task into an urgent defensive action.

Scope of the Affected Products

The technologies in this update span networking infrastructure, data center switching, and the browser ecosystem — underscoring the breadth of the threat landscape:

  • Cisco Catalyst SD-WAN is a cornerstone of enterprise wide-area networking, deployed by organizations worldwide to manage distributed infrastructure. Exploitable flaws in its management plane or control plane could give attackers a foothold across entire corporate networks.

  • Arista EOS powers switching infrastructure in many large-scale data center and cloud environments, including some of the world's busiest networks. Vulnerabilities in this platform carry significant lateral-movement risk.

  • Google Chromium V8 — the high-performance JavaScript and WebAssembly engine at the heart of Chrome, Edge, Opera, and numerous other browsers — represents an attack surface that reaches billions of endpoints. V8 flaws are a perennial favorite among both state-sponsored actors and commercial exploit developers.

What Administrators Should Do

Organizations running any of these products should treat the KEV update as a call to immediate action. The recommended steps include:

  1. Identify exposure — inventory all instances of the affected software and firmware versions across your environment.
  2. Apply vendor patches — consult the specific CVE entries in the KEV catalog for links to vendor advisories and remediation guidance.
  3. Monitor for indicators of compromise — given confirmed exploitation, defenders should review logs and network telemetry for signs that these vulnerabilities have already been leveraged against their infrastructure.
  4. Revisit patch prioritization — if these products were previously deprioritized on patching schedules, this update provides compelling evidence to move them forward.

The full details, including specific CVE identifiers and remediation deadlines, are available on CISA's KEV catalog website. Security teams are advised to consult the entries directly for version-specific guidance.

美國網絡安全和基礎設施安全局(CISA)已擴展其「已知遭利用漏洞」(Known Exploited Vulnerabilities, KEV)目錄,新增了一批影響廣泛部署的企業及消費者技術的安全漏洞,涉及來自 Cisco、Arista Networks 和 Google 的產品。

據 Security Affairs 報道,最新加入目錄的漏洞涵蓋 Cisco Catalyst SD-WAN、Arista 可擴展操作系統(EOS)以及 Google 的 Chromium V8 JavaScript 引擎。

KEV 收錄為何重要

KEV 目錄不僅僅是一個建議清單。CISA 將其維護為一份動態記錄,專門記載那些已有確認、且在野外正遭活躍利用的漏洞。根據約束性操作指令 22-01,美國聯邦民用機構需在指定期限內修復目錄中列出的漏洞。然而,該目錄對更廣泛的安全社群——包括私營企業、託管服務提供商及個人管理員——同樣是關鍵的優先級信號,他們通常利用它來分流修補排程。

當一個漏洞被列入 KEV 目錄時,意味著威脅行為者並未等待。這些漏洞已被武器化用於現實世界的攻擊,這使得修補工作從例行維護任務轉變為緊急的防禦行動。

受影響產品的範圍

本次更新涉及的技術橫跨網絡基礎設施、數據中心交換及瀏覽器生態系統——凸顯了威脅態勢的廣度:

  • Cisco Catalyst SD-WAN 是企業廣域網的基石,被全球組織用於管理分佈式基礎設施。其管理平面或控制平面中的可利用漏洞可能使攻擊者在整個企業網絡中獲得立足點。

  • Arista EOS 驅動著許多大型數據中心和雲環境中的交換基礎設施,包括一些全球最繁忙的網絡。該平台中的漏洞帶有顯著的橫向移動風險。

  • Google Chromium V8 ——作為 Chrome、Edge、Opera 及眾多其他瀏覽器核心的高性能 JavaScript 和 WebAssembly 引擎——代表了一個觸及數十億端點的攻擊面。V8 漏洞歷來是國家資助行為者和商業漏洞開發者的「寵兒」。

管理員應採取的措施

運行任何此類產品的組織應將此次 KEV 更新視為立即採取行動的呼召。建議步驟包括:

  1. 識別暴露情況——盤點您環境中所有受影響軟件和韌體版本的實例。
  2. 應用供應商修補程式——查閱 KEV 目錄中的具體 CVE 條目,獲取供應商公告和修復指南的鏈接。
  3. 監控入侵指標——鑑於已有確認的利用行為,防禦者應檢查日誌和網絡遙測數據,查找這些漏洞已被用於其基礎設施的跡象。
  4. 重新評估修補優先級——如果這些產品先前在修補排程中優先級較低,本次更新提供了將其提前的有力依據。

完整詳情,包括具體的 CVE 識別碼和修復截止日期,可在 CISA 的 KEV 目錄網站上查閱。建議安全團隊直接查閱相關條目,以獲取針對特定版本的指引。

新聞來源 / Original News Source