CISA has added three vulnerabilities to its Known Exploited Vulnerabilities catalog, signaling active exploitation in the wild. The agency confirmed attackers are currently targeting flaws in Cisco, Google Chrome, and Arista Networks products.
CVE-2024-20245 affects Cisco Catalyst SD-WAN Manager with a CVSS score of 7.8. This improper encoding vulnerability in the output handling allows attackers to conduct cross-site scripting attacks. SD-WAN Manager controls software-defined wide area network traffic for enterprises, making it a high-value target for threat actors seeking network access and lateral movement.
Chrome and Arista products also appear on the latest KEV additions, though specific CVE identifiers and attack vectors require verification. Chrome vulnerabilities in particular command attention due to the browser's ubiquity across consumer and enterprise environments. Any flaw with active exploitation poses immediate risk to millions of users.
CISA's KEV catalog serves as a living record of vulnerabilities exploited by threat actors in active campaigns. Inclusion signals that patches exist and organizations must prioritize deployment. The agency uses this list to guide federal agencies on patching timelines, typically requiring fixes within 6 to 30 days depending on severity.
Organizations running Cisco Catalyst SD-WAN Manager should patch immediately. The vulnerability allows remote code execution potential through stored or reflected XSS attacks if proper input validation fails. Attackers can inject malicious scripts into network management interfaces, compromising the systems that control critical WAN infrastructure.
Enterprise security teams managing Chrome deployments should apply available patches across all endpoints. Arista customers operating network switches and routing equipment in data centers should review advisories specific to their product versions.
The timing matters here. CISA publicizing these flaws indicates threat actors have moved beyond proof-of-concept stages into operational attacks.