Back

CISA Identifies Critical Vulnerabilities in Cisco, Chrome, and Arista Products

Severity: High (Score: 69.9)

Sources: Feeds.4Sysops, Thehackernews

Published: 2026-06-10 · Updated: 2026-06-10

Keywords: flaws, cisco, cisa, exploited, chrome, arista, catalog

Severity indicators: flaw

Summary

The Cybersecurity and Infrastructure Security Agency (CISA) has added three new vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. These vulnerabilities affect Cisco Catalyst SD-WAN Manager, Google Chrome's V8 engine, and Arista Extensible Operating System. Federal agencies are required to implement necessary remediations or mitigations by June 23, 2026, to safeguard against active exploitation. The vulnerabilities are being actively exploited, highlighting the urgency for organizations to address these issues promptly. Specific CVEs have not been disclosed in the articles, but the affected systems are critical for many federal operations. The announcement emphasizes the importance of immediate action to prevent potential breaches. Key Points: • CISA has added vulnerabilities in Cisco, Chrome, and Arista products to its KEV catalog. • Federal agencies must implement remediations by June 23, 2026, to mitigate risks. • Active exploitation of these vulnerabilities has been confirmed, necessitating urgent action.

Detailed Analysis

**Impact** Federal agencies and organizations using Cisco Catalyst SD-WAN Manager, Google Chrome's V8 engine, and Arista Extensible Operating System are affected. The vulnerabilities are actively exploited, posing risks of unauthorized access or disruption. The scope includes critical infrastructure sectors reliant on these products, with potential operational and data compromise if unmitigated. The deadline for remediation is June 23, 2026. **Technical Details** The exploited flaws involve Cisco Catalyst SD-WAN Manager, Google Chrome V8 engine, and Arista EOS, though specific CVEs and malware/tools are not detailed. Attack vectors likely include remote exploitation via network or browser-based attacks targeting these components. The kill chain stage corresponds to exploitation and initial access. No IOCs or detailed TTPs are provided in the sources. **Recommended Response** Apply all available patches or mitigations for the affected Cisco, Chrome, and Arista products immediately, prioritizing federal agency environments. Confirm remediation before the June 23, 2026 deadline. Monitor network and endpoint logs for unusual activity related to these products. In absence of detailed IOCs, maintain heightened vigilance for exploitation attempts targeting these systems.

Source articles (2)

  • CISA Adds Cisco, Chrome, and Arista Flaws to KEV Catalog Amid Active Exploitation — Thehackernews · 2026-06-10
    Learn how to map hidden AI tools and agents directly to human owners. Join SailPoint to unify human, machine, and AI identities. Learn how to validate automated pentesting results for accurate securit…
  • CISA warns of exploited flaws in Cisco, Chrome, and Arista products — Feeds.4Sysops · 2026-06-10
    The Cybersecurity and Infrastructure Security Agency has expanded its Known Exploited Vulnerabilities catalog to include three new security flaws. These vulnerabilities affect Cisco Catalyst SD-WAN Ma…

Timeline

  • 2026-06-10 — CISA adds vulnerabilities to KEV catalog: CISA expands its KEV catalog to include flaws in Cisco, Chrome, and Arista products, urging immediate action.
  • 2026-06-10 — Federal agencies notified of active exploitation: CISA warns that the newly identified vulnerabilities are actively being exploited, requiring urgent remediation.

Related entities

  • Arista (Company)
  • Cisco (Company)
  • Arista Extensible Operating System (Platform)
  • Cisco Catalyst Sd-wan Manager (Platform)
  • Chrome (Tool)
  • Google Chrome (Tool)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed