{"id":269511,"date":"2026-06-10T10:44:00","date_gmt":"2026-06-10T14:44:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/06\/10\/cisa-adds-cisco-chrome-and-arista-flaws-to-kev-catalog-amid-active-exploitation\/"},"modified":"2026-06-10T14:00:11","modified_gmt":"2026-06-10T18:00:11","slug":"cisa-adds-cisco-chrome-and-arista-flaws-to-kev-catalog-amid-active-exploitation","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/06\/10\/cisa-adds-cisco-chrome-and-arista-flaws-to-kev-catalog-amid-active-exploitation\/","title":{"rendered":"CISA Adds Cisco, Chrome, and Arista Flaws to KEV Catalog Amid Active Exploitation"},"content":{"rendered":"<p><a href=\"https:\/\/thehackernews.com\/2026\/06\/cisa-adds-cisco-chrome-and-arista-flaws.html\">CISA Adds Cisco, Chrome, and Arista Flaws to KEV Catalog Amid Active Exploitation<\/a><\/p>\n<p><a href=\"https:\/\/thehackernews.com\/2026\/06\/cisa-adds-cisco-chrome-and-arista-flaws.html\">https:\/\/thehackernews.com\/2026\/06\/cisa-adds-cisco-chrome-and-arista-flaws.html<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-06-10 10:44:00<\/a><\/p>\n<p>Source Domain: <a href=\"thehackernews.com\">thehackernews.com<\/a><\/p>\n<p><span class=\"p-author\">\ue804<span class=\"author\">Ravie Lakshmanan<\/span>\ue802<span class=\"author\">Jun 10, 2026<\/span><\/span><span class=\"p-tags\">Vulnerability \/ Network Security<\/span><\/p>\n<p>The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added three new vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, following reports of active exploitation.<\/p>\n<p>The list of vulnerabilities is as follows &#8211;<\/p>\n<ul>\n<li>CVE-2026-20245 (CVSS score: 7.8) &#8211; An improper encoding or escaping of output vulnerability in Cisco Catalyst SD-WAN Manager that could allow an authenticated, local attacker to execute arbitrary commands as root by supplying a crafted file to the affected system.<\/li>\n<li>CVE-2026-11645 (CVSS score: 8.8) &#8211; An out-of-bounds read and write vulnerability in Google Chrome V8 that could allow a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.<\/li>\n<li>CVE-2026-7473 (CVSS score: 6.9) &#8211; An incomplete comparison with missing factors vulnerability in Arista Extensible Operating System (EOS) that could be exploited to process non-configured tunnel traffic.<\/li>\n<\/ul>\n<h3>No Patch Planned for Exploited Arista EOS Flaw<\/h3>\n<p>&#8220;On affected platforms running Arista EOS where a tunnel decapsulation configuration &#8211; such as VXLAN (Virtual Extensible LAN), decap-groups, or a GRE (Generic Routing Encapsulation) tunnel interface &#8211; is present, the switch will incorrectly decapsulate and forward other unexpected tunneled packets with a destination IP matching its configured decapsulation IP,&#8221; Arista said.<\/p>\n<p>&#8220;This occurs because the switch does not verify the tunnel protocol type, potentially leading to the unexpected processing of non-configured tunnel traffic.&#8221;<\/p>\n<p>The security defect mainly impacts 7020R, 7280R\/R2, and 7500R\/R2 series products. However, for successful exploitation to occur, the device must be configured as a tunnel endpoint with a decapsulation IP, such as a VXLAN VTEP, a GRE tunnel endpoint, or with an IP decap-group.<\/p>\n<p>The network equipment company acknowledged that the vulnerability has been &#8220;reported as being exploited in the wild,&#8221; crediting&#8230;<\/p>\n<p><a href=\"https:\/\/thehackernews.com\/2026\/06\/cisa-adds-cisco-chrome-and-arista-flaws.html\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>CISA Adds Cisco, Chrome, and Arista Flaws to KEV Catalog Amid Active Exploitation https:\/\/thehackernews.com\/2026\/06\/cisa-adds-cisco-chrome-and-arista-flaws.html Publish&#8230;<\/p>\n","protected":false},"author":1,"featured_media":269512,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhyS_5xYGR8v-Lv2x6gLklggySrwxfhnOTIwaLNXWT0xCUHcG8742JNest-ScZPBIUEqChp4KxYPdOnrWOJUJ-Dcv1VYYBOGY6eMYgwOw5tIxBxD2RPbFM-xR05SpacfiwmIKeL6jAFpw8PScLXjV_gR9ZNRqQ8HmsOBAbom73N_i3JRkAsf-dZVoBpGVlI\/s1600\/cisaa.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[24,29,27],"class_list":["post-269511","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-cybersecurity","tag-network-security","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/269511"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=269511"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/269511\/revisions"}],"predecessor-version":[{"id":269513,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/269511\/revisions\/269513"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/269512"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=269511"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=269511"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=269511"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}