Cisco Patches Critical SD‑WAN Zero‑Day; Active Exploits Target Unpatched Microsoft Exchange Server Flaw
What Happened — Cisco released an emergency patch for a critical zero‑day vulnerability in its SD‑WAN software that allowed unauthenticated remote code execution. At the same time, threat actors are actively exploiting an unpatched Microsoft Exchange Server flaw that enables credential theft and email data exfiltration.
Why It Matters for TPRM —
- Core networking and email services are common components of third‑party contracts; a breach can cascade to downstream customers.
- Unpatched vulnerabilities increase the likelihood of data loss, regulatory exposure, and service disruption across multiple supply‑chain tiers.
- Timely patch management is a key control in most vendor security frameworks; failure to remediate signals broader governance gaps.
Who Is Affected — Technology SaaS providers, cloud‑hosting firms, telecom operators, financial services, and any enterprise that relies on Cisco SD‑WAN or Microsoft Exchange for communications.
Recommended Actions —
- Verify that all Cisco SD‑WAN appliances are running the latest patched firmware.
- Apply Microsoft’s Exchange security updates immediately or deploy the recommended mitigations.
- Review vendor contracts for patch‑management obligations and enforce compliance deadlines.
- Run internal vulnerability scans to confirm no lingering exposures and update asset inventories.
Technical Notes — Cisco SD‑WAN CVE‑2026‑XXXX: remote code execution via crafted network packets; exploited through network‑level access. Microsoft Exchange CVE‑2025‑YYYY: privilege‑escalation and credential‑theft flaw; exploited via malicious web requests and phishing‑linked credential reuse. Attack vectors include vulnerability exploitation and stolen credentials. Potentially exposed data includes email contents, internal communications, and any attached PII. Source: Help Net Security