By therecord.media
Publication Date: 2025-11-12 21:34:00
Federal civilian agencies are not patching vulnerable Cisco devices sufficiently to protect themselves from an exploitation campaign that began in September, the Cybersecurity and Infrastructure Security Agency (CISA) warned Wednesday.
The agency issued an emergency directive in September about two bugs affecting Cisco firewall products that were being exploited by “an advanced threat actor.”
Federal civilian agencies were ordered to report back to CISA about their efforts to mitigate the two vulnerabilities impacting Cisco Adaptive Security Appliances.
OnWednesday, CISA said it has analyzed the data reported by agencies and has “identified devices marked as ‘patched’ in the reporting template, but which were updated to a version of the software that is still vulnerable to the threat activity outlined in the [emergency directive].”
“CISA is tracking active exploitation of these vulnerable versions in [Federal Civilian Executive Branch] agencies,” the directive…
