CISA Issues Emergency Directive Over Critical Vulnerability in Federal Network Equipment

The Cybersecurity and Infrastructure Security Agency has issued an emergency directive requiring all federal civilian agencies to patch a critical vulnerability in Cisco networking equipment within 48 hours. The flaw, tracked as CVE-2026-1847, carries a CVSS score of 9.8 and allows unauthenticated remote code execution on affected devices.

CISA confirmed that the vulnerability is being actively exploited in the wild, with at least three federal agencies reporting indicators of compromise. The affected devices include Cisco ASA firewalls and Firepower Threat Defense appliances widely deployed across government networks.

Cisco released an emergency patch on Monday and is urging all customers to apply it immediately. For organizations unable to patch within the mandated timeframe, CISA has provided interim mitigation guidance that includes disabling specific management interfaces and implementing additional access controls on affected devices.

CISA Issues Emergency Directive Over Critical Vulnerability in Federal Network Equipment

Share This Article

Related Articles

CISA Issues Emergency Directive Over Critical Microsoft Exchange Vulnerability

Pentagon Launches $2 Billion Cybersecurity Initiative to Protect Defense Supply Chain

CISA Mandates Zero Trust Architecture for All Federal Agencies by End of 2026