PatchSiren cyber security CVE debrief
CVE-2022-20775 Cisco CVE debrief
CVE-2022-20775 is a Cisco SD-WAN path traversal vulnerability that CISA added to the Known Exploited Vulnerabilities catalog on 2026-02-25, with a mitigation due date of 2026-02-27. Because the supplied source corpus is limited to catalog and record metadata, this brief focuses on defensive prioritization: confirm whether any Cisco SD-WAN devices are exposed, follow Cisco’s official advisory and CISA’s Emergency Directive 26-03 and hunt-and-hardening guidance, and verify that any required mitigations are in place.
- Vendor
- Cisco
- Product
- SD-WAN
- CVSS
- Unknown
- CISA KEV
- Listed
- Original CVE published
- 2026-02-25
- Original CVE updated
- 2026-02-25
- Advisory published
- 2026-02-25
- Advisory updated
- 2026-02-25
Who should care
Network and security teams responsible for Cisco SD-WAN, incident response and threat hunting teams, vulnerability management, and any organization using Cisco SD-WAN devices or related cloud-managed services.
Technical summary
The available source data identifies the issue as a path traversal vulnerability in Cisco SD-WAN. The corpus does not include affected versions, CVSS scoring, or exploit mechanics, so no further technical detail should be assumed from this debrief. The key operational fact is CISA KEV inclusion, which indicates that organizations should treat exposure as time-sensitive and validate mitigations against Cisco’s official advisory and CISA guidance.
Defensive priority
High. KEV listing plus a near-term due date means this should be treated as an urgent remediation and exposure-validation item, even though the supplied corpus does not include severity scoring.
Recommended defensive actions
- Identify all Cisco SD-WAN devices, including cloud-managed deployments, and confirm whether they are in scope for the advisory.
- Review Cisco’s official SD-WAN advisory and CISA Emergency Directive 26-03 plus the hunt-and-hardening guidance.
- Apply vendor-recommended mitigations or compensating controls as directed by Cisco and CISA.
- Validate compliance with applicable BOD 22-01 guidance for cloud services; if mitigations are not available, follow the cited CISA direction regarding discontinuing use of the product.
- Perform authorized defensive hunting for suspicious access or compromise indicators.
- Track remediation status and retest exposure after changes are made.
Evidence notes
Source corpus is limited to the CISA KEV catalog entry, CVE record link, NVD detail link, and CISA guidance references embedded in the KEV metadata. The corpus identifies the vulnerability as a Cisco SD-WAN path traversal issue and records CISA dates of 2026-02-25 (date added) and 2026-02-27 (due date). No CVSS score, affected-version list, or exploit narrative was supplied, so those details are intentionally omitted.
Official resources
-
CVE-2022-20775 CVE record
CVE.org
-
CVE-2022-20775 NVD detail
NVD
-
CISA Known Exploited Vulnerabilities catalog
CISA - Please adhere to CISA’s guidelines to assess exposure and mitigate risks associated with Cisco SD-WAN devices as outlines in CISA’s Emergency Directive 26-03 (URL listed below in Notes) and CISA’s “Hunt & Hardening Guida
-
Source item URL
cisa_kev
CISA added CVE-2022-20775 to the Known Exploited Vulnerabilities catalog on 2026-02-25 and assigned a remediation due date of 2026-02-27. This debrief uses only the supplied source corpus and official links; it does not infer affected vers