Government,
Industry Specific,
Network Firewalls, Network Access Control
CISA Discovers Agencies Misled About Cisco Patch Updates
The Cybersecurity and Infrastructure Security Agency (CISA) has raised alarms regarding critical vulnerabilities in Cisco devices, indicating that U.S. government agencies have inadequately addressed these risks. As stated by CISA, hackers pose a substantial threat to federal networks, highlighting failures in patching potentially exploitable software vulnerabilities.
In a recent guidance, the agency noted that numerous organizations mistakenly believed they had successfully implemented necessary updates. This misstep was confirmed through CISA’s announcement regarding an ongoing investigation into a hacking campaign referred to as “Arcane Door.” This campaign primarily targets Cisco adaptive security devices.
The vulnerabilities in question allow threat actors to breach restricted endpoints, enabling remote code execution. Gunter Ollman, CTO of Cobalt, explained that such compromises are particularly problematic as they provide a launch point that can circumvent numerous downstream defenses. Despite available patches, organizations still struggle to accurately measure the extent of their exposure in practical terms.
Current and former officials within the federal cybersecurity landscape indicate that the recent government shutdown, which was the longest in U.S. history, has further complicated the ability to respond to and mitigate these threats. This delay has raised significant concerns regarding federal cybersecurity preparedness.
Months following Cisco’s issuance of patches for vulnerabilities identified as CVE-2025-30333 and CVE-2025-20362, the urgency remains to disconnect unsupported devices and bolster security measures across all federal networks. CISA’s Chris Butera previously mentioned the presence of “hundreds” of affected devices within these networks.
CISA has yet to pinpoint the threat actor responsible for exploiting these vulnerabilities in federal settings. However, Palo Alto Networks’ Unit 42 has linked the attack to a suspected Chinese adversary known as Storm-1849, raising awareness about the international complexities surrounding cybersecurity threats.
To combat this ongoing risk, CISA has introduced temporary risk mitigation guidance tailored for federal agencies with vulnerable devices that have not yet been updated. This initiative aims to address the evolving threat landscape while ensuring federal entities take immediate action to protect their networks.
