Cisco warns hackers have been exploiting critical flaw since 2023
What's the story
Cisco has revealed that a major security flaw in its Catalyst SD-WAN products has been exploited by hackers since 2023. The vulnerability, which carries a maximum severity score of 10.0, allows remote access to networks using these devices. This can give attackers the highest level of permissions and allow them to maintain hidden access within a victim's network for long periods.
Targeted technology
Catalyst SD-WAN products used to connect private networks
Cisco's Catalyst SD-WAN products are widely used by large enterprises and government agencies with multiple offices to connect their private networks over long distances. The company discovered the bug after its researchers traced evidence of exploitation back to 2023. Some of the affected organizations are said to be part of critical infrastructure, which could include anything from power grids and water supply systems to transportation networks.
International alert
Governments issue alerts, CISA mandates patching by Friday
Governments from Australia, Canada, New Zealand, the UK, and the US have issued an alert about the ongoing exploitation of this vulnerability. They warned that threat actors are targeting organizations "globally." The US Cybersecurity and Infrastructure Security Agency (CISA) has ordered all civilian federal agencies to patch their systems by Friday. This comes amid an imminent threat and an unacceptable risk to the federal government.
Attack origins
Attacks not linked to specific threat group or nation-state
Despite the widespread exploitation of this vulnerability, neither Cisco nor the governments have linked these attacks to a specific threat group or nation-state. However, one cluster of activity has been tracked as UAT-8616. Notably, in December last year, Cisco had warned about another similarly rated 10.0 vulnerability in the Async software that runs most of its products.