Cisco reports that hackers have been exploiting a vulnerability in one of its widely-used networking products for large enterprises for at least three years. This has led the U.S. government and allies to advise organizations to act swiftly.
The flaw, carrying a vulnerability severity score of 10.0, allows hackers to remotely infiltrate networks using its Catalyst SD-WAN products. These products enable extensive businesses and government entities with multiple locations to interlink their private networks over vast distances.
Using this flaw, hackers can obtain the highest level of permissions on the devices and maintain concealed access within a target’s network, enabling prolonged espionage or data theft.
Upon identifying the flaw, Cisco’s researchers uncovered exploitation evidence dating back to 2023. Some impacted entities reportedly involve critical infrastructure. While specifics weren’t provided, “critical infrastructure” could mean sectors like power grids, water supply, or transport.
Governments including those of Australia, Canada, New Zealand, the United Kingdom, and the United States issued a warning that global organizations are being targeted by threat actors.
The U.S. cybersecurity agency CISA directed all civilian federal bodies to update their systems by the end of Friday, citing an imminent threat and high risk to federal security. Despite operating at reduced capacity amid a partial government shutdown, the agency is aware of continuous exploitation activity.
Neither Cisco nor any government attributed the attacks to a specific threat actor or nation but identified a cluster of activity as UAT-8616.
Previously, in December, Cisco flagged a similar 10.0 vulnerability in Async software, used extensively across its products, which was actively exploited to breach customer networks.