Cisco has revealed that a significant vulnerability in its widely used networking products has been exploited by hackers for over three years. This discovery has prompted urgent action from the U.S. government and its allies, urging organizations to enhance their cybersecurity measures.
The identified flaw, which carries a maximum vulnerability severity score of 10.0, enables cybercriminals to remotely infiltrate networks utilizing Cisco's Catalyst SD-WAN products. These systems are essential for large enterprises and government agencies that need to connect private networks across extensive distances.
By taking advantage of this vulnerability, hackers can obtain high-level permissions on these devices, allowing them to maintain covert access within a victim's network. This persistent access can facilitate data espionage or theft over extended periods.
After the bug's discovery, Cisco researchers traced its exploitation back to 2023, indicating that several affected organizations are part of critical infrastructure sectors. While Cisco did not disclose specific entities, "critical infrastructure" encompasses vital services like power grids, water supplies, and transportation systems.
In a collaborative alert, governments from Australia, Canada, New Zealand, the United Kingdom, and the United States have warned that threat actors are targeting organizations on a global scale.
In response to the imminent threat, the U.S. cybersecurity agency CISA mandated that all civilian federal agencies rectify their systems by the end of the week, citing an unacceptable risk to national security. Despite operating at reduced capacity due to a partial government shutdown, CISA acknowledged the ongoing exploitation of this vulnerability.
While neither Cisco nor the involved governments have linked the attacks to a specific threat group or nation-state, they have monitored a cluster of activities identified as UAT-8616.
In December, Cisco issued a warning regarding another vulnerability, also rated 10.0, in its Async software, which powers a majority of its products. This issue was actively being exploited to breach customer networks.
