Cisco said hackers have been exploiting a bug in one of its popular networking products used by large companies for at least three years, prompting the U.S. government and its allies to urge organizations to take action.
The bug, with a maximum rated vulnerability severity score of 10.0, allows hackers to remotely infiltrate networks running the company’s Catalyst SD-WAN products, allowing large enterprises and government agencies with multiple offices to connect over long distances to private networks.
By exploiting this bug over the Internet, hackers can gain the highest level of privileges on these devices, maintain persistent hidden access within the victim’s network, and spy on or steal data over an extended period of time.
After discovering the bug, Cisco announced that researchers traced evidence of the exploit as far back as 2023. Some of the affected organizations are said to be critical infrastructure. The company did not provide specifics, but “critical infrastructure” could mean anything from the power grid and water supply to the transportation sector.
Several governments, including Australia, Canada, New Zealand, the United Kingdom and the United States, have issued warnings that threat actors are targeting organizations “globally.”
The US cybersecurity agency CISA ordered all federal civilian agencies to patch their systems by the end of Friday, citing an imminent threat and unacceptable risk to the federal government. The Federal Cybersecurity Agency said it is currently operating at reduced capacity due to the partial government shutdown, but is aware that abuses continue.
Although neither Cisco nor the government believes the attacks are the work of a specific threat group or nation-state, we have tracked one cluster of activity as UAT-8616.
Cisco warned in December that a similar vulnerability, rated 10.0, existed in the Async software that runs most of its products and was being actively used to hack into customer networks.
Source link
