Cisco has reported that cybercriminals have been taking advantage of a flaw in one of its widely-used networking solutions for large corporations for a minimum of three years, leading the U.S. government and its allies to recommend organizations to implement protective measures.
This flaw, which has been rated with a maximum vulnerability severity score of 10.0, enables cybercriminals to remotely infiltrate networks utilizing its Catalyst SD-WAN systems, which assist large businesses and governmental bodies with multiple locations in connecting their private networks across extensive distances.
By leveraging this vulnerability over the internet, hackers can obtain the highest level of access to these devices and sustain covert ongoing access within a target’s network, permitting them to monitor or extract data over an extended timeframe.
Cisco indicated that after identifying the flaw, its analysts uncovered evidence of exploitation dating back to 2023. Some organizations affected are believed to be part of critical infrastructure. While the company did not disclose detailed information, “critical infrastructure” may encompass everything from electrical grids and water supply systems to the transportation industry.
Numerous governments, including those of Australia, Canada, New Zealand, the United Kingdom, and the United States, issued a notice warning that threat actors are targeting entities “globally.”
The U.S. cybersecurity agency CISA instructed all civilian federal agencies to update their systems by the end of Friday, referencing an imminent threat and unacceptable risk to the federal government. The federal cybersecurity institution, currently operating at a reduced capacity due to a partial government shutdown, acknowledged awareness of ongoing exploitation.
Neither Cisco nor the governmental agencies connected the attacks to a specific threat group or nation-state, if known, but monitored one cluster of activity designated as UAT-8616.
In December, Cisco cautioned about another similarly-rated 10.0 vulnerability in the Async software that operates the majority of its products, which was actively being exploited to penetrate its customer networks.